Apache ProxyPass Proxmox WebUI - noVNC WebSockets

TJN

New Member
Feb 14, 2015
3
0
1
Hi,

I've managed to setup apache on one of my VMs to show the Proxmox WebUI on port 443. (https://example.com/proxmox/)

Everything works fine except for noVNC, when I try to connect I get a message saying "Server disconnection (code: 1006)" and in the Google Chrome developer console I receive:

Code:
WebSocket connection to 'wss://hostIP/api2/json/nodes/hostName/qemu/100/vncwebsocket?port=5900&vncticket=PVEVNC%.....' failed: Error during WebSocket handshake: Unexpected response code: 200

When I use noVNC normally through the :8006 WebUI I noticed that it connects the WebSocket to port 8006.

Code:
wss://hostIP[B]:8006[/B]/api2/json/nodes/hostName/qemu/100/vncwebsocket?port=5900&vncticket=PVEVNC......

So I understand that I need to proxy the WebSocket to port 8006 but everything I try doesn't seem to work. I've never Proxied a WebSocket so I have no idea if what I have in my config should work, any help would be great!

Here are the relevant parts of my apache config:

Code:
(I've enabled the mods: proxy, proxy_http and proxy_wstunnel)

        ProxyPass /wss/ wss://192.168.1.1:8006/
        ProxyPassReverse /wss/ wss://192.168.1.1:8006/


        ProxyPass /proxmox/ https://192.168.1.1:8006/
        ProxyPassReverse /proxmox/ https://192.168.1.1:8006/


        ProxyPass /pve2/ https://192.168.1.1:8006/pve2/
        ProxyPassReverse /pve2/ https://192.168.1.1:8006/pve2/


        ProxyPass /api2/ https://192.168.1.1:8006/api2/
        ProxyPassReverse /api2/ https://192.168.1.1:8006/api2/


        ProxyPass /novnc/ https://192.168.1.1:8006/novnc/
        ProxyPassReverse /novnc/ https://192.168.1.1:8006/novnc/


        ProxyPass /vncterm/ https://192.168.1.1:8006/vncterm/
        ProxyPassReverse /vncterm/ https://192.168.1.1:8006/vncterm/

Thanks!
 
Update:
Ended up using nginx to proxy the WebUI instead, and then another proxy to point to the Apache webserver.

This is the config that works for me on nginx (/etc/nginx/sites-enabled/default):

Code:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}


server {
        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/ssl/nginx/bundle.crt;
        ssl_certificate_key /etc/ssl/nginx/ssl.key;


        server_name nginx.domain;


        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_pass https://x.x.x.x:8006;
        }
}
 
This is my Apache-setup, that works just fine;

Code:
# enable modules
a2enmod proxy
a2enmod proxy_html
a2enmod proxy_http
a2enmod proxy_wstunnel

# vhost config
<VirtualHost *:80>
        ServerAdmin foo@bar
        ServerName foo.bar


        RewriteEngine   On
        RewriteCond     %{HTTPS} off
        RewriteRule     (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>


<VirtualHost *:443>
        ServerAdmin foo@bar
        ServerName foo.bar


        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/somecert.crt
        SSLCertificateKeyFile /etc/apache2/ssl/somekey.key
    SSLCertificateChainFile /etc/apache2/ssl/someca.pem


    ErrorLog /var/log/apache2/error-foo.bar.log
        CustomLog /var/log/apache2/access-foo.bar.log combined
    
    ProxyRequests         Off
    ProxyPreserveHost     On
    SSLProxyEngine         On
    SSLProxyVerify        none 
    SSLProxyCheckPeerCN    off
    SSLProxyCheckPeerName    off
    SSLProxyCheckPeerExpire    off


    <Location />
        AuthType Basic
                AuthUserFile /srv/vhosts/htpasswd/div
                AuthName "Please log in with a valid user"
        require user foo


        ProxyPass https://10.10.10.10:8006/ retry=0
        ProxyPassReverse https://10.10.10.10:8006/


        # Websocket
        ProxyPass wss://10.10.10.10:8006/ retry=0
        ProxyPassReverse wss://10.10.10.10:8006/
    </Location>


    # default
    DocumentRoot /srv/vhosts/default/
    <Location /srv/vhosts/default/>
                SSLRequireSSL
                Options +Indexes +FollowSymLinks +MultiViews
                AllowOverride None
                Require all granted
        </Location>
</VirtualHost>
 
Interesting, especially rever proxying the web socket.
 
Interesting, especially rever proxying the web socket.

Not really. It's basically exactly what the nginx config above does, specifically this part;
Code:
       proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!