Apache ProxyPass Proxmox WebUI - noVNC WebSockets

T

TJN

New Member
Feb 14, 2015
3
0
1
Hi,

I've managed to setup apache on one of my VMs to show the Proxmox WebUI on port 443. (https://example.com/proxmox/)

Everything works fine except for noVNC, when I try to connect I get a message saying "Server disconnection (code: 1006)" and in the Google Chrome developer console I receive:

Code: 
WebSocket connection to 'wss://hostIP/api2/json/nodes/hostName/qemu/100/vncwebsocket?port=5900&vncticket=PVEVNC%.....' failed: Error during WebSocket handshake: Unexpected response code: 200

When I use noVNC normally through the :8006 WebUI I noticed that it connects the WebSocket to port 8006.

Code: 
wss://hostIP[B]:8006[/B]/api2/json/nodes/hostName/qemu/100/vncwebsocket?port=5900&vncticket=PVEVNC......

So I understand that I need to proxy the WebSocket to port 8006 but everything I try doesn't seem to work. I've never Proxied a WebSocket so I have no idea if what I have in my config should work, any help would be great!

Here are the relevant parts of my apache config:

Code: 
(I've enabled the mods: proxy, proxy_http and proxy_wstunnel)

        ProxyPass /wss/ wss://192.168.1.1:8006/
        ProxyPassReverse /wss/ wss://192.168.1.1:8006/


        ProxyPass /proxmox/ https://192.168.1.1:8006/
        ProxyPassReverse /proxmox/ https://192.168.1.1:8006/


        ProxyPass /pve2/ https://192.168.1.1:8006/pve2/
        ProxyPassReverse /pve2/ https://192.168.1.1:8006/pve2/


        ProxyPass /api2/ https://192.168.1.1:8006/api2/
        ProxyPassReverse /api2/ https://192.168.1.1:8006/api2/


        ProxyPass /novnc/ https://192.168.1.1:8006/novnc/
        ProxyPassReverse /novnc/ https://192.168.1.1:8006/novnc/


        ProxyPass /vncterm/ https://192.168.1.1:8006/vncterm/
        ProxyPassReverse /vncterm/ https://192.168.1.1:8006/vncterm/

Thanks!
 
Update:
Ended up using nginx to proxy the WebUI instead, and then another proxy to point to the Apache webserver.

This is the config that works for me on nginx (/etc/nginx/sites-enabled/default):

Code: 
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}


server {
        listen 443 ssl;
        ssl on;
        ssl_certificate /etc/ssl/nginx/bundle.crt;
        ssl_certificate_key /etc/ssl/nginx/ssl.key;


        server_name nginx.domain;


        location / {
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
                proxy_pass https://x.x.x.x:8006;
        }
}
 
This is my Apache-setup, that works just fine;

Code: 
# enable modules
a2enmod proxy
a2enmod proxy_html
a2enmod proxy_http
a2enmod proxy_wstunnel

# vhost config
<VirtualHost *:80>
        ServerAdmin foo@bar
        ServerName foo.bar


        RewriteEngine   On
        RewriteCond     %{HTTPS} off
        RewriteRule     (.*) https://%{HTTP_HOST}%{REQUEST_URI}
</VirtualHost>


<VirtualHost *:443>
        ServerAdmin foo@bar
        ServerName foo.bar


        SSLEngine On
        SSLCertificateFile /etc/apache2/ssl/somecert.crt
        SSLCertificateKeyFile /etc/apache2/ssl/somekey.key
    SSLCertificateChainFile /etc/apache2/ssl/someca.pem


    ErrorLog /var/log/apache2/error-foo.bar.log
        CustomLog /var/log/apache2/access-foo.bar.log combined
    
    ProxyRequests         Off
    ProxyPreserveHost     On
    SSLProxyEngine         On
    SSLProxyVerify        none 
    SSLProxyCheckPeerCN    off
    SSLProxyCheckPeerName    off
    SSLProxyCheckPeerExpire    off


    <Location />
        AuthType Basic
                AuthUserFile /srv/vhosts/htpasswd/div
                AuthName "Please log in with a valid user"
        require user foo


        ProxyPass https://10.10.10.10:8006/ retry=0
        ProxyPassReverse https://10.10.10.10:8006/


        # Websocket
        ProxyPass wss://10.10.10.10:8006/ retry=0
        ProxyPassReverse wss://10.10.10.10:8006/
    </Location>


    # default
    DocumentRoot /srv/vhosts/default/
    <Location /srv/vhosts/default/>
                SSLRequireSSL
                Options +Indexes +FollowSymLinks +MultiViews
                AllowOverride None
                Require all granted
        </Location>
</VirtualHost>
 
Interesting, especially rever proxying the web socket.
 
manu said:
Interesting, especially rever proxying the web socket.
Click to expand...

Not really. It's basically exactly what the nginx config above does, specifically this part;
Code: 
       proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection $connection_upgrade;
 
You must log in or register to reply here.
Top Bottom