Console ends up with "connection timed out"

cyrenbyren

New Member
May 22, 2022
4
0
1
I'm using a single dns entry (as PVE is a consul service in my network), to point to all the nodes in my proxmox cluster. All of them have their own unique SSL certificate, but all of them also have a common name (let's call it pve.my.domain). Using this works great for everything but the console.

If I connect directly to a single node, the console works fine, so I suspect there is some type of security shenanigans on the browser side blocking the request from happening correctly.

Is there anything I can do to fix this? This has worked fine historically, and I can't say exactly when it started acting up, but I suspect within the last few updates at least.

EDIT: I'm using firefox, I'll add.
 
what exactly is the error you get from the console? anything in the task log?
 
The task log just says "Connection timed out", nothing else.

The console gives me this:
Code:
Firefox can’t establish a connection to the server at wss://pve.my.domain:8006/api2/json/nodes/pve-appliance01/qemu/1001/vncwebsocket?port=5900&vncticket=PVEVNC%longticketid.

WebSocket on-error event app.js:8936:11

Failed when connecting: Connection closed (code: 1006) app.js:9077:17
 
Last edited:
how exactly does this 'single domain' for all nodes work? do those resolve in a round-robin manner? do you have some reverse proxy?
in the latter case, did you configure websocket support there ?
 
I'm using consul for this. The "pve.my.domain" record resolve to every host in the dns, but not necessarily in a round robin fashion (as far as I know). There is no reverse proxy used, each host has a certificate that contains its own ip, its own host name and the "pve.my.domain" name.

The implication here is of course that any request will go to a (probably) random host. I don't know if it's something that proxmox does that complicates this, or if it's Firefox doing some weird caching of the resolved host that won't allow the browser to respond from a different ip. In Chrome this works fine.
 
Last edited:
i mean if every connection connects to a different host, this can trip up our websocket endpoint, since its expected that this happens on the same node as the initial connection
we open a proxy program to listen locally on some port, if the websocket connection then reaches another node, that will not be there...
 
Interesting. This sounds like the issue then. What chrome does then would be to cache the previous dns resolution so that it definitely will reach the same host, whereas firefox will resolve it every time. I'm assuming. Or maybe it rotates depending on the addresses it received and caches them. Either way, they do things differently.

So the only way to make this work with my current configuration would be to find a way to only resolve to a single ip (regardless of which one really, just one that is up), at least for a few seconds. As long as the websocket connection has time to establish.

Is there a way to direct where the proxy program starts up? Or rather, where it reports it back to the client where it is? Right now I'm assuming it just uses the same host as the request was directed to, but if i could force it to respond from the hostname of the server, that would also be an option.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!