Embed Proxmox noVNC on external Website

[frox]

Hello,

i have searched for a long time, but have not found an answer for this problem.

The goal is to include a noVNC instance on a website where the virtual machines can be controlled. However, the Proxmox server should not be accessible from the outside, but only the page with the novnc viewer.

So the plan is to route the websocket connection from the Proxmox server including cookies to the server with the public website, so that the virtual machines can be controlled from there.

The authentication on the public website should be done by a token in the get-parameter, which will be compared with a database. A connection is then to be established to the corresponding virtual machine, which is linked to the token in the database.

I already have the basics with noVNC and the token authentication including the database.

Now the only question is how to implement the rest. Maybe someone of you has a clue and can give me some tips.


Greetings, frox

 

[SOLTECSIS - Carles Munyoz]

Proxmox allows the creation of restricted users with access to only one virtual machine.
Maybe you can achieve what you want to do easily using this and publishing access to the Proxmox UI.

 

[frox]

Nah, that isn't exactly what I wanted to avoid due to security concerns, besides everything except vnc is controlled by a dashboard using the proxmox api.

 

[SOLTECSIS - Carles Munyoz]

Ok, I understand.

 

[frox]

maybe someone other has a solution?

 

[rdpok]

This is my goal exactly as well, but have not found any simple way so far. I'd like to have a tab (a view) in my Home Assistant dashboard that would have an iframe to Proxmox's noVNC, providing quick access to a VM.

I have a user account and API Token for it set up with appropriate permissions to use that VM's console, and I can query stuff from the API using curl but that's where my skills end, unfortunately.

(Sorry to revive an ancient thread)

 

[mr44er]

From a security point, I would never route any (full)access into proxmox from another $SOMETHING at all. Home Assistant dashboard seems to run local without cloud, but it isn't automatically trustworthy.

I would install an extra instance of vnc/rdp into every vm for this purpose with maybe lowered access.

 

[rdpok]

But security points aside, you see that technically using Proxmox's noVNC would be possible somehow? From an iframe on another site, after getting the login token?

My Proxmox and Home Assistant installations are only for fun and games, and both strictly available in my home LAN only. Additionally, I have set a limited user account into Proxmox with only the privileges needed to use the VM console.

Currently I do use RDP/SSH to access the VM's but that is another software/app that needs to be used, when integrated noVNC would do just fine, requiring only a click on from Home Assistant dashboard.

 

[mr44er]

you see that technically using Proxmox's noVNC would be possible somehow? From an iframe on another site, after getting the login token?

When you watch a console session in the browser, on the upper right (between migrate and more), you can click console again. It will popup the novnc-session in a single browser windows. From there you can see and copy the 'raw' novnc link, should do the trick.

 

[rdpok]

https://10.100.1.2:8006/?console=kvm&novnc=1&vmid=100&vmname=myvmname&node=mynodename

I see, that seems simple enough. Now I just have to think of a way to set up the authentication cookie beforehand somehow, as entering that address just seems to yield "Error 401: No ticket". I recon there is no way to just insert my credentials or API Token into the url?
Probably need to head out to Home Assistant forums to see if there is some way to make it set a cookie before opening a link.