Enable PM HTTPS GUI on another interface / network (easiest way?)

[mailinglists]

Hi,

I have PM cluster on private network. While I can enable access using DNAT or VPN with a VM running on this cluster or another that can reach this PM private network, I still wonder what is the easiest solution to make https GUI available on another (WAN) interface?

Maybe I can just define network settings (IPs) on WAN bridge, but will PMs HTTPs GUI at port 8006 automatically start to listen on it? I guess not.
Can I change it somewhere to do so and in a manner that will persist even after PM updates?

All ideas welcome.

 

[guletz]

Hi @mailinglists

HAProxy could be used(listen on WAN iface/IPaddress on port xxx in tcp mode, and use as backend your PMX web-interface for each of your nodes ).
For sure, it will persist even after PM updates



listen PROXMOX_tcp_SSL_8006 what-ever-ip:xxx
maxconn 15
mode tcp
option tcplog
server node_1 192.168.x.y1:8006 check rise 2 fall 3
server node_2 192.168.x.y2:8006 check rise 2 fall 3 backup
server node_3 192.168.x.y3:8006 check rise 2 fall 3 backup
....
server node_N 192.168.x.yN:8006 check rise 2 fall 3 backup


... and make a smart firewall rule for ONLY your ACCESS to what-ever-ip port xxx(port-knoking, fixed IP, ddns ??? )!


-
Good luck

 

[mailinglists]

Hi @guletz, that is a good idea.
And you even gave me an example config. Such a nice guy you are. Tnx!

 

[guletz]

Such a nice guy you are

.... in reality I am a very ugly guy

Thx. anyway for your kindly words!

Good luck!