Enable PM HTTPS GUI on another interface / network (easiest way?)

mailinglists

Renowned Member
Mar 14, 2012
641
66
93
Hi,

I have PM cluster on private network. While I can enable access using DNAT or VPN with a VM running on this cluster or another that can reach this PM private network, I still wonder what is the easiest solution to make https GUI available on another (WAN) interface?

Maybe I can just define network settings (IPs) on WAN bridge, but will PMs HTTPs GUI at port 8006 automatically start to listen on it? I guess not.
Can I change it somewhere to do so and in a manner that will persist even after PM updates?

All ideas welcome.
 
Hi @mailinglists

HAProxy could be used(listen on WAN iface/IPaddress on port xxx in tcp mode, and use as backend your PMX web-interface for each of your nodes ).
For sure, it will persist even after PM updates



listen PROXMOX_tcp_SSL_8006 what-ever-ip:xxx
maxconn 15
mode tcp
option tcplog
server node_1 192.168.x.y1:8006 check rise 2 fall 3
server node_2 192.168.x.y2:8006 check rise 2 fall 3 backup
server node_3 192.168.x.y3:8006 check rise 2 fall 3 backup
....
server node_N 192.168.x.yN:8006 check rise 2 fall 3 backup


... and make a smart firewall rule for ONLY your ACCESS to what-ever-ip port xxx(port-knoking, fixed IP, ddns ??? )!


-
Good luck
 
  • Like
Reactions: mailinglists

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!