HAProxy roundrobin on PVE GUI throws 'no ticket' error

justjosh

Member
Nov 4, 2019
93
0
11
58
Hi all,

I've setup a HAProxy balance roundrobin on the PVE HVs and I'm getting the following error after logging in successfully. Anyone has a successful config?

"Connection error 401: No ticket"

Thanks!
 
Hi,

I guess the problem is you do not stay on the same node after you login.
There is no cluster-wide login.
 
Hi,

I guess the problem is you do not stay on the same node after you login.
There is no cluster-wide login.
Actually, I've noticed that an authenticated session actually persists across different nodes.
Anyway, I've also managed to find a workaround for the ticket issue, I've ditched HAProxy and setup a nginx roundrobin reverse proxy with keepalive 1.
 
Better late than never. I registered just to leave the solution to this here since this is the first thread that appears when searching for this problem.
Please note that I configured this in OPNSense so it may not be exactly like your case but it should at least provide some guidance:

  1. Navigate to the Services menu, and then click on HAProxy.
  2. Switch to the Real Servers
  3. Configure the Real Server (server address and server port), on the Common Options enable SSL!
  4. Switch to the Backend Pools in the Virtual Services tabs
  5. Create a new backend and configure it with the following settings:
    • Name: Enter a descriptive name for the backend (Proxmox_Backend).
    • Mode: Select "HTTP (Layer 7)" from the dropdown list.
    • Balance Algorithm: Select "Static Round Robin" from the dropdown list.
    • Server: The real server you created previously
    • Enable HTTP2/S

      Save
  6. Scroll down to the "Advanced settings" section (there's a toggle button on the top left corner for enabling advanced mode).
  7. In the "Advanced pass thru" text box, add the following line (this is basically the keepalive 1 in NGinx):

    http-reuse always

  8. Switch to the Public Services on the Virtual Services tab
  9. Add your servers to the frontend (Public Service) by with the following settings:
    • Name: Enter a descriptive name for the server (Proxmox_Frontend).
    • Listen address: Enter the "IP address : port" or "hostname : port" (without the spaces) of the server, in my case this is a Virtual IP that I created to access Proxmox from other subnet.
    • Type: HTTP / HTTPS (SSL Offloading)
    • Default Backend Pool: Proxmox_Backend
    • Enable SSL Offloading
    • Choose a Certificate (could be any of the existing ones)
    • Enable HTTP/2

      Save
  10. Navigate to the top of the HAProxy page and click on "Apply changes" to apply the new settings and restart the HAProxy service.

Now, HAProxy will use a round-robin balancing algorithm and reuse connections for multiple requests and it should no longer show the "Connection error 401: No ticket" error.

Hope this helps someone.
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!