How can I connect to Proxmox VE Browser GUI via 443 instead of 8006?

naupe

Member
Apr 8, 2019
36
4
13
38
Hello Proxmox Community,

I have a Proxmox 5.4-15 Server (I would like to update to Proxmox VE 6, but I'm not sure what I need to do for this to occur, and is probably best asked in a different Topic). Currently, to connect to the Browser GUI I have to include this full URL address:
https://pve.mydomain.com:8006#v1:0:=node/pve:4::::::

What would I need to do so I can just load the Proxmox VE Browser GUI using this URL?
https://pve.mydomain.com/

I assume I need to redirect 443 to 8006? And if so, how? Would this cause connection issues?
 
Wow, thank you for the fast reply @tom !

Before I get started on setting this up, I have a couple questions for you Tom:

1. I have an Nginx VM setup that is Reverse Proxying several other VMs on my Proxmox Server. Could Nginx on Proxmox cause problems with the Nginx VM?
2. Do I need to do anything on the Router connected to my Proxmox Server?
 
1. I have an Nginx VM setup that is Reverse Proxying several other VMs on my Proxmox Server. Could Nginx on Proxmox cause problems with the Nginx VM?
If the NGINX in the VM is listening on a different IP address than the Proxmox VE host itself this shouldn't be a problem.
 
@aaron so I just finished the nginx -t step of the article you just linked me:
Code:
root@pve:/etc/nginx/sites-enabled# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Before I perform systemctl restart nginx, can I ensure that I won't lose access to the Proxmox GUI when I go to https://pve.mydomain.com:8006#v1:0:=node/pve:4:::::: ? And can I ensure that I won't lose the ability to SSH to my Proxmox Server?

On the paranoid side, in case I made any mistakes with the Nginx settings. Also curious what the following means in the guide:
ensure that nginx gets only started after the certificates are available

How can I ensure that my Proxmox Certificate (/etc/pve/local/pve-ssl.pem) and Key (/etc/pve/local/pve-ssl.key) are up-to-date? Right now, when I go to https://pve.mydomain.com:8006#v1:0:=node/pve:4:::::: , I'm told the Connection isn't secure. I worry the Certificates aren't up-to-date. What can I do to renew my Proxmox Certificates?
 
Last edited:
@aaron so I just finished the nginx -t step of the article you just linked me:
Code:
root@pve:/etc/nginx/sites-enabled# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Before I perform systemctl restart nginx, can I ensure that I won't lose access to the Proxmox GUI when I go to https://pve.mydomain.com:8006#v1:0:=node/pve:4:::::: ? And can I ensure that I won't lose the ability to SSH to my Proxmox Server?
[...]

nginx isn't used directly by the Proxmox GUI; it only exists as a kind of overlay. The only way you'd lose access to the Proxmox GUI or SSH is if you configured nginx to use port 8006 or 22 (which would be basically impossible following the instructions above), and even then restarting nginx wouldn't cause any immediate access problems because those port are already in use (although you might run into issues the next time you reboot the PVE host).

Think of it this way: the first step of those instructions was installing nginx, which means that up until now nginx was so stopped that it wasn't even installed! :)

[...]
How can I ensure that my Proxmox Certificate (/etc/pve/local/pve-ssl.pem) and Key (/etc/pve/local/pve-ssl.key) are up-to-date? Right now, when I go to https://pve.mydomain.com:8006#v1:0:=node/pve:4:::::: , I'm told the Connection isn't secure. I worry the Certificates aren't up-to-date. What can I do to renew my Proxmox Certificates?

The security warning you see in your browser doesn't say anything about an expired certificate; it's warning you that the certificate isn't signed by a trusted Certificate Authority. You can get more details here, but basically this is because, by default, PVE generates its own security certificates and signs them with its own CA. This is a good thing because it allows PVE take care of its own certificate management, but it does mean that that default certificates will throw a warning without further configuration.

-Russ