Dear ALL, in my Library I have a LAN where my proxmox infrastructure runs, a DMZ and a public WIFI network. I would like to let our public kiosk to access to specific VM on proxmox (sort of VDI). I have experimented many solutions but the problem is still on secure side. I will try to explain with my last configuraton:
- proxmox nodes on LAN isolated from the rest of the world for security reason;
- nginx spice proxy (port 3128) on the DMZ that let access to specific VM via spice protocol - need to open an interzone firewall rule to let nginx access to 3128 proxy nodes on LAN;
- client on WIFI network that access to nginx proxy with another interzone firewall rule to let WIFI network access to 3128 nginx port;
It works.
The problem is to open a ticket on proxmox and get the .vv file. To do it I needed to open an interzone firewall rules relative to 8006 port to let nginx access to proxmox API and that is unsecure! Why proxmox do not separate the remote access to VM API from system management API? Is there a way to sperate? VPN is not applicable here.
Sorry for my english.
Regards.
- proxmox nodes on LAN isolated from the rest of the world for security reason;
- nginx spice proxy (port 3128) on the DMZ that let access to specific VM via spice protocol - need to open an interzone firewall rule to let nginx access to 3128 proxy nodes on LAN;
- client on WIFI network that access to nginx proxy with another interzone firewall rule to let WIFI network access to 3128 nginx port;
It works.
The problem is to open a ticket on proxmox and get the .vv file. To do it I needed to open an interzone firewall rules relative to 8006 port to let nginx access to proxmox API and that is unsecure! Why proxmox do not separate the remote access to VM API from system management API? Is there a way to sperate? VPN is not applicable here.
Sorry for my english.
Regards.