[TUTORIAL] How to set up noVNC on a web application.

parrotassassin15 · Mar 5, 2023

A little back story I have had many issues with setting up noVNC after countless hours of research I finally got everything working as designed. I would like to post a quick walkthrough of how I did this so people in the future will have less issues.

I am using the following API Wrapper for this: https://github.com/zzantares/ProxmoxVE

Here is a high-level overview of what we are going to do:

install the Api wrapper on our host system.
add an Api user and make sure this user has the proper permissions.
create functions to preview your VNC on pages of your choice.
Iframe the VNC instance on the web application

This set up may not work for you, if this is the case then reply in this thread and I will help you out. There may need to be a few changes that you need to make for your particular set up.

Here is how to create a new user with the perms needed for VNC: ( click on the datacenter and then click on users )

Add user by clicking here:

We then need to make sure there is a password for this new user that we created so here is what I personally like to do for that:

Then we can just add a new user here with a strong password ( be mindful of special chars as this proxmox wrapper does not like these chars: '&$'. )

Bash:

adduser api

Then we need to replicate this on the datacenter:

Click on the new user that was created and then click on password:

Make sure you enter the same password that you entered in the host systems shell prompt.

Then we need to make sure that this new user has the perms needed for this:

( create a resource pool for our resources we want to give to the api user )

Then we just need to name it you can name it anything you want.

Once we have this then we can add resources to this pool:

Click virtual machines so we can add single machines in bulk:

Then just simply add the machines you want the Api user to be able to access

Lastly, we can add the proper perms to the user:

File system structure:

--- VNC_API:
- vm_functions.php
- preview_vnc.php

Wrapper Install:

Bash:

composer require zzantares/proxmoxve ~4.0

FILE: vm_functions.php

PHP:

require 'vendor/autoload.php';

use ProxmoxVE\Proxmox;
use GuzzleHttp\Client;

function PreviewVnc($vmID, $nodeid) {
    // pass in the vmid and nodeid from the functions above
    $node = $nodeid;
    $vmid = $vmID;

    // set up the proxmox creds and login
    $credentials = [
        'hostname' => 'proxmox-domain', // Also can be an IP
        'username' => 'api',
        'password' => 'password',
    ];

    $host = $credentials['hostname'];

    $proxmox = new Proxmox($credentials);

    if ($login = $proxmox->login()) {
      
        $ticket = $login->getTicket();
    
        $config = $proxmox->create("/nodes/$node/qemu/$vmid/vncproxy", [
            'websocket' => 1, // Start websocket proxy
        ]);


        $websock = $proxmox->get("/nodes/$node/qemu/$vmid/vncwebsocket", [
 
            'vncticket' => $config['data']['ticket'],
            'port' => $config['data']['port']
        ]);



        $src_href = 'https://'.$host.':8006/?console=kvm&novnc=1&node='.$node.'&resize=1&vmid='.$vmid.'&path=api2/json/nodes/'.$node.'/qemu/'.$vmid.'/vncwebsocket/port/'.$config['data']['port'].'"/vncticket/"'.$ticket;
        echo '<iframe src="'.$src_href.'" frameborder="0" scrolling="no" width="100%" height="100%"></iframe>';
    }
}

?>

FILE: preview_vnc.php

Code:

require 'vm_functions.php';

$vmid = 100;
$node = 'proxmox';

PreviewVnc($vmid, $node);

If all goes well you should now have a VNC instance running on preview_vnc.php

alexo · Mar 12, 2023

Error 401 No ticket

https://myhostip:8006/?console=kvm&...n/nodes/s123/qemu/9505/vncwebsocket/port/5900"/vncticket/"PVE:root@pam:640D7AAD::S/gwT/TL7fGdfC+eVraLJZ3JmvUhKtxFxxWFAJG42Q2FPjMUXWZVBjN5Rn39olTwjIgiuiHCnfrSAd7Jgml/bUSZQ7v/M0lodhlfB96MnGE7ObLJixuldTxDVgf7giDxLiK+UL/ThVPs6darIeZniMN5kaGMXnspywv9u9o/qqW9/EJv0XQECM2u+8Rb4bTMlbVqfc0auX43dW/SqjoCdpINEfdMYAiMGpqInannQdvGG/gnPzrBxe3J3TWbtgAloJB0nZZM27LI53TdIFUdj313sUVBjPxEXOHIL7AB0SOvM7TXC9ejqzABH/PBh3YY2lP0WwIvldQQlRXTmg1omQ=="

parrotassassin15 · Mar 12, 2023

alexo said:
Error 401 No ticket

https://myhostip:8006/?console=kvm&...n/nodes/s123/qemu/9505/vncwebsocket/port/5900"/vncticket/"PVE:root@pam:640D7AAD::S/gwT/TL7fGdfC+eVraLJZ3JmvUhKtxFxxWFAJG42Q2FPjMUXWZVBjN5Rn39olTwjIgiuiHCnfrSAd7Jgml/bUSZQ7v/M0lodhlfB96MnGE7ObLJixuldTxDVgf7giDxLiK+UL/ThVPs6darIeZniMN5kaGMXnspywv9u9o/qqW9/EJv0XQECM2u+8Rb4bTMlbVqfc0auX43dW/SqjoCdpINEfdMYAiMGpqInannQdvGG/gnPzrBxe3J3TWbtgAloJB0nZZM27LI53TdIFUdj313sUVBjPxEXOHIL7AB0SOvM7TXC9ejqzABH/PBh3YY2lP0WwIvldQQlRXTmg1omQ=="

Hey, so there are two different kinds of tickets there is a VNC ticket and a PVE ticket make sure you are passing the right ticket to the right place. It looks like you are using a PVE ticket to login to the VNC when you need to be using a VNCPVE ticket.

'vncticket' => $config['data']['ticket'], <---- this portion of the code grabs the vnc ticket

the main difference between the two is the PVE ticket authenticates the entire server and the vnc ticket just authenticates the vnc proxy. I hope this helps if you still have trouble let me know.

alexo · Mar 12, 2023

And I just took your code

parrotassassin15 · Mar 12, 2023

alexo said:
And I just took your code

well, everyone's set up is going to be a little bit different this just goes over the basics of how to set it up. My code should work in theory as it does work on my end. In some cases you may need to have a get access token function that will get a certain ticket to auth with like this:

PHP:

function getAT() {
    $credentials = [
        'hostname' => 'domain.com',  // Also can be an IP
        'username' => 'apiuser',
        'password' => 'pass123',
    ];
    $proxmox = new Proxmox($credentials);
    if ($login = $proxmox->login()) {
        $ticket = $login->getTicket();
        return $ticket;
    }
    return null;

    $getTicket = $proxmox->get("/ticket");

}

alexo · Mar 12, 2023

PHP:

<?php
require 'vendor/autoload.php';
use ProxmoxVE\Proxmox;
use GuzzleHttp\Client;
function PreviewVnc($vmID, $nodeid) {
    // pass in the vmid and nodeid from the functions above
    $node = $nodeid;
    $vmid = $vmID;
    // set up the proxmox creds and login
    $credentials = [
        'hostname' => '123.123.12.12', // Also can be an IP
        'username' => 'root',
        'password' => 'mypassword',
    ];
    $host = $credentials['hostname'];
    $proxmox = new Proxmox($credentials);
    if ($login = $proxmox->login()) {
      
        $ticket = $login->getTicket();
    
        $config = $proxmox->create("/nodes/$node/qemu/$vmid/vncproxy", [
            'websocket' => 1, // Start websocket proxy
        ]);


        $websock = $proxmox->get("/nodes/$node/qemu/$vmid/vncwebsocket", [
 
            'vncticket' => $config['data']['ticket'],
            'port' => $config['data']['port']
        ]);




        $src_href = 'https://'.$host.':8006/?console=kvm&novnc=1&node='.$node.'&resize=1&vmid='.$vmid.'&path=api2/json/nodes/'.$node.'/qemu/'.$vmid.'/vncwebsocket/port/'.$config['data']['port'].'"/vncticket/"'.$config['data']['ticket'];
        echo '<iframe src="'.$src_href.'" frameborder="0" scrolling="no" width="100%" height="100%"></iframe>';
    }
}
?>

Now I changed it to $config['data']['ticket'], it didn 't help

alexo · Mar 12, 2023

parrotassassin15 said:
well, everyone's set up is going to be a little bit different this just goes over the basics of how to set it up. My code should work in theory as it does work on my end. In some cases you may need to have a get access token function that will get a certain ticket to auth with like this:

PHP:

function getAT() { $credentials = [ 'hostname' => 'domain.com', // Also can be an IP 'username' => 'apiuser', 'password' => 'pass123', ]; $proxmox = new Proxmox($credentials); if ($login = $proxmox->login()) { $ticket = $login->getTicket(); return $ticket; } return null; $getTicket = $proxmox->get("/ticket"); }

Server error: `GET https://123.123.12.12:8006/api2/json/ticket` resulted in a `501 Method 'GET /ticket' not implemented` response: {"data":null}

alexo · Mar 12, 2023

alexo said:

PHP:

<?php
require 'vendor/autoload.php';
use ProxmoxVE\Proxmox;
use GuzzleHttp\Client;
function PreviewVnc($vmID, $nodeid) {
    // pass in the vmid and nodeid from the functions above
    $node = $nodeid;
    $vmid = $vmID;
    // set up the proxmox creds and login
    $credentials = [
        'hostname' => '123.123.12.12', // Also can be an IP
        'username' => 'root',
        'password' => 'mypassword',
    ];
    $host = $credentials['hostname'];
    $proxmox = new Proxmox($credentials);
    if ($login = $proxmox->login()) {
     
        $ticket = $login->getTicket();
   
        $config = $proxmox->create("/nodes/$node/qemu/$vmid/vncproxy", [
            'websocket' => 1, // Start websocket proxy
        ]);


        $websock = $proxmox->get("/nodes/$node/qemu/$vmid/vncwebsocket", [
 
            'vncticket' => $config['data']['ticket'],
            'port' => $config['data']['port']
        ]);




        $src_href = 'https://'.$host.':8006/?console=kvm&novnc=1&node='.$node.'&resize=1&vmid='.$vmid.'&path=api2/json/nodes/'.$node.'/qemu/'.$vmid.'/vncwebsocket/port/'.$config['data']['port'].'"/vncticket/"'.$config['data']['ticket'];
        echo '<iframe src="'.$src_href.'" frameborder="0" scrolling="no" width="100%" height="100%"></iframe>';
    }
}
?>

Now I changed it to $config['data']['ticket'], it didn 't help

https://123.123.12.12:8006/?console.../nodes/s3356/qemu/9803/vncwebsocket/port/5900"/vncticket/"PVEVNC:640E5602::ZcxySe36YkbisxgRfXs3zqEMGO54zUXP1HdPMJKDjkZ7u7FaUdVYFMS9txDE1h2LVCnSsnZiV0tQzBd4zF4mue8A7evGajTMRoPGJSAsb73QSD8jW3je2bbxLokCqj/o8PzCyRh7yL/4gc3boELBkfsD3awcJKpfuT1zxMFckBMxESRRgog2bn4g9TmtMc8yqnZnViKm0rpaQZ7XVyOmV4LHP9336Ps/Dnh0naMByjTzoLaNw4++1IukrXIRAoDnJ1AvOdS5DPJZuwrCUawvjkSUTgyF7Nj9D/94uC5Z7LipKV9TNOXAq4K+5v8fK0B+UBj+DaibjDfjEbaRGeEF4A==

alexo · Mar 13, 2023

Apparently, I'm doing something wrong.

MatthieuLAURENT39 · Mar 16, 2023

Could you get it to work in the end? I'm also getting a 401 No Ticket error even though i'm using the VNC ticket.
My url looks like this:

Code:

https://172.17.50.250:8006/?console=kvm&novnc=1&node=mynodename&resize=1&vmid=103&path=api2/json/nodes/mynodename/qemu/103/vncwebsocket/port/5900/"vncticket"/PVEVNC%3A64130932%3A%3Adn%2BOzhoQtfRvVKfxd%2F%2BxE9IbBIwegHihcg8IZ2YRce%2BQrRGHcXtFQRr1QSmOMCyJrgzPiHGdu%2Bv0WZmhqK6ablXIsj%2FEY1f%2BVma2Fkp%2FH9A0pvkoQxcMYayLDwZPIFQYAcf%2BLzmQNybVKdGQgCY%2FB%2Bib1abUaohbRWbBUZq6y8CS1S6y8u6DBSf5jp7zc6wugpr3AOWtj%2BpTCtZZWwCChE1t2CyFVF78hAQB%2F1BCPYFx9%2B%2FuEgdKv0s4Vzr%2BHXOQnXy%2F64G55lOcnz6ewIp6v0twwxr1i%2FjD6jmqZ9BBgWgMfzQaiUCLilSA3dE0G8Le30a%2ByReJIJyIi7QqgVvGvQ%3D%3D

Another thing to note is that while i after i get the 401 error, the proxmox webUI shows the connections a bit more before timing out

parrotassassin15 · Apr 28, 2023

Have you guys tried to set the VNC ticket cookie? My webapp works without it but in some cases, you may need it.

MatthieuLAURENT39 said:
Could you get it to work in the end? I'm also getting a 401 No Ticket error even though i'm using the VNC ticket.
My url looks like this:

Code:

https://172.17.50.250:8006/?console=kvm&novnc=1&node=mynodename&resize=1&vmid=103&path=api2/json/nodes/mynodename/qemu/103/vncwebsocket/port/5900/"vncticket"/PVEVNC%3A64130932%3A%3Adn%2BOzhoQtfRvVKfxd%2F%2BxE9IbBIwegHihcg8IZ2YRce%2BQrRGHcXtFQRr1QSmOMCyJrgzPiHGdu%2Bv0WZmhqK6ablXIsj%2FEY1f%2BVma2Fkp%2FH9A0pvkoQxcMYayLDwZPIFQYAcf%2BLzmQNybVKdGQgCY%2FB%2Bib1abUaohbRWbBUZq6y8CS1S6y8u6DBSf5jp7zc6wugpr3AOWtj%2BpTCtZZWwCChE1t2CyFVF78hAQB%2F1BCPYFx9%2B%2FuEgdKv0s4Vzr%2BHXOQnXy%2F64G55lOcnz6ewIp6v0twwxr1i%2FjD6jmqZ9BBgWgMfzQaiUCLilSA3dE0G8Le30a%2ByReJIJyIi7QqgVvGvQ%3D%3D

Another thing to note is that while i after i get the 401 error, the proxmox webUI shows the connections a bit more before timing out
View attachment 48053

I can make a video and link that later today if that would help?

dklinux7 · Jul 18, 2023

parrotassassin15 said:
Have you guys tried to set the VNC ticket cookie? My webapp works without it but in some cases, you may need it.

I can make a video and link that later today if that would help?

could you share the video link???

vegasss7 · Oct 2, 2023

parrotassassin15 said:
Have you guys tried to set the VNC ticket cookie? My webapp works without it but in some cases, you may need it.

I can make a video and link that later today if that would help?

Hello, sorry to bringin this thread up again, can i use API Token instead of PVEAuthCookie? Thanks ! Also do you happen to already made the video?

habibulilalbaab · Jan 11, 2024

Hello, i use this code and working, you can try

you need add auth cookie.

My PVE Node: n1.domain
My APP: vnc.domain

PHP:

<?php

// Require the autoloader
require_once 'vendor/autoload.php';

// Use the library namespace
use ProxmoxVE\Proxmox;

// Create your credentials array
$credentials = [
    'hostname' => 'n1.domain',  // Also can be an IP
    'username' => 'root',
    'password' => 'pass',
    'realm' => 'pam',
    'port' => '8006',
];

// Then simply pass your credentials when creating the API client object.
$proxmox = new Proxmox($credentials);

if ($login = $proxmox->login()) {
    $host = $credentials['hostname'];
    $node = 'n1';
    $vmid = 119;

    $ticket = $login->getTicket();
    setcookie("PVEAuthCookie",$ticket, 0, "/", '.domain' );
    $config = $proxmox->create("/nodes/$node/qemu/$vmid/vncproxy", [
        'websocket' => 1, // Start websocket proxy
    ]);

    $websock = $proxmox->get("/nodes/$node/qemu/$vmid/vncwebsocket", [
        'vncticket' => $config['data']['ticket'],
        'port' => $config['data']['port']
    ]);
    // print_r($login);
    $src_href = 'https://'.$host.'/?console=kvm&novnc=1&node='.$node.'&resize=1&vmid='.$vmid.'&path=api2/json/nodes/'.$node.'/qemu/'.$vmid.'/vncwebsocket/port/'.$config['data']['port'].'/vncticket/'.$config['data']['ticket'];
    echo '<iframe src="'.$src_href.'" frameborder="0" scrolling="no" width="100%" height="100%"></iframe>';
}

lubr · Jul 9, 2024

This this solution mixes two different approaches and generates additional /vncproxy calls in Proxmox which is not needed. See my thread and comments here: https://forum.proxmox.com/threads/n...ction-timeout-on-vncproxy.150854/#post-682559

If you have different opinion, do not hesitate to discuss it more. I think it would be better to a find clean solution with no extra calls and parts of codes that are not required.

ShotgunPayDay · Jul 31, 2024

Can VNC be used without a PVEAuthCookie like Spice? If you have to set a cookie anyway then it's probably easier to just use basic links when the browser cookie is set.

https://{host}/?console=kvm&novnc=1&vmid={vmid}&node={node}&autoresize=true

This doesn't work as it tests for a CSRF token.

It would be nice if the VNC ticket was enough without setting a cookie.

ultrasive · Nov 6, 2024

ShotgunPayDay said:
This doesn't work as it tests for a CSRF token.

It would be nice if the VNC ticket was enough without setting a cookie.

Is there any way to get around the need for a CSRF token, can we use a reverse proxy that applies the correct token perhaps?

windowsdesxtop · Feb 12, 2025

@alexo @vegasss7 @habibulilalbaab @ultrasive
Guys have you found solution yet?

habibulilalbaab · 2025-02-27T11:56:09+0100

windowsdesxtop said:
Guys have you found solution yet?

Hi, I can confirm that this method works for me:

Proxmox host: id-n1.domain.com
VNC URL/This PHP FIle (must be on the same domain as the Proxmox domain): vnc.domain.com

PHP:

<?php
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
// Require the autoloader
require_once 'vendor/autoload.php';

// Use the library namespace
use ProxmoxVE\Proxmox;

// Create your credentials array
$credentials = [
    'hostname' => 'id-n1.domain.com',  // Also can be an IP
    'username' => 'vnc',
    'password' => 'q1w2e3r4',
    'realm' => 'pve',
    'port' => '8006',
];

// Then simply pass your credentials when creating the API client object.
$proxmox = new Proxmox($credentials);

if ($login = $proxmox->login()) {
    $host = $credentials['hostname'];
    $node = 'id-n1';
    $vmid = 109;

    $ticket = $login->getTicket();
    setcookie("PVEAuthCookie",$ticket, 0, "/", ".domain.com" );
    $config = $proxmox->create("/nodes/$node/qemu/$vmid/vncproxy", [
        'websocket' => 1, // Start websocket proxy
    ]);

    $websock = $proxmox->get("/nodes/$node/qemu/$vmid/vncwebsocket", [
        'vncticket' => $config['data']['ticket'],
        'port' => $config['data']['port']
    ]);
  
    $src_href = 'https://'.$host.'/?console=kvm&novnc=1&vmid='.$vmid.'&node='.$node.'&path=/api2/json/nodes/'.$node.'/qemu/'.$vmid.'/vncwebsocket/port/'.$config['data']['port'].'/vncticket/'.$config['data']['ticket'];
    echo '<iframe src="'.$src_href.'" frameborder="0" scrolling="no" width="100%" height="100%"></iframe>';
}

make sure PVEAuthCookie set to .yourdomain.com

[TUTORIAL] How to set up noVNC on a web application.

New Member

Attachments

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

New Member

Member

New Member

Member

New Member

New Member

Member

Attachments

We value your privacy