[SOLVED] Is there any way to autofill the vnc websocket password prompt?

JVisi

New Member
Sep 23, 2022
15
0
1
Hello
What I need to do, is basically autofill (or make the password not required) when getting the novnc console via websockets)

The setup is:
Browser- nodejs proxy - proxmox

In the browser I can't really do anything with it, because it's required before the pages render, and the vnc-ticket is not the same, so I can't save it and autofill with a plugin for example. so maybe something to add in the proxy?

The proxy in itself is only doing the forwarding, like this:

Code:
httpProxy.createServer({
    target:proxmox vncwebsocket url,
    ws:true,
    secure:false,
    changeOrigin:true,

    auth:"password:"+vnc_ticket,    //this here is not working
    headers:{
        'Cookie': pveCookie,
        'Password':vnc_ticket           //neither does this
    },
}).listen(5001)

Is there any way to pass the password beforehand, so it's not getting prompted in the browser?
 

JVisi

New Member
Sep 23, 2022
15
0
1
When connecting
i don't really get what you're trying to do. where do you need the password? what do you try to accomplish?
(maybe checking out our novnc code helps? https://git.proxmox.com/?p=novnc-pve.git;a=tree;h=refs/heads/master;hb=refs/heads/master )
The proxy forwards the incoming traffic from wss://ip:8006.... to ws://localhost: port. This is the vnc console. When my app tries to connect to ws://other-ip:5001, it prompts me for a password, and this password is the vnc-ticket. I would like to skip the need to manually enter the vnc-ticket, and if someone is trying to connect to ws://localhost: port it automatically shows the vnc-console

1664351720909.png1664351686147.png
 

Attachments

  • 1664351679918.png
    1664351679918.png
    7.5 KB · Views: 2
Last edited:

Craig St George

Active Member
Jul 31, 2018
112
13
38
60
hard to explain but i kind of do this customer clicks a vnc terminal button in our control panel
In the backend i call "/access/ticket"; enpdoint with customers details then set set_cookie("PVEAuthCookie", based on token for a the customer

then i call /vncproxy' endpoint with $data['websocket'] = true; and finally display the console l html js etc
 

JVisi

New Member
Sep 23, 2022
15
0
1
hard to explain but i kind of do this customer clicks a vnc terminal button in our control panel
In the backend i call "/access/ticket"; enpdoint with customers details then set set_cookie("PVEAuthCookie", based on token for a the customer

then i call /vncproxy' endpoint with $data['websocket'] = true; and finally display the console l html js etc
Hmm, interesting, because I feel like I do the same.
In the backed, I call /access/ticket, get the pveauthcookie
next I call the /vncproxy like this:

Code:
const response = await this.instance.post(
                'https://ip:8006/api2/json/nodes/{node}/lxc/'+vmid+'/vncproxy',
                {
                    websocket: true
                }, {
                headers: {
                    'Cookie': pveCookie,
                    "CSRFPreventionToken": csrf
                },
                withCredentials: true
            })

and then I create a proxyserver that forwards this socket like

JavaScript:
let url = "wss://ip:8006/api2/json/nodes/{node}/lxc/16150/vncwebsocket?port=" + response.data.data.port + "&" + qs.stringify({ vncticket: response.data.data.ticket })

            httpProxy.createServer({
                target: url,
                ws: true,
                secure: false,
                changeOrigin: true,
                headers: {
                    'Cookie': pveCookie,
                },
            }).listen(5001)
 

JVisi

New Member
Sep 23, 2022
15
0
1
Hmm, interesting, because I feel like I do the same.
In the backed, I call /access/ticket, get the pveauthcookie
next I call the /vncproxy like this:

Code:
const response = await this.instance.post(
                'https://ip:8006/api2/json/nodes/{node}/lxc/'+vmid+'/vncproxy',
                {
                    websocket: true
                }, {
                headers: {
                    'Cookie': pveCookie,
                    "CSRFPreventionToken": csrf
                },
                withCredentials: true
            })

and then I create a proxyserver that forwards this socket like

JavaScript:
let url = "wss://ip:8006/api2/json/nodes/{node}/lxc/16150/vncwebsocket?port=" + response.data.data.port + "&" + qs.stringify({ vncticket: response.data.data.ticket })

            httpProxy.createServer({
                target: url,
                ws: true,
                secure: false,
                changeOrigin: true,
                headers: {
                    'Cookie': pveCookie,
                },
            }).listen(5001)

Maybe the problem is something with that proxmox provides a wss://.... link and I'm trying to connect with ws://... ?
 

Craig St George

Active Member
Jul 31, 2018
112
13
38
60
maybe im using wss://

but i also had to url endcode the ticket
like api2/json/nodes/' . $hostname . '/' . $vtype . '/' . $username . '/vncwebsocket?port=' . urlencode($port) . '&vncticket=' . urlencode($ticket)

I rember it was hard to debug the wss call chrome did show the real reason firefox did and i also have problems with my certs and the domain of my poxy as i have a reverse proxy there also
 

JVisi

New Member
Sep 23, 2022
15
0
1
maybe im using wss://

but i also had to url endcode the ticket
like api2/json/nodes/' . $hostname . '/' . $vtype . '/' . $username . '/vncwebsocket?port=' . urlencode($port) . '&vncticket=' . urlencode($ticket)

I rember it was hard to debug the wss call chrome did show the real reason firefox did and i also have problems with my certs and the domain of my poxy as i have a reverse proxy there also
The ticket is url encoded

what I'm trying to achieve is that from an app running on http://ip:3000, I connect to ws://myproxy-ip:5001, and the proxy connects to the wss://proxmox-ip....
but this requires that 'password' authentication on the front-end. I figure it's an issue with certificates?
the /vncproxy call gives back a certificate, maybe I should be using that somehow?
 

dcsapak

Proxmox Staff Member
Staff member
Feb 1, 2016
8,549
1,100
164
34
Vienna
but that is not a password prompt from pve, but it seems a http basic auth prompt. i'd check your proxy if it's correctly configured...
also it says "localhost:3001" but you wrote 5001, maybe there is a typo somewhere?
 

JVisi

New Member
Sep 23, 2022
15
0
1
but that is not a password prompt from pve, but it seems a http basic auth prompt. i'd check your proxy if it's correctly configured...
also it says "localhost:3001" but you wrote 5001, maybe there is a typo somewhere?
Well, yes, it's a basic auth prompt. That's why I asked if there was any way to prevent this to be needed. I thought I'm getting prompted, because connecting to the proxmox websocket stream asks me to.

However, I have found a solution.
From the vnc client, on the onCredentialsRequired event one can get the RFB object, and on that theres a sendCredentials call, and in that we can provide then vnc-ticket

Thank you for your time, I mark this thread as solved
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!