Local access 127. can't get in with browser

[Docop2]

Hi So i tried to access proxmox gui via the local adress, but give unable to connect. The main gpu is used to pass for a vm. How to simply log to https://127.0.0.1:8006 via a browser ? Going https://192.168.50.7:8006 it work fine, but not 127.. First step don't work. I see people using the whole pc with a screen to put a desktop system, but not supposed to be needed here.

At end i would like to access via wifi from a vm. Like have a router vm, like opnsense with a wifi adapter that give an AP and i can access the proxmox system gui ip directly , but if the ip drop, how can it be possible... Here is the quick setup:
Router1 -) Prox box --) VM101 (router) -//-) Wifi Wifi - Laptop
192.168.50.1 ..50.7 vmbr0 lan= vmbr1 .31.1 .31.5

I did try to switch to nat by having ip 10.10.6.0 and postrouting to vmbr0, but still i can't load the 127.0.0.1:8006 page. i see a kind of HAProxy could handle local too, but .. as being fully local, it should not be needed i think.

Also i don't have pve firewall , in /etc/default/pveproxy no file there.

is something can force too but. :/etc/default/pveproxy:

ALLOW_FROM="127.0.0.1"
DENY_FROM="all"
POLICY="allow"

Not sure of dmesg as i don't see 127.0... But here is the result of : ss -antlp

ss -antlp
State        Recv-Q        Send-Q               Local Address:Port                Peer Address:Port       Process
LISTEN       0             4096                       0.0.0.0:59555                    0.0.0.0:*           users:(("rpc.statd",pid=1795,fd=9))
LISTEN       0             4096                     127.0.0.1:61000                    0.0.0.0:*           users:(("kvm",pid=8895,fd=12))
LISTEN       0             4096                       0.0.0.0:111                      0.0.0.0:*           users:(("rpcbind",pid=968,fd=4),("systemd",pid=1,fd=36))
LISTEN       0             4096                     127.0.0.1:85                       0.0.0.0:*           users:(("pvedaemon worke",pid=1534,fd=6),("pvedaemon worke",pid=1533,fd=6),("pvedaemon worke",pid=1532,fd=6),("pvedaemon",pid=1531,fd=6))
LISTEN       0             128                        0.0.0.0:22                       0.0.0.0:*           users:(("sshd",pid=1311,fd=3))
LISTEN       0             64                         0.0.0.0:39895                    0.0.0.0:*        
LISTEN       0             100                      127.0.0.1:25                       0.0.0.0:*           users:(("master",pid=1492,fd=13))
LISTEN       0             4096                          [::]:57889                       [::]:*           users:(("rpc.statd",pid=1795,fd=11))
LISTEN       0             4096                             *:8006                           *:*           users:(("pveproxy worker",pid=20591,fd=6),("pveproxy worker",pid=20359,fd=6),("pveproxy worker",pid=20172,fd=6),("pveproxy",pid=1541,fd=6))
LISTEN       0             64                            [::]:37833                       [::]:*        
LISTEN       0             4096                          [::]:111                         [::]:*           users:(("rpcbind",pid=968,fd=6),("systemd",pid=1,fd=38))
LISTEN       0             128                           [::]:22                          [::]:*           users:(("sshd",pid=1311,fd=4))
LISTEN       0             4096                             *:3128                           *:*           users:(("spiceproxy work",pid=1548,fd=6),("spiceproxy",pid=1547,fd=6))

And : curl -vvv https://localhost:8006

*   Trying 127.0.0.1:8006...
* Connected to localhost (127.0.0.1) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.50.7 prox.nuc6 prox

Thanks in advance

 

[oguz]

hi,

How to simply log to 127.0.0.1:8006 via a browser ?

don't forget https:// in the beginning

the certificate error is because of the default generated self-signed certificate. for curl you can pass -k flag and in your browser just accept the certificate warning.

 

[Docop2]

don't forget https:// in the beginning

I wish that could be that. But going to https://127.0.0.1:8006 do return an : unable to connect.

 

[oguz]

I wish that could be that. But going to https://127.0.0.1:8006 do return an : unable to connect.

does curl work with -k option?

where are you running the browser exactly? if you're running it in a VM then 127.0.0.1 will point to that VM instead of your PVE host...

 

[Docop2]

Yes i do see a kind of htlm with the k option.
curl -s -k https://127.0.0.1:8006 | grep title
give: <title>prox - Proxmox Virtual Environment</title>

Router - Prox - vm (win or ubuntu)
! !
Pc Laptop
So on the pc or laptop i can log to gui ip:8086 , but 127 do give unable to connect. On different browser, no host blocking, no firewall, no privoxy.
In the vm win, i give vmbr0 or vmbr1 with nat setting to the vmbr0 , still same.
after boot a vm xubuntu, also give unable to connect.

 

[Docop2]

Quite not sure here.. I did install a fresh proxmox 7.1 iso into esxi , as to quickly tried. And i can ssh, i can log to gui. But 127.. give unable to connect too.
Here the full detail of the curl k 127..

 curl -s -k https://127.0.0.1:8006
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
    <title>proxesx - Proxmox Virtual Environment</title>
    <link rel="icon" sizes="128x128" href="/pve2/images/logo-128.png" />
    <link rel="apple-touch-icon" sizes="128x128" href="/pve2/images/logo-128.png" />
    <link rel="stylesheet" type="text/css" href="/pve2/ext6/theme-crisp/resources/theme-crisp-all.css?ver=7.0.0" />
    <link rel="stylesheet" type="text/css" href="/pve2/ext6/crisp/resources/charts-all.css?ver=7.0.0" />
    <link rel="stylesheet" type="text/css" href="/pve2/fa/css/font-awesome.css" />
    <link rel="stylesheet" type="text/css" href="/pve2/css/ext6-pve.css?ver=7.1-4" />
    <link rel="stylesheet" type="text/css" href="/pwt/css/ext6-pmx.css?ver=3.4-2" />

    <script type='text/javascript'>function gettext(buf) { return buf; }</script>

    <script type="text/javascript" src="/pve2/ext6/ext-all.js?ver=7.0.0"></script>
    <script type="text/javascript" src="/pve2/ext6/charts.js?ver=7.0.0"></script>

    <script type="text/javascript" src="/pve2/js/u2f-api.js"></script>
    <script type="text/javascript" src="/qrcode.min.js"></script>
    <script type="text/javascript">
    Proxmox = {
        Setup: { auth_cookie_name: 'PVEAuthCookie' },
        defaultLang: 'en',
        NodeName: 'proxesx',
        UserName: '',
        CSRFPreventionToken: 'null'
    };
    </script>
    <script type="text/javascript" src="/proxmoxlib.js?ver=3.4-2"></script>
    <script type="text/javascript" src="/pve2/js/pvemanagerlib.js?ver=7.1-4"></script>
    <script type="text/javascript" src="/pve2/ext6/locale/locale-en.js?ver=7.0.0"></script>

    <script type="text/javascript">
    if (typeof(PVE) === 'undefined') PVE = {};
    Ext.History.fieldid = 'x-history-field';
    Ext.onReady(function() { Ext.create('PVE.StdWorkspace');});
    </script>

  </head>
  <body>
    <!-- Fields required for history management -->
    <form id="history-form" class="x-hidden">
    <input type="hidden" id="x-history-field"/>
    </form>
  </body>
</html>

 

[oguz]

So on the pc or laptop i can log to gui ip:8086 , but 127 do give unable to connect. On different browser, no host blocking, no firewall, no privoxy.

for https://127.0.0.1:8006 to work, you need to be running the browser on the PVE node itself and not on a separate machine/VM... (127.0.0.1 always points to the computer you're currently running on, as localhost).

if you're accessing from another machine (laptop, VM, etc.), then you'll need to use the actual IP address of the PVE host instead of 127.0.0.1, since 127.0.0.1 would in that case point to the machine you're running the browser on....

Yes i do see a kind of htlm with the k option.
curl -s -k https://127.0.0.1:8006 | grep title
give: <title>prox - Proxmox Virtual Environment</title>

then it's working fine, since it seems to be able to access itself