Local access 127. can't get in with browser

D

Docop2

Member
Nov 20, 2021
145
11
23
45
Hi So i tried to access proxmox gui via the local adress, but give unable to connect. The main gpu is used to pass for a vm. How to simply log to https://127.0.0.1:8006 via a browser ? Going https://192.168.50.7:8006 it work fine, but not 127.. First step don't work. I see people using the whole pc with a screen to put a desktop system, but not supposed to be needed here.

At end i would like to access via wifi from a vm. Like have a router vm, like opnsense with a wifi adapter that give an AP and i can access the proxmox system gui ip directly , but if the ip drop, how can it be possible... Here is the quick setup:
Router1 -) Prox box --) VM101 (router) -//-) Wifi Wifi - Laptop
192.168.50.1 ..50.7 vmbr0 lan= vmbr1 .31.1 .31.5

I did try to switch to nat by having ip 10.10.6.0 and postrouting to vmbr0, but still i can't load the 127.0.0.1:8006 page. i see a kind of HAProxy could handle local too, but .. as being fully local, it should not be needed i think.

Also i don't have pve firewall , in /etc/default/pveproxy no file there.

is something can force too but. :/etc/default/pveproxy:

ALLOW_FROM="127.0.0.1"
DENY_FROM="all"
POLICY="allow"

Not sure of dmesg as i don't see 127.0... But here is the result of : ss -antlp
Code: 
ss -antlp
State        Recv-Q        Send-Q               Local Address:Port                Peer Address:Port       Process
LISTEN       0             4096                       0.0.0.0:59555                    0.0.0.0:*           users:(("rpc.statd",pid=1795,fd=9))
LISTEN       0             4096                     127.0.0.1:61000                    0.0.0.0:*           users:(("kvm",pid=8895,fd=12))
LISTEN       0             4096                       0.0.0.0:111                      0.0.0.0:*           users:(("rpcbind",pid=968,fd=4),("systemd",pid=1,fd=36))
LISTEN       0             4096                     127.0.0.1:85                       0.0.0.0:*           users:(("pvedaemon worke",pid=1534,fd=6),("pvedaemon worke",pid=1533,fd=6),("pvedaemon worke",pid=1532,fd=6),("pvedaemon",pid=1531,fd=6))
LISTEN       0             128                        0.0.0.0:22                       0.0.0.0:*           users:(("sshd",pid=1311,fd=3))
LISTEN       0             64                         0.0.0.0:39895                    0.0.0.0:*        
LISTEN       0             100                      127.0.0.1:25                       0.0.0.0:*           users:(("master",pid=1492,fd=13))
LISTEN       0             4096                          [::]:57889                       [::]:*           users:(("rpc.statd",pid=1795,fd=11))
LISTEN       0             4096                             *:8006                           *:*           users:(("pveproxy worker",pid=20591,fd=6),("pveproxy worker",pid=20359,fd=6),("pveproxy worker",pid=20172,fd=6),("pveproxy",pid=1541,fd=6))
LISTEN       0             64                            [::]:37833                       [::]:*        
LISTEN       0             4096                          [::]:111                         [::]:*           users:(("rpcbind",pid=968,fd=6),("systemd",pid=1,fd=38))
LISTEN       0             128                           [::]:22                          [::]:*           users:(("sshd",pid=1311,fd=4))
LISTEN       0             4096                             *:3128                           *:*           users:(("spiceproxy work",pid=1548,fd=6),("spiceproxy",pid=1547,fd=6))

And : curl -vvv https://localhost:8006

Code: 
*   Trying 127.0.0.1:8006...
* Connected to localhost (127.0.0.1) port 8006 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

cat /etc/hosts
127.0.0.1 localhost.localdomain localhost
192.168.50.7 prox.nuc6 prox

Thanks in advance
 
Last edited:
hi,
Docop2 said:
How to simply log to 127.0.0.1:8006 via a browser ?
Click to expand...
don't forget https:// in the beginning :)

the certificate error is because of the default generated self-signed certificate. for curl you can pass -k flag and in your browser just accept the certificate warning.
 
Docop2 said:
I wish that could be that. But going to https://127.0.0.1:8006 do return an : unable to connect.
Click to expand...
does curl work with -k option?

where are you running the browser exactly? if you're running it in a VM then 127.0.0.1 will point to that VM instead of your PVE host...
 
Yes i do see a kind of htlm with the k option.
curl -s -k https://127.0.0.1:8006 | grep title
give: <title>prox - Proxmox Virtual Environment</title>

Router - Prox - vm (win or ubuntu)
! !
Pc Laptop
So on the pc or laptop i can log to gui ip:8086 , but 127 do give unable to connect. On different browser, no host blocking, no firewall, no privoxy.
In the vm win, i give vmbr0 or vmbr1 with nat setting to the vmbr0 , still same.
after boot a vm xubuntu, also give unable to connect.
 
Quite not sure here.. I did install a fresh proxmox 7.1 iso into esxi , as to quickly tried. And i can ssh, i can log to gui. But 127.. give unable to connect too.
Here the full detail of the curl k 127..
Code: 
 curl -s -k https://127.0.0.1:8006
<!DOCTYPE html>
<html>
  <head>
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no">
    <title>proxesx - Proxmox Virtual Environment</title>
    <link rel="icon" sizes="128x128" href="/pve2/images/logo-128.png" />
    <link rel="apple-touch-icon" sizes="128x128" href="/pve2/images/logo-128.png" />
    <link rel="stylesheet" type="text/css" href="/pve2/ext6/theme-crisp/resources/theme-crisp-all.css?ver=7.0.0" />
    <link rel="stylesheet" type="text/css" href="/pve2/ext6/crisp/resources/charts-all.css?ver=7.0.0" />
    <link rel="stylesheet" type="text/css" href="/pve2/fa/css/font-awesome.css" />
    <link rel="stylesheet" type="text/css" href="/pve2/css/ext6-pve.css?ver=7.1-4" />
    <link rel="stylesheet" type="text/css" href="/pwt/css/ext6-pmx.css?ver=3.4-2" />

    <script type='text/javascript'>function gettext(buf) { return buf; }</script>

    <script type="text/javascript" src="/pve2/ext6/ext-all.js?ver=7.0.0"></script>
    <script type="text/javascript" src="/pve2/ext6/charts.js?ver=7.0.0"></script>

    <script type="text/javascript" src="/pve2/js/u2f-api.js"></script>
    <script type="text/javascript" src="/qrcode.min.js"></script>
    <script type="text/javascript">
    Proxmox = {
        Setup: { auth_cookie_name: 'PVEAuthCookie' },
        defaultLang: 'en',
        NodeName: 'proxesx',
        UserName: '',
        CSRFPreventionToken: 'null'
    };
    </script>
    <script type="text/javascript" src="/proxmoxlib.js?ver=3.4-2"></script>
    <script type="text/javascript" src="/pve2/js/pvemanagerlib.js?ver=7.1-4"></script>
    <script type="text/javascript" src="/pve2/ext6/locale/locale-en.js?ver=7.0.0"></script>

    <script type="text/javascript">
    if (typeof(PVE) === 'undefined') PVE = {};
    Ext.History.fieldid = 'x-history-field';
    Ext.onReady(function() { Ext.create('PVE.StdWorkspace');});
    </script>

  </head>
  <body>
    <!-- Fields required for history management -->
    <form id="history-form" class="x-hidden">
    <input type="hidden" id="x-history-field"/>
    </form>
  </body>
</html>
 
Docop2 said:
So on the pc or laptop i can log to gui ip:8086 , but 127 do give unable to connect. On different browser, no host blocking, no firewall, no privoxy.
Click to expand...
for https://127.0.0.1:8006 to work, you need to be running the browser on the PVE node itself and not on a separate machine/VM... (127.0.0.1 always points to the computer you're currently running on, as localhost).

if you're accessing from another machine (laptop, VM, etc.), then you'll need to use the actual IP address of the PVE host instead of 127.0.0.1, since 127.0.0.1 would in that case point to the machine you're running the browser on....

Docop2 said:
Yes i do see a kind of htlm with the k option.
curl -s -k https://127.0.0.1:8006 | grep title
give: <title>prox - Proxmox Virtual Environment</title>
Click to expand...
then it's working fine, since it seems to be able to access itself ;)
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back