Nginx Reverse Proxy Proxmox Web UI - Can't Access noVNC And Shell Consoles (2023)

[Majoraslayer]

I've tried every Nginx config I can find in Google to try to solve this problem. When setting up an Nginx reverse proxy for the Proxmox web UI (this is an experimental server without sensitive info on it), I can't access the main Shell console or the noVNC consoles on VMs. I've tried enabling web sockets per most of the search results I've found up to 2022, but I'm still getting the 1006 error that keeps the consoles from loading. Please note, my Nginx web server is hosted on a different machine on my network, so the reverse proxy points to it's internal IP instead of localhost.

Yes, I know, this is a bad idea, it's a security risk, etc. I don't plan to have this connection active often and will only enable it on specific occasions, so the chances of it causing a catastrophic issue are low. I know the risks, I just want to make it work.

Below is my Nginx config, minus some private info:

upstream proxmox { server [Proxmox Internal IP]:8006; } server { if ($host = sub.domain.placeholder) { return 301 https://$host$request_uri; } # managed by Certbot # Port 80 Redirect to 443 listen 80; server_name sub.domain.placeholder; return 301 https://sub.domain.placeholder$request_uri; } server { # Specify Listening Ports listen 443 ssl http2; server_name sub.domain.placeholder; # SSL Certificates ssl_certificate /etc/letsencrypt/live/sub.domain.placeholder/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/sub.domain.placeholder/privkey.pem; # managed by Certbot proxy_redirect off; # Begin Necessary Config client_header_buffer_size 1k; large_client_header_buffers 2 1k; port_in_redirect off; proxy_buffers 8 16k; proxy_buffer_size 32k; location / { proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header If-Modified-Since ""; proxy_set_header If-None-Match ""; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "Upgrade"; proxy_ssl_server_name on; proxy_ssl_name $host; proxy_ssl_verify off; proxy_set_header Host $host; proxy_pass https://[Proxmox Internal IP]:8006; proxy_buffering off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; } }

What am I missing? If it's a port issue, how would I solve that sending it through the reverse proxy?

 

[LnxBil]

Most of the "live" stuff is going through a websocket. Maybe the problem lies there?

 

[Majoraslayer]

Most of the "live" stuff is going through a websocket. Maybe the problem lies there?

I have kind of a vague understanding of how those work, especially in Nginx, but everything I've found online mentioning it being a websocket issue fixed it by adding lines I've already included in my config above to enable them.

 

[LnxBil]

I have kind of a vague understanding of how those work, especially in Nginx, but everything I've found online mentioning it being a websocket issue fixed it by adding lines I've already included in my config above to enable them.

That's good. I'm not that firm in nginx config, so I did not notice. I jused traefik as a reverse proxy a few years ago with reverse proxing a pve cluster. What does the log on the pve host say? What about the browser or nginx logs?