noVNC console via PHP API

x86

New Member
Aug 19, 2014
21
0
1
Hello,

Is there any example about showing a noVNC popup from a VM (via external website) in PHP?

Thanks!
 
You can access the noVNC console via it's address:
Code:
  [URL="https://your.proxmoxve.server:8006/?console=kvm&novnc=1&vmid=100&node=somenode"]
https://your.proxmoxve.server:8006/?console=kvm&novnc=1&vmid=100&node=somenode[/URL]
change the vmid and the node GET parameters to your needs. But you need to respect the authentification security measures Proxmox VE has.

I actually changed a little bit of the PHP API from https://github.com/CpuID/pve2-api-php-client ( i hope you use this ^^)

I added the following function in pve2-api-php-client/pve2_api.class.php . You'll need it because the noVNC frontend checks if you have the valid permissions through the "PVEAuthCookie", and to set it outside of the API would be a bigger hassle as the login_ticket is protected in the API.
Code:
public function setCookie()
{
    setcookie("PVEAuthCookie",$this->login_ticket['ticket']);
}

And here is some example code of including the noVNC console, attetion you need to create a user which has the VM.Console permission for the vms you would like to show., e.g the role "PVEVMUser" has it. And the user, AFAIK, must be logged in through the pam realm, which means it must be an real user on your proxmox system. I created a "vnc" dummy user on my proxmox server (use the command line tool "adduser"), then gave him the PVEVMUser role through the PVE Web Interface (naturally, you could do it also with the api).

But look at the code yourself, it's really simple. Only the setup from the user and so on is a bit complicated.
Code:
<?php
require("pve2-api-php-client/pve2_api.class.php");

# use pam here, my test user is vnc with, naturally, a strong password ;) 
$pve2 = new PVE2_API("pve", "vnc", "pam", "12345");

?>
<html>
<head>
     <title>noVNC extern test</title>
</head>
<body>

<?php

if ($pve2->login())
{
    $pve2->setCookie(); # this is the function I added to the php API client

?>
 <iframe  src="https://192.168.122.6:8006/?console=kvm&novnc=1&vmid=100&node=pve" frameborder="0" scrolling="no" width="1024px" height="100%"></iframe>

<?php
   # print("logged in");
}
else
{
    print("Login to Proxmox Host failed.\n");
    exit;
}
?>
</body>
</html>

It's a bit messy, so when you have further questions, feel free to ask. Or when you came up with a cleaner way, please let me know it.
 
Last edited by a moderator:
You can access the noVNC console via it's address:
Code:
  [URL="https://your.proxmoxve.server:8006/?console=kvm&novnc=1&vmid=100&node=somenode"]
https://your.proxmoxve.server:8006/?console=kvm&novnc=1&vmid=100&node=somenode[/URL]
I actually changed a little bit of the PHP API from https://github.com/CpuID/pve2-api-php-client ( i hope you use this ^^)

I did contribute some code to the API. I thought there was a better way to use noVNC instead of this 'hacky way'. :D
But thanks anyway!
 
Haha, yeah i created a pull request on GitHub for the cookie function and saw your name... :D

The problem is that the noVNC from PVE need to check if the request is a valid one and the necessary permissions are guaranteed. And it isn't directly accessible through the REST API, AFAIK. But I have to admit that I didn't looke really deep into it now, it's a bit late here..^^

FYI the code which serves the Console is in the pve-manager repo, pve-manager/PVE/NoVncIndex.pm and in pve-manager/bin/pveproxy lies the proxy which serves the files for the interface. Repos are here: https://git.proxmox.com/
Maybe you find something for your need there and maybe you can contribute it back to the project. Look at http://pve.proxmox.com/wiki/Developer_Documentation
 
You can access the noVNC console via it's address:
Code:
  [URL]https://your.proxmoxve.server:8006/?console=kvm&novnc=1&vmid=100&node=somenode[/URL]
change the vmid and the node GET parameters to your needs. But you need to respect the authentification security measures Proxmox VE has.I actually changed a little bit of the PHP API from https://github.com/CpuID/pve2-api-php-client ( i hope you use this ^^).
No worked this method at proxmox 3.4Error "No Ticket 401" (screenshot http://joxi.ru/BLmGDx8tBZgQ2l.jpg) in frame. At proxmox webgui started console task. If after this return to your script at this browser, all ok.
 
Yes, when you read my whole post you see the problem.
Proxmox noVNC uses a Cookie which includes the ticket (Authorization) of your session, generated by the webUI.

So if you want to let an user connect to noVNC without forcing him to long in into the WebUi you have to set this cookie manually and everything works fine.

If you use the PHP API you have to add only a little bit, again look at my post everything to get it to work is described there.

Download the API from https://github.com/GamerSource/pve2-api-php-client/tree/testing and your good to go.
I made a pull request to the original API but the doesn't seem very active at the moment...
 
Last edited by a moderator:
Yes, when you read my whole post you see the problem.
Proxmox noVNC uses a Cookie which includes the ticket (Authorization) of your session, generated by the webUI.

So if you want to let an user connect to noVNC without forcing him to long in into the WebUi you have to set this cookie manually and everything works fine.

If you use the PHP API you have to add only a little bit, again look at my post everything to get it to work is described there.

Download the API from https://github.com/GamerSource/pve2-api-php-client/tree/testing and your good to go.
I made a pull request to the original API but the doesn't seem very active at the moment...
Thanks for reply! I use class at your link, added into fucntion "setCookie" from your post and call this function after use login(), /vncproxy & /vncwebsocket API.
Have error at my screenshot, 401 - no ticket..
I have ticket with API reply, in array. Maybe, i need use it?

Now i trying this:
$pve_node = 'node0';$pve_vmid = 1005;
$pve2 = new PVE2_API($pve_nodes[$pve_node]['ip'], $pve_nodes[$pve_node]['user'], $pve_nodes[$pve_node]['auth_type'], $pve_nodes[$pve_node]['password']);
if ($pve2->login()){
$vncproxy = $pve2->post("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncproxy");
$vncwebsocket = $pve2->get("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncwebsocket", array('port' => $vncproxy['port'], 'vncticket' => $vncproxy['ticket']));
$pve2->setCookie();
header("Location: https://{$pve_nodes[$pve_node]['ip']}:8006/?console=kvm&novnc=1&vmid={$pve_vmid}&vmname=alnikovs2-pbx&node={$pve_nodes[$pve_node]['name']}");
}
as your iframe style i trying too, error 401 - no ticket. Full your variant:
<html><head>
<title>noVNC extern test</title>
</head>
<body>
<?php
require("pve2_api.class.php");
require('../include/config.inc.php');


# use pam here, my test user is vnc with, naturally, a strong password ;)
$pve_node = 'node0';
$pve_vmid = 1005;
$pve2 = new PVE2_API($pve_nodes[$pve_node]['ip'], $pve_nodes[$pve_node]['user'], $pve_nodes[$pve_node]['auth_type'], $pve_nodes[$pve_node]['password']);
if ($pve2->login()){
$pve2->setCookie();
?>
<iframe src="https://<?php print $pve_nodes[$pve_node]['ip'];?>:8006/?console=kvm&novnc=1&vmid=<?php print $pve_vmid;?>&node=<?php print $pve_nodes[$pve_node]['name'];?>" frameborder="0" scrolling="no" width="1024px" height="100%"></iframe>
<?php
} else {
?>
Login to Proxmox Host failed.
<?php
}
?>
</body>
</html>

error - 401 no ticket... (screenshot http://joxi.ru/WKAx9OVhVwper8.jpg)
 
Last edited:
The user which wants to see the noVNC console need to have the VM.Console permission. The predefined role "PVEVMUser" has it for example.

Are your sure the user you use has these permissions?
 
The user which wants to see the noVNC console need to have the VM.Console permission. The predefined role "PVEVMUser" has it for example.

Are your sure the user you use has these permissions?

i trying 'root', PAM user 'api' defined PVEVMAdmin or PVEVMUser permissions..

Now i have problem - Failed to connect to server (code: 1006)
From ProxMox GUI too..
Need restart proxmox?
 
i trying 'root', PAM user 'api' defined PVEVMAdmin or PVEVMUser permissions..

Now i have problem - Failed to connect to server (code: 1006)
From ProxMox GUI too..
Need restart proxmox?
invalid hostname, fixed. From gui novnc worked normally.
 
You can't connect to the web gui anymore? Which version of Proxmox do you have? (run "pveversion --verbose" in a shell to get detailed infos)

#EDIT: saw your post to late, so not needed anymore, but which Proxmox VE version are you running?

Last time I tested everything and it worked without problems... So it's a bit strange.
 
You can't connect to the web gui anymore? Which version of Proxmox do you have? (run "pveversion --verbose" in a shell to get detailed infos)

Last time I tested everything and it worked without problems... So it's a bit strange.
now its ok, i trying change hostname, return to "nodename" back. Now gui worked normaly.
vnc.php page (with iframe) work only if login this user to proxmox gui at this browser..
pveversion --verboseproxmox-ve-2.6.32: 3.4-156 (running kernel: 2.6.32-39-pve)
pve-manager: 3.4-6 (running version: 3.4-6/102d4547)
pve-kernel-2.6.32-39-pve: 2.6.32-156
lvm2: 2.02.98-pve4
clvm: 2.02.98-pve4
corosync-pve: 1.4.7-1
openais-pve: 1.1.4-3
libqb0: 0.11.1-2
redhat-cluster-pve: 3.2.0-2
resource-agents-pve: 3.9.2-4
fence-agents-pve: 4.0.10-2
pve-cluster: 3.0-17
qemu-server: 3.4-6
pve-firmware: 1.1-4
libpve-common-perl: 3.0-24
libpve-access-control: 3.0-16
libpve-storage-perl: 3.0-33
pve-libspice-server1: 0.12.4-3
vncterm: 1.1-8
vzctl: 4.0-1pve6
vzprocps: 2.0.11-2
vzquota: 3.1-2
pve-qemu-kvm: 2.2-10
ksm-control-daemon: 1.1-1
glusterfs-client: 3.5.2-1
 
Ok some additional changes to the setCookie function where needed to guarantee that it works in most situations:
Code:
public function setCookie() {
    if (!$this->check_login_ticket()) {
        throw new PVE2_Exception("Not logged into Proxmox host. No Login access ticket found or ticket expired.", 3);
    }

    setrawcookie("PVEAuthCookie", $this->login_ticket['ticket'], 0, "/");
}

I tested it successfully with login out from the WebGui and the loading the iframe example i posted above.

Please try that and report back.

Attention: after you visit the page with the noVNC iframe the cookie is set and so your automatically logged into the webgui (even if you where logged out previously), so don't use root because else the user access the webgui as root, after visiting the vnc.php page!
 
Last edited by a moderator:
Ok some additional changes to the setCookie function where needed to guarantee that it works in most situations:
Code:
public function setCookie() {
    if (!$this->check_login_ticket()) {
        throw new PVE2_Exception("Not logged into Proxmox host. No Login access ticket found or ticket expired.", 3);
    }

    setrawcookie("PVEAuthCookie", $this->login_ticket['ticket'], 0, "/");
}

I tested it successfully with login out from the WebGui and the loading the iframe example i posted above.

Please try that and report back.

http://joxi.ru/752aY48il0qG20.jpg - right?

vnc.php page:
Code:
<?php
session_start();
?>
<html>
<head>
     <title>noVNC extern test</title>
</head>
<body>
<?php
require("pve2_api.class.php");
$pve_nodes = array(
"node0" => array(
    "ip"        => "myexternalip",
    "name"      => "mynodename",
    "auth_type" => "pam",
    "user"      => "root",
    "password"  => "myrightpassword",
    ),
);




# use pam here, my test user is vnc with, naturally, a strong password ;) 
$pve_node = 'node0';
$pve_vmid = 1005; //really existing qemu kvm
$pve2 = new PVE2_API($pve_nodes[$pve_node]['ip'], $pve_nodes[$pve_node]['user'], $pve_nodes[$pve_node]['auth_type'], $pve_nodes[$pve_node]['password']);
if ($pve2->login()){
    //$vncproxy = $pve2->post("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncproxy");
    //$vncwebsocket = $pve2->get("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncwebsocket", array('port' => $vncproxy['port'], 'vncticket' => $vncproxy['ticket']));
    $pve2->setCookie();
    ?>
    <iframe src="https://<?php print $pve_nodes[$pve_node]['ip'];?>:8006/?console=kvm&novnc=1&vmid=<?php print $pve_vmid;?>&node=<?php print $pve_nodes[$pve_node]['name'];?>" frameborder="0" scrolling="no" width="1024px" height="100%"></iframe>
    <?php
} else {
?>
Login to Proxmox Host failed.
<?php
}
?>
</body>
</html>

result: http://joxi.ru/48AnVvGUNKkyAO.jpg
 
Looks good to me. I'm using 4.0beta but as far as I know there weren't any changes regarding the Authentication or noVNC.

Can you please test it once with the root user? So we can see if it's a permission problem or something else.
 
Looks good to me. I'm using 4.0beta but as far as I know there weren't any changes regarding the Authentication or noVNC.

Can you please test it once with the root user? So we can see if it's a permission problem or something else.
i trying root user, has no effect..
Permissions "api" user: http://joxi.ru/8ZrJyDNTQko7Aj.jpg

if i change username or password to invalid, i see "Login to Proxmox Host failed.". Its worked.
 
Last edited:
I'll try to test it on a 3.4 version later... For now I'm stuck, sorry...
normally. i trying another path: use standart noVNC package, and prox api.
JS open new window at this url:
$vncproxy = $pve->post("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncproxy");
$vncproxy_log = print_r($vncproxy, true);
$vncwebsocket = $pve->get("/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncwebsocket", array('port' => $vncproxy['port'], 'vncticket' => $vncproxy['ticket']));
print "https://kanaka.github.io/noVNC/noVNC/vnc_auto.html?host={$pve_nodes[$pve_node]['ip']}&port=443&password={$vncproxy['ticket']}&encrypt=1&true_color=1&shared=1&view_only=0&path=".urlencode("api2/json/nodes/{$pve_nodes[$pve_node]['name']}/qemu/{$pve_vmid}/vncwebsocket?port={$vncproxy['port']}&vncticket={$vncproxy['ticket']}")."";

but have error "Server disconnected (code: 1006)"
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!