We setup an NGINX reverse proxy within the same network as the Proxmox cluster .
NGINX runs as a docker container on a Debian VM on one of the cluster members.
NGINX is getting Let's Encrypt certificates for a domain we specifically ordered.
Internally, a PVE host is reachable by http://pve01.localdomain.lan:8006, but there is no certificate. Obviously.
To overcome this, and also some other services we use internally, we set up an NGINX server which gets certificates for redacted-domain.com and *.redacted-domain.com.
We connect to https://pve01.redacted-domain.com, which will then connect us to http://pve01.localdomain.lan:8006.
All works fine, HTTPS connection is up with a valid certificate.
The problem is "noVNC"
When connecting to https://pve01.redacted-domain.com, noVNC would not connect. but say "Failed to connect to server"
Looking at journalctl, we find:
Jul 15 14:08:52 pve01 pvedaemon[2234803]: starting vnc proxy UPID
ve01:002219B3:110FAA3B:66951154:vncproxy:105:root@pam:
Jul 15 14:08:52 pve01 pvedaemon[2225480]: <root@pam> starting task UPIDve01:002219B3:110FAA3B:66951154:vncproxy:105:root@pam:
Jul 15 14:09:02 pve01 pvedaemon[2234803]: connection timed out
Jul 15 14:09:02 pve01 pvedaemon[2225480]: <root@pam> end task UPIDve01:002219B3:110FAA3B:66951154:vncproxy:105:root@pam: connection timed out
How can we fix this?
As I mentioned:
I found some hints on NGUNX running on the PVE host itself (this is not the case here) and a hint about the certificate path.
I guess I have a similar issue here?
noVNC is not connecting since there is an issue with the certificate, which resides on the "external" NGINX reverse proxy?
Is anyone able to provide me a solution to this?
Than would be great.
Thanks
Dan
NGINX runs as a docker container on a Debian VM on one of the cluster members.
NGINX is getting Let's Encrypt certificates for a domain we specifically ordered.
Internally, a PVE host is reachable by http://pve01.localdomain.lan:8006, but there is no certificate. Obviously.
To overcome this, and also some other services we use internally, we set up an NGINX server which gets certificates for redacted-domain.com and *.redacted-domain.com.
We connect to https://pve01.redacted-domain.com, which will then connect us to http://pve01.localdomain.lan:8006.
All works fine, HTTPS connection is up with a valid certificate.
The problem is "noVNC"
When connecting to https://pve01.redacted-domain.com, noVNC would not connect. but say "Failed to connect to server"
Looking at journalctl, we find:
Jul 15 14:08:52 pve01 pvedaemon[2234803]: starting vnc proxy UPID
ve01:002219B3:110FAA3B:66951154:vncproxy:105:root@pam:Jul 15 14:08:52 pve01 pvedaemon[2225480]: <root@pam> starting task UPID
ve01:002219B3:110FAA3B:66951154:vncproxy:105:root@pam:Jul 15 14:09:02 pve01 pvedaemon[2234803]: connection timed out
Jul 15 14:09:02 pve01 pvedaemon[2225480]: <root@pam> end task UPID
ve01:002219B3:110FAA3B:66951154:vncproxy:105:root@pam: connection timed outHow can we fix this?
As I mentioned:
- connecting to http://pve01.localdomain.lan:8006 everything works, including noVNC
- connecting to https://pve01.redacted-domain.com, everything works, EXCEPT noVNC
I found some hints on NGUNX running on the PVE host itself (this is not the case here) and a hint about the certificate path.
I guess I have a similar issue here?
noVNC is not connecting since there is an issue with the certificate, which resides on the "external" NGINX reverse proxy?
Is anyone able to provide me a solution to this?
Than would be great.
Thanks
Dan
