noVNC from API - Cookie

Ulrar

Active Member
Feb 4, 2016
37
1
28
32
Hi,

I'm currently writing an Haskell library for the Proxmox API, and I want to use it for a few web apps soon.
I'm looking at how to implement the noVNC console, but as I understand it you need to query the link with the PVEAuthCookie cookie set, from the end user. Is that right ?

That's a huge problem, I can't have the user open his developer console, grab the cookie and make other requests for two hours :/
Even having a user with only that rights, that still means one user can get access to some other user's VM. And I really don't want to handle one account per user, that'd be a nightmare to handle.
Is there another solution, or do I have to forget about the console ?

Ideally you'd need something like an API endpoint that would generate a one-time auth cookie usable only for the requested noVNC console, I think.
I guess another solution would be to proxy the connection from the client through the server to the proxmox node, adding the cookie on the server, but I'm not sure how I'd do that, that sounds overly complicated.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!