I have a provisioning system that creates VMS gives the users access to shutdown start see the graphs set firewall rules etc. I also want to give them a VNC console . I did not want to give them access to the Proxmox or create users for them as all if through the remote system ( But it was not to be because of the noVNC and web sockets )
Anyway after much trying I got it to work use stock noVNC from
the wss:// url is a link to the API in VNC you set
host your proxmox host
port the promox port eg 8006
path the API url like api2/json//nodes/promox1/qemu/279/vncwebsocket?port=5900&vncticket=ticket from previous call
First you call api2/json//nodes/promox1/qemu/279/vncproxy
This will give you a ticket that ticket is the Password for VNC ( non url encoded ) in the wss call it needs to be URL encoded
Now the problem comes you need a cookie and I found that is I created that ticket via my API call and that API logon user was not the same user and the one used in the wss link I would get a http auth error.
So finally this is what i did first I created a user@pve with PVEVMUser permissions and added the VM's that was theirs against that user.
Then on my remote app I called the API to get the ticket using that user I also set a cookie in the browser based on the /access/ticket results
Then I displayed the novnc page and set the path host etc as above and it now works
One thing when you create the call to vncproxy you need to set websocket = true else you get error code 19.
The second major problem was the cookie lucky this is my development system so I set the proxmox hosts with a subdomain eg like node1.mydomain.com node2.mydomain.com and my provisioning system in the same domain like remote.mydomain.com that way I can set the PVEAuthCookie to work on the same domain.
So if they do go to the proxmox URL they are logged on but can only access their own VM's .
But I plan to create a proxy for websock to only allow access for noVNC
I was disappointed that I had to create the users in Proxmox though as I had hoped not to have to do that as they only have remote access through our control panel and all the other API calls all work find.
I had thought that the ticket from vncproxy would have been enough to AUTH them for the VNC proxy It would be nice if that could be done then I would not need to mess about with these cookies and create users in Proxmox ( I m doing all via the API and it works but its just more code to create )
Anyway I hope this helps someone the next challenge is the xterm.js but it should be easy now I know how things work
Anyway after much trying I got it to work use stock noVNC from
the wss:// url is a link to the API in VNC you set
host your proxmox host
port the promox port eg 8006
path the API url like api2/json//nodes/promox1/qemu/279/vncwebsocket?port=5900&vncticket=ticket from previous call
First you call api2/json//nodes/promox1/qemu/279/vncproxy
This will give you a ticket that ticket is the Password for VNC ( non url encoded ) in the wss call it needs to be URL encoded
Now the problem comes you need a cookie and I found that is I created that ticket via my API call and that API logon user was not the same user and the one used in the wss link I would get a http auth error.
So finally this is what i did first I created a user@pve with PVEVMUser permissions and added the VM's that was theirs against that user.
Then on my remote app I called the API to get the ticket using that user I also set a cookie in the browser based on the /access/ticket results
Then I displayed the novnc page and set the path host etc as above and it now works
One thing when you create the call to vncproxy you need to set websocket = true else you get error code 19.
The second major problem was the cookie lucky this is my development system so I set the proxmox hosts with a subdomain eg like node1.mydomain.com node2.mydomain.com and my provisioning system in the same domain like remote.mydomain.com that way I can set the PVEAuthCookie to work on the same domain.
So if they do go to the proxmox URL they are logged on but can only access their own VM's .
But I plan to create a proxy for websock to only allow access for noVNC
I was disappointed that I had to create the users in Proxmox though as I had hoped not to have to do that as they only have remote access through our control panel and all the other API calls all work find.
I had thought that the ticket from vncproxy would have been enough to AUTH them for the VNC proxy It would be nice if that could be done then I would not need to mess about with these cookies and create users in Proxmox ( I m doing all via the API and it works but its just more code to create )
Anyway I hope this helps someone the next challenge is the xterm.js but it should be easy now I know how things work