Opening Proxmox ports

[kokoticek]

Already read in the wiki about the ports Proxmox uses.

If wanting to access Proxmox GUI and VMs from outside LAN -internet-, I guess I'd need to allow all GUI, noVNC and Spice proxy ports in router. But, is this secure? Aren't those ports already widely known in the world just like SSH, httpd or RDP ports?

Wouldn't I need to change the default ports? How?

 

[msalwe]

You can open only 8006 to gui and access everything in browser. It is not necessary to open noVNC ports. As for spice you need to configure the port in VM and then redirect it. If you don’t need ssh of individual machines then 8006 is sufficient if you want access ssh on VM then you need to map port 22 of the VM to some other port of your public ip then you can access the ssh of VM individually on that port from outside. Of course you need to do these config in firewall or router. Still better install a pfsense firewall inside a VM and then you can easily manage the ports. Bridge the router with pfsense. I am assuming you are having a single public ip.

 

[kokoticek]

So if I open port 8006 I can acces the web GUI *and* from it the noVNC/SPICE consoles for all VMs?

And, would it be advisable to change default GUI port, or is it stillnot very known like the other standard ports such as SSH 22, httpd 43, etc?

 

[fabian]

If you are worried about exposing the web interface, I suggest making it only accessible via a VPN.