Possible to change Proxmox default port now?

You can also change it via iptables, e.g. add this to your network device in /etc/network/interfaces:

Code:
post-up iptables -t nat -A PREROUTING -d <your-ip> -p tcp --dport 443 -j REDIRECT --to-port 8006 || true
 
This guide is useless, because I still can access 8006, so do the Hacker sir :) and put nginx mean give more oppurtunity for hacker, also make additional server load
You should not expose the port to the world, so as long as it faces to the public, it can be attacked independend of the used port. There are only 65536 ports that are blazingly fast scanned for a running HTTP(s) server.
 
You should not expose the port to the world, so as long as it faces to the public, it can be attacked independend of the used port
Corect!

What you can do:


1. Use any decent VPN:
- on PMX node(not so good), and expose 8006 only for VPN and for your LAN
- or, better is to setup a VPN on your border router

2. Port Knocking
- on PMX node
- better, on your border router

3. More secure then 1. and 2(IMHO)
- Mikrotik as border router
- access on border router only for a few DDNS clients(admin PC) who will be able to connect with a VPN to any PMX host

In the last case I have not see any "stranger" connections during several years.


Good luck / Bafta !
 
Last edited:
  • Like
Reactions: panchuz
Why does Proxmox use port 8006 instead of the standard port 443?
It makes things complicated in VPNs if users have to remind the additional port.
 
  • Like
Reactions: reukiodo
3. More secure then 1. and 2(IMHO)
- Mikrotik as border router
- access on border router only for a few DDNS clients(admin PC) who will be able to connect with a VPN to any PMX host
Great idea!!! Thanks
Any guide and/or tip on implementing this access restriction on software for not-Mikrotik users?

My router won´t allow anything but a static ip for connection source whitelisting.:confused:
 
After a lot of digging, found out that I can reset the webui to run on port 443 like it used to in Proxmox 2 and earlier. As this is weirdly a hard-coded value, it takes a lot more editing than a simple config change.

Code:
# Change Proxmox default port
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Firewall.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Cluster/Setup.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/APIServer/AnyEvent.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/API2/LXC.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/API2/Qemu.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/APIClient/LWP.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/CLI/pct.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/CLI/qm.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Service/pveproxy.pm
echo 'net.ipv4.ip_unprivileged_port_start=0' > /etc/sysctl.d/50-unprivileged-ports.conf
reboot
 
Why does Proxmox use port 8006 instead of the standard port 443?
There is no "Proxmox". Proxmox VE uses 8006 and Proxmox Backup Server 8007. And you can run both in parallel bare metal on the same host. Wouldn't work if both webUIs would use the default port 443.
Code:
# Change Proxmox default port
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Firewall.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Cluster/Setup.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/APIServer/AnyEvent.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/API2/LXC.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/API2/Qemu.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/APIClient/LWP.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/CLI/pct.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/CLI/qm.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Service/pveproxy.pm
echo 'net.ipv4.ip_unprivileged_port_start=0' > /etc/sysctl.d/50-unprivileged-ports.conf
reboot
That doesn't look like a reliable solution. I would guess a upgrade could revert your changes and might even lock you out from the webUI.
 
Last edited:
Hi,

echo 'net.ipv4.ip_unprivileged_port_start=0' > /etc/sysctl.d/50-unprivileged-ports.conf

This is not a safe setting ....

Good luck / Bafta !
 
After a lot of digging, found out that I can reset the webui to run on port 443 like it used to in Proxmox 2 and earlier. As this is weirdly a hard-coded value, it takes a lot more editing than a simple config change.

Code:
# Change Proxmox default port
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Firewall.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Cluster/Setup.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/APIServer/AnyEvent.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/API2/LXC.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/API2/Qemu.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/APIClient/LWP.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/CLI/pct.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/CLI/qm.pm
sed -i 's|8006|443|g' /usr/share/perl5/PVE/Service/pveproxy.pm
echo 'net.ipv4.ip_unprivileged_port_start=0' > /etc/sysctl.d/50-unprivileged-ports.conf
reboot
Looks much easier and better maintainable than just using one iptables from above.
 
  • Like
Reactions: reukiodo
That doesn't look like a reliable solution. I would guess a upgrade could revert your changes and might even lock you out from the webUI.
Which is why I've put it into a script to run after any upgrades, so any upgrade that reverts the hard-coded port will be corrected after it is overwritten.
I am offering my solution to this 'problem' that others also see in changing the default port, for whatever their reasons are. It would be much better (reliable) solution to just make the port configurable so users can set it to the port they choose, and I respect that the developers would have their own ideas on why it is hardcoded.
 
  • Like
Reactions: PDXPunkRawky
I would suggest leaving the proxmox configuration alone, and rather than trying to "fix" something that isn't a problem, simply create a proxy that does what you want it to do.

I use haproxy (on pfsense) to direct incoming host.domain requests to their appropriate servers and ports.

Don't try to reinvent the wheel.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!