Proxmox 3.0 web ui on port 443 instead of 8006

deranjer

Active Member
Dec 28, 2010
50
1
28
I would like to change the webui port on my Proxmox 3.0 installation to port 443, not 8006.

I notice it is hardcoded in pveproxy, and changing the port to 443 gives the following error:

pveproxyunable to create socket - IO::Socket::INET: Permission denied

This appears to be running as www-data, and I CAN change the port to some of the higher ports like 8007 or 9000, but not any of the lower ports.... do you know what might be causing this, and is it possible to change the port to 443?

Thanks!
 

schadel

New Member
May 31, 2013
2
0
1
Ukraine
Hi! You can just use iptables to remap incoming packets from port 443 to port 8006.
iptables -t nat -I PREROUTING -d <server ip> -p tcp --dport 443 -j DNAT --to-destination <server ip>:8006
 

deranjer

Active Member
Dec 28, 2010
50
1
28
Hi! You can just use iptables to remap incoming packets from port 443 to port 8006.
iptables -t nat -I PREROUTING -d <server ip> -p tcp --dport 443 -j DNAT --to-destination <server ip>:8006

Thanks! I tried this and it works great, thanks for the help!
 

deranjer

Active Member
Dec 28, 2010
50
1
28
Warning! Anyone that uses this needs to carefully work this out, as more research is needed. I had an OpenVZ container running on venet, and for some reason could not wget/connect/lynx to ANYTHING ON PORT 443, which made some of my applications break... after a little bit of trying to figure this out it immediately struck me that this was the reason! All of my 443 requests were getting IPTABLED on 10.10.10.150 before they ever got to 10.10.10.151. Going to do a little bit more research on IPTABLES to see if I can filter for source/originating IP somehow... Just thought I might save someone a little bit of annoyance!
 
  • Like
Reactions: naisanza

mir

Famous Member
Apr 14, 2012
3,559
120
83
Copenhagen, Denmark
You can filter incoming on either interface or IP.

IP: [!] -s, --source address[/mask][,...] Exclamation mark means not
Interface: [!] -i, --in-interface name Exclamation mark means not
 

schadel

New Member
May 31, 2013
2
0
1
Ukraine
Of course you must exactly define packets intended only to your Proxmox server. Use for definition following options in your iptables rules:
-s (source ip) to identify from which host you access Proxmox GUI
-d (destination ip) to identify ip of your Proxmox server. If there are some other servers with this ip it relates to it also
-i (incomming interface) to define interface(s) on which you will (or will not) redirect traffic.

... maybe some other options depending on your configuration
 

taraizkhan

New Member
Jan 5, 2015
1
0
1
Hi Guys,

I'm new to this forum and new to Proxmox and Linux.

I want to change management port 8006 to 80 or 443. I have build a server at home and I want to access it from outside. As I do not have background in Linux command, I'm unable to execute any of the command in proxmox shell. Can I please ask someone to help me to provide commands or refer to somewhere to fix it. Appreciate your help.
 

shyju

Member
Jul 30, 2015
7
2
23
My configuration

/sbin/iptables -t nat -A PREROUTING -p tcp --dport 443 -j REDIRECT --to-ports 8006 -i vmbr0

iptables-save > /etc/iptables.rules



Edit /etc/network/if-pre-up.d/iptablesload and put following lines into it.
#!/bin/sh
iptables-restore < /etc/iptables.rules
exit 0




chmod 755 /etc/network/if-pre-up.d/iptablesload

Install Redirect HTTPD
http://sourceforge.net/projects/redirect-httpd/?source=navbar

apt-get install gcc and xinetd
untar the file make & make install

Edit /etc/xinetd.conf add

service rhttp
{
disable = no
flags = IPv4
port = 80
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/local/sbin/in.rhttpd
}

Edit /etc/services
Comment http and add rhttp

rhttp 80/tcp # Forward Proxmox port

Edit the URL in /usr/local/rhttpd/redirect

and put https://<proxmoxserverurl>

<proxmoxserverurl> is the proxmox server IP or Name.


Reboot the server
 

naisanza

Member
Aug 11, 2016
31
1
6
Warning! Anyone that uses this needs to carefully work this out, as more research is needed. I had an OpenVZ container running on venet, and for some reason could not wget/connect/lynx to ANYTHING ON PORT 443, which made some of my applications break... after a little bit of trying to figure this out it immediately struck me that this was the reason! All of my 443 requests were getting IPTABLED on 10.10.10.150 before they ever got to 10.10.10.151. Going to do a little bit more research on IPTABLES to see if I can filter for source/originating IP somehow... Just thought I might save someone a little bit of annoyance!

I'm having the same issue right now. Trying to port-forward incoming requests to port 80 and 443 to a container, but it's not working. AFAIK the vanilla web-interface doesn't have a way to change this behavior
 

LnxBil

Famous Member
Feb 21, 2015
6,465
817
163
Saarland, Germany
@mir posted the correct addition 3 years ago: Interface or ip-based rules.

I'm forwarding 80 and 443 to a container too on one Proxmox box, so it works perfectly. You have to use the official IP as destination address and then DNAT the packages to the container. The packages from the container (the answer packages) need to be snat'ed, so you need rules for that too. Ah, and do not forget the firewall: If you use the PVE firewall, you need to add rules for the host and the guest too.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!