Proxmox apache2 proxy novnc

M

m4rek11

Member
Jan 3, 2020
27
1
8
34
Hello!

TL;DR:
Using this link I configured access to proxmox by apache2 proxy. Is possible to allow only for novnc console without exposed to the world through proxy my proxmox?

Full description:
I have thirdy-part app to manage Proxmox by web gui. In that app, when I create VM (by that app), I got "console" button, when I click that button, console shows up.

On that app I configured connection to proxmox by input user (login, pass - proxmox ve auth) and host - it is my proxmox local IP address. Problem is with console, because console browser popup is by local IP proxmox address, so from external network console windows will not show up.

As an optional config on that app I can input separattly link to the console.

I though that proxy may be solution that problem, so I configured all by this link.
But then proxmox is exposed to the world through that proxy, and I want to limit that to the console only. It is possible? How can I do that? I will be greatfull for any tips.

My proxmox is in newest version and proxy is on other VM apache 2.4.1 Ubuntu Server 20.04.
 
I think I will reach the same for nginx with this link as I did with apache (not tested by me yet), but still proxmox will be exposed to the world through nginx proxy, right? Unfortunately, this is not a good solution for me, I only care about novnc. Anyone? I will be greatfull for any tips.
 
if you want to expose the vms consoles, you have 2 possibillities

1. expose the api + built in novnc
the user needs to be logged into the pve webui and access to the api needs to be there, otherwise the built in novnc cannot request a token

2. build a custom proxy software that only exposes novnc
this is not trivial to implement but the basics would be:
* implementing some user authentication (can probably be proxied to pve?)
* expose some minimal api that exposes a websocket connection that is proxied to the pve one
* expose a custom novnc client that does not use the pve api for creating the websocket, etc.
 
  • Like
Reactions: m4rek11
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back