Proxmox api vncwebsocket

aIdiot

Member
Jul 19, 2020
1
0
6
19
Hey guys :),

I am currently trying to embed a console into a website.
from what I read to this point the way to do it is :
POST /api2/json/nodes/{node}/qemu/{vmid}/vncproxy
GET /api2/json/nodes/{node}/qemu/{vmid}/vncwebsocket
- vncticket = ticket from previous request ; port = port from previous request

The first part works just fine.(I get a ticket in following format : PVEVNC:xxxxxxxx==)
The second part is where stuff breaks for me. To this point I got a 401 - invalid PVEVNC ticket any time I tried it.

Another thing I read about was adding websocket = 1 to the first request.
That didn't change anything in my case either.

I would be very happy for some ideas on how to fix it!;)
 
Hi,
the ticket for vnc has to be used within 40 seconds. If you tried things manually, might you have taken longer? Otherwise, is the parameter properly URL-encoded in the request URL?
 
Hi,
one of mine is
Code:
wss://192.168.20.141:8006/api2/json/nodes/rob1/qemu/172/vncwebsocket?port=5900&vncticket=PVEVNC%3A60263D1E%3A%3AnErraPfEh8eHfhizjF0uBq3mbbsyqqckTYSZQlmW7RfA2C%2Fb6ueq%2BEWE3K6PZ9Pwu2PiDAFTK2Qd43ppPY%2BLQBgI7uIuQgkA8PGn6BIajKvrxeR%2F%2Fd2YMo2kJ4QOthnxVmWnrbRTa6f3wdoE085csAgVmIpb3unr%2FMyhbQoQENQrXtSTFW5%2B5AtLNPk3k41HS%2B6c9k6iNbrXJ3YonPFJGdFdZxbL4dXb%2FxEUIPQV3UK9fFUwX2a3euHAPgRd%2BzJsI896oq90ZovOvjWuUchilL5YturZr%2BW9dQyOZ7KbRLj4vQkdEMNMAFQuZTQzoTfivNH5P8spemVMQi1itZndzQ%3D%3D
 
PVE does use a few modifications on top of the upstream noVNC. But in principle it should work if you have the PVEAuthCookie and are use the correct options for the WebSocket with the vanilla noVNC, namely Encrypt set, Host your host, Port 8006 and the percent-encoded Path:
Code:
api2/json/nodes/<node>/qemu/<id>/vncwebsocket?port=5900&vncticket=PVEVNC%3A60...
Of course you'd have to be fast enough before the vncproxy started by the original request times out.

What exactly is your use case, i.e. why not just connect via the WebUI?
 
  • Like
Reactions: aIdiot
Proxmox host's ip is not publicly accessible (NAT/Firewall) but only via internal VPN.
We want vnc to be accessible via proxy so that we can integrate it in our website for our customers
 
But you have to tell the host to start the VNC websocket in some way, either via the vncproxy API call (the timeout is actually 10 seconds) or doing it manually (using the qm vncproxy command and creating a socket, see here for how PVE does it internally). Once you have that socket, you can try and forward the connection.
 
Hi, Fabian; I build a shell script with my Proxmox nodeJS API to connect to all my VM in command lines.

For now, it's working with a command like this:

./spice 1 4 6 8 50-55

Will spice viewer on VM 1 4 6 8 50 51 52 53 54 55; each VM can be on a different Proxmox host.

It works nice, but since I switch to macOS X, I do not have any working spice-client, so I tried to implement a --vnc option.

But I do not know how to connect to my VNC server, I would like to use a standard vnc client, but they only support user + password authentification.

So I want to use noVNC, but I'm not sure the official version can works.


I should create a new HTML file on disk and open it with a browser, but I do not think a file:// can connect to a wss:// due to security restrictions.
I can also open a localhost server to host the HTML content, and maybe I will have to forward the WebSocket stream to my client.

I'm sure that it is doable, but since I have no idea of the noVnc + ticket authentication, it doesn't look straightforward.

I downloaded noVNC-1.2.0 that contains a noVNC-1.2.0/vnc.html that supports some get parameter, but out of the box, I think it only supports a target and password parameters.
 
Hi,

im facing the same problem, im trying to embed novnc in userpages. wss request looks the same as Fabians_E, PVEAuthCookie is set, proxmox syslog starts vncproxy but no luck on novnc side of things. I was looking for answers in proxmox novnc implementation and cant figure it out what am i missing. Host is my host, port 8006, path - percent encoded api2/json/nodes.. with vnc ticket and port as said in #6 comment in this thread.

So far i have done:
- POST /api2/json/nodes/{node}/qemu/{vmid}/vncproxy
- GET /api2/json/nodes/{node}/qemu/{vmid}/vncwebsocket
- use ticket and port from prev calls to create: wss://{domain}:8006/api2/json/nodes/pmx-hdd01/lxc/23012/vncwebsocket?port=5905&vncticket=PVEVNC%3A61B1E24B%3A%3AgBVTCBtxGIMBtyXvnEEQReqpjUS%2BlBe5IylnFOaB57FjIpKZxB9fKlrXGv5%2BsgRcM7rsBV%2Fztp8tmFJdxE%2BCeSEHjEHVu8iFtm87S%2BtK7bxtRvyauI9Ltbj7VyriLpRI9bXOGYwDTxwp4lx5ilxmd6yXk468EWpCiihGQy0lwDTGXW%2FiEHBhNkFnBBrxkA0sDKPRHZ8B8lozItcuFE2lIwwuFew0Xs7CLGhpaBzUn6RkZS%2FvLKUm2ywZNfMSekVprXpNgs4W8BDQIKBi05OjeOrHiVOc7Nw3Wo5qmLkmsth%2Fk%2FjqidO1dmtUAUS0QxUC24OikZ6KwxG8asr67IXYoA%3D%3D after that novnc dies (Something went wrong, connection is closed - 1006)

Im using vncticket as RFB credentials - password.

Is there something else i should change in RFB in vanila novnc to keep it moving?

Cheers, David.
 
  • Like
Reactions: MihaG
Hi,

im facing the same problem, im trying to embed novnc in userpages. wss request looks the same as Fabians_E, PVEAuthCookie is set, proxmox syslog starts vncproxy but no luck on novnc side of things. I was looking for answers in proxmox novnc implementation and cant figure it out what am i missing. Host is my host, port 8006, path - percent encoded api2/json/nodes.. with vnc ticket and port as said in #6 comment in this thread.

So far i have done:
- POST /api2/json/nodes/{node}/qemu/{vmid}/vncproxy
- GET /api2/json/nodes/{node}/qemu/{vmid}/vncwebsocket
- use ticket and port from prev calls to create: wss://{domain}:8006/api2/json/nodes/pmx-hdd01/lxc/23012/vncwebsocket?port=5905&vncticket=PVEVNC%3A61B1E24B%3A%3AgBVTCBtxGIMBtyXvnEEQReqpjUS%2BlBe5IylnFOaB57FjIpKZxB9fKlrXGv5%2BsgRcM7rsBV%2Fztp8tmFJdxE%2BCeSEHjEHVu8iFtm87S%2BtK7bxtRvyauI9Ltbj7VyriLpRI9bXOGYwDTxwp4lx5ilxmd6yXk468EWpCiihGQy0lwDTGXW%2FiEHBhNkFnBBrxkA0sDKPRHZ8B8lozItcuFE2lIwwuFew0Xs7CLGhpaBzUn6RkZS%2FvLKUm2ywZNfMSekVprXpNgs4W8BDQIKBi05OjeOrHiVOc7Nw3Wo5qmLkmsth%2Fk%2FjqidO1dmtUAUS0QxUC24OikZ6KwxG8asr67IXYoA%3D%3D after that novnc dies (Something went wrong, connection is closed - 1006)

Im using vncticket as RFB credentials - password.

Is there something else i should change in RFB in vanila novnc to keep it moving?

Cheers, David.
Hello,

I also have the same problem as David. So is there any information about this? Thanks.

Regards,
 
With pve6 i used scheme like this:
Call to vncproxy, get port and ticket then call to vncwebproxy?port=port&ticket=ticket

Then in php - setcookie('PVEAuthCookie', here the cookie from call to api2/json/access/ticket
And opened in browser https://myhostip:8006?console=kvm&vmid=100&node=nodename&....
And all worked fine. With pve7 the above address returns pve gui with "search" tab opened...
 
I have a working POC solution. My use case consists of a small custom go web-server which delivers the noVNC client and works as like a websocket reverse proxy. Here is a simple explanation what the go server does:
  1. Receive a new websocket connection from noVNC
  2. Create a new VNCProxy via the ProxmoxAPI ( POST /api2/json/nodes/{node}/qemu/{vmid}/vncproxy )
  3. Create a websocket to the ProxmoxAPI with the vncproxy credentials received earlier
  4. Merge both websockets for bidirectional communication

Things that I found out during development:
  • The POST Request to ".../vncproxy" needs the following Payload: ( generate-password: 1, websocket: 1 )
  • The ProxmoxVNC websocket needs the "Authorization" header with the ProxmoxAPI token. The connection URL looks like this:
    "wss:// <hostname:port> /api2/json/nodes/ $NODE /qemu/ $VMID /vncwebsocket?port= $CONSOLE_PORT &vncticket="+ url.QueryEscape( $CONSOLE_TICKET )
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!