Proxmox VE 3.0 - How change default web interface port ?

[Rokin]

Hi,

Before upgrading my master server to Proxmox VE 3.0 i look how change the ports 8006 for another but i not found.
I have see a hardcoder port in /usr/bin/pveproxy file but not sur if is here.

how can modify this ?

thank you and sorry for my bad english :x

 

[udo]

Hi,
not realy changing the port, but what's about pound as reverseproxy? (But I don't know if you can use https after pound... in my configs pound is the https-terminator).

Udo

 

[Rokin]

Hi
I have Varnish in a VM, but this is not really the solution I'm looking for.
I have try to modify port in /usr/bin/pveproxy and it's work (not seen error in log), but I do not know if this is consilller.

 

[Breeze]

It's been almost a year since this thread was started, and still, there seem to be no way to reliably change the default pveproxy port without changing it in the executable itself - which is overwritten with every pveproxy update.
I'd like to hear from developers - is it really that hard to define a web-interface port in a configuration file, that does not get overwritten?

 

[dietmar]

It's been almost a year since this thread was started, and still, there seem to be no way to reliably change the default pveproxy port..

There are no plans to make that configurable.

 

[apmuthu]

# dpkg -S pveproxy
pve-manager: /var/log/pveproxy
pve-manager: /usr/share/man/man1/pveproxy.1.gz
pve-manager: /usr/bin/pveproxy
pve-manager: /etc/init.d/pveproxy

Hence we need to compile the pve-manager with our defaults and install from our local repo and / or blacklist it from being installed from the pve repos.

Any reason for not making it configurable and remaining easily guessable (promotes hacking by brute force on reduced target space)?

 

[tom]

# dpkg -S pveproxy
pve-manager: /var/log/pveproxy
pve-manager: /usr/share/man/man1/pveproxy.1.gz
pve-manager: /usr/bin/pveproxy
pve-manager: /etc/init.d/pveproxy

Hence we need to compile the pve-manager with our defaults and install from our local repo and / or blacklist it from being installed from the pve repos.

Any reason for not making it configurable and remaining easily guessable (promotes hacking by brute force on reduced target space)?

You cannot prevent hackers by just changing the port, there are a lot of others - by way more useful - ways to prevent this.

Of course, our devs can implement this but honestly, this is just a quite useless feature for 99,99% of our user base, therefore I guess its not on the highest priority.

 

[apmuthu]

You cannot prevent hackers by just changing the port, there are a lot of others - by way more useful - ways to prevent this.

Of course, our devs can implement this but honestly, this is just a quite useless feature for 99,99% of our user base, therefore I guess its not on the highest priority.

I did not state that it will prevent hacking, only that it reduces the time to hack due to reduced target permutations to brute force. Just provided ways to accommodate it for anyone with sufficient programming knowledge to do it in the absence of "devs" interest / priority in getting it done.

Thankyou for stating the devs interest in this feature. Just do a poll on the vote for this feature and see if it is anywhere near 99.9% negative.

 

[Drag_and_Drop]

Hacking isnt the only reason why you may want to change it. I must change it, because all ports accept 80 and 443 are blocked from my company network.

By the way, there are 2 Ways to change the Port.
For me, I prefer the first one.

1.
iptabels:

iptables -t nat -I PREROUTING --src 0/0 --dst "YourIPAdress/DNSName"  -p tcp --dport 443 -j REDIRECT --to-ports 8006

You can also set a specific network card with "-i eth0" instad of "--src" or a specific source IP or a range within "--src"




2. : https://thomasmuguet.info/notes-201...vironment-changing-port-of-web-interface.html

This gets lost when a new version of pveproxy is installed, so this operation needs to be done after every update of proxmox...

So 2. is a bad solution.

 

[Logan_Rocks]

Any way to make this work with the current proxmox? i want to be able to use port 443

 

[Drag_and_Drop]

Iptabels should work at any time. Im using this with 4 different hosts and its working even with 5.0 Beta

 

[Alistair]

I'm struggling to get the iptables method to commit properly and if the server reboots, the settings are lost.
What am I missing?

 

[Drag_and_Drop]

Thats normal. iptabels rules are lost every reboot by default. If you want to keep it:
https://www.thomas-krenn.com/en/wiki/Saving_Iptables_Firewall_Rules_Permanently

 

[gregw]

+1 for making it an option or documenting where to change.

Of course, our devs can implement this but honestly, this is just a quite useless feature for 99,99% of our user base, therefore I guess its not on the highest priority.

I'd like to add myself to the list of the 00.01% who want this as a definable. It's a PITA not being able to define it easily and there are lots of situations where people in "real" environments would like this as an option. I would agree 99.99% of home users wouldn't care.

greg

 

[Dimitar Yanakiev]

Well for example i would like my panel to go throught cloudflare i guess i have to use nginx to proxy the request firstly?

 

[tom]

Well for example i would like my panel to go throught cloudflare i guess i have to use nginx to proxy the request firstly?

this thread is about Proxmox VE 3.0, totally outdated. please do not reactivate old and outdated posts.

check https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

if you have further questions, pls open a new thread.

 

[Dimitar Yanakiev]

this thread is about Proxmox VE 3.0, totally outdated. please do not reactivate old and outdated posts.

check https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

if you have further questions, pls open a new thread.

My bad sorry, this worked perfectly!