[SOLVED] Proxmox VNC behind HAProxy

[Zeash]

Hi, I'm trying to set up HAProxy (v2.6.12) as a reverse proxy for 2 Proxmox VE servers (v8.1.3).

The web UI works fine, but connections to noVNC consoles break randomly, sometimes every ~15 seconds, sometimes every minute or so, sometimes 10 times over the course of 2 seconds. It's incredibly inconsistent.

The current HAProxy config looks like this:

global
  log stdout syslog
 
defaults
  log global
  timeout client 300s
  timeout server 300s
  timeout connect 5s
  timeout http-request 5s

frontend http_front
  bind :80
  mode http
  option httplog
  redirect scheme https code 301 if !{ ssl_fc }

frontend https_front
  bind 192.168.100.20:443 ssl crt /etc/haproxy/certs
  mode http
  option httplog
  http-request redirect location https://%[hdr(host)].local.domain.com%[pathq] if !{ hdr_sub(host) -i local.domain.com }
  ...
  use_backend pve if { hdr(host) -i pve.local.domain.com }

backend pve
  mode http
  balance roundrobin
  option http-server-close
  cookie SERVER insert indirect nocache
  option forwardfor
  timeout tunnel 1h
  http-request set-header X-Forwarded-Port %[dst_port]
  http-request add-header X-Forwarded-Proto https if { ssl_fc }
  server pve-0 192.168.100.40:8006 ssl verify none check port 8006 inter 5s rise 2 fall 2 cookie pve-0
  server pve-1 192.168.100.41:8006 ssl verify none check port 8006 inter 5s rise 2 fall 2 cookie pve-1

...

If the backend section looks cluttered it's because I tried many different solutions, but to no avail. The cookies are definitely necessary, as everything breaks without them.

TIA. Any help is much appreciated. If you need any more info just ask.

 

[Zeash]

It seems to have been a hardware fault of the HAProxy host's SSD. My bad for not realizing that!

For anyone reading this in the future, the cookie related settings are the only important bits to making the web UI and noVNC work.