Hi, I'm trying to proxy proxmox with apache to my website as a subdirectory, as I cannot create a subdomain. Is there any way to do this? I'm new to apache so I am unsure of how to do this myself. I've used ProxyPass and Proxypassreverse but many parts of the web interface are broken.
Proxying Proxmox With Apache?
- Thread starter Eile_Kerning
- Start date
-
- Tags
- apache2
It's been a while since I worked on this config and I'm looking at just one of my vhosts files that I used to get my apache reverse proxy setup for PVE. I think the following is an example of my best working vhost config for PVE in an apache reverse proxy:
Code:
# LOCAL/VPN PROXMOX
<VirtualHost *:443>
ServerName domain.com
<Location />
# ALLOWED IP/SUBNETS
Require ip 192.168.1.0/24
Require ip 10.10.0.0/24
</Location>
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ServerAlias proxmox.domain.com
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /path/to/certificate/domain.com.cer
SSLCertificateKeyFile /path/to/key/domain.com.key
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyRequests Off
ProxyPreserveHost On
<Location />
ProxyPass https://192.168.1.100:8006/
ProxyPassReverse https://192.168.1.100:8006/
</Location>
<LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
ProxyPass wss://192.168.1.100:8006/$1 retry=0
</LocationMatch>
<Location /websockify>
ProxyPass ws://192.168.1.100:8006
ProxyPassReverse ws://192.168.1.100:8006
</Location>
</VirtualHost>
Whoops! I completely forgot I made this post, sorry. That seems like a great config, unfortunately, the issue is that only works on a subdomain. I can't create a subdomain so everything for me has to be in a subdirectory, which ends up screwing up the requests for everything, as it's looking for files at $Website.com/pve2 instead of $Website.com/proxmox/pve2
Hello, I have been trying various configs and they work, to some degree. Does anyone have a config where consoles/shell would be accessible trough reverse proxy?
I have tried:
No matter how I do it I cannot access consoles. Only port going inside network is 443 (to reverse proxy). I do not want to open port 8006. Any idea what am I doing wrong or how to do it?
EDIT: ProxMox task:
TASK ERROR: connection timed out
I have tried:
Code:
<VirtualHost *:443>
ServerName prox.atsome.where
ServerAdmin my@mail.com
RequestHeader unset Accept-Encoding
ProxyRequests Off
ProxyPreserveHost On
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerExpire off
ErrorLog ${APACHE_LOG_DIR}/prox-error.log
CustomLog ${APACHE_LOG_DIR}/prox-access.log combined
SSLEngine on
SSLCertificateFile /certbot/fullchain.pem
SSLCertificateKeyFile /certbot/privkey.pem
ProxyPreserveHost On
ProxyPass / https://X.Y.Z.10:8006/
ProxyPassReverse / https://X.Y.Z.10:8006/
RewriteEngine on
RewriteCond %{HTTP:Upgrade} websocket [NC]
RewriteCond %{HTTP:Connection} upgrade [NC]
RewriteRule ^/?(.*) "wss://prox.atsome.where:8006/$1" [P,L]
<LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
ProxyPass wss://X.Y.Z.10:8006/$1 retry=0
</LocationMatch>
<Location /websockify>
ProxyPass ws://X.Y.Z.10:8006
ProxyPassReverse ws://X.Y.Z.10:8006
</Location>
</VirtualHost>
Code:
<VirtualHost *:443>
ErrorLog ${APACHE_LOG_DIR}/prox-error.log
CustomLog ${APACHE_LOG_DIR}/prox-access.log combined
ServerAlias prox.atsome.where
RequestHeader set X-Forwarded-Proto https
RequestHeader set X-Forwarded-Proto expr=%{REQUEST_SCHEME}
SSLEngine On
SSLProxyEngine On
SSLCertificateFile /certbot/fullchain.pem
SSLCertificateKeyFile /certbot/privkey.pem
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyRequests Off
ProxyPreserveHost On
<Location />
ProxyPass https://X.Y.Z.10:8006/
ProxyPassReverse https://X.Y.Z.10:8006/
</Location>
<LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
ProxyPass wss://X.Y.Z.10/$1 retry=0
</LocationMatch>
<Location /websockify>
ProxyPass ws://X.Y.Z.10:8006
ProxyPassReverse ws://X.Y.Z.10:8006
</Location>
</VirtualHost>No matter how I do it I cannot access consoles. Only port going inside network is 443 (to reverse proxy). I do not want to open port 8006. Any idea what am I doing wrong or how to do it?
EDIT: ProxMox task:
TASK ERROR: connection timed out
Last edited:
Sorry, no Apache here: I am using nginx for a generic entry to my cluster with round-robin.
The documentation I followed is this: https://www.jamescoyle.net/how-to/1...gui-with-nginx-over-https-with-load-balancing and there is also a version for Apache linked - from the same guy, so I would expect it to work also.
Perhaps you can find a hint there. Good luck.
The documentation I followed is this: https://www.jamescoyle.net/how-to/1...gui-with-nginx-over-https-with-load-balancing and there is also a version for Apache linked - from the same guy, so I would expect it to work also.
Perhaps you can find a hint there. Good luck.
UdoB: I looked at config from jamescoyle but it looks like a very basic reverse proxy. I think that this part works fine for me, as GUI is accessible. (https://www.jamescoyle.net/how-to/923-reverse-proxy-proxmox-with-apache)
gratuxri: Tried changing ws to wss in both configs I posted, but no changes. GUI works but VNC/shells are timing out.
gratuxri: Tried changing ws to wss in both configs I posted, but no changes. GUI works but VNC/shells are timing out.
Edit the file
In the above config, we are forwarding requests on port 80 to port 443 (https). The SSL certificates are the same as used from the PVE web-gui.
Take care! The folder
Also replace the
With
The folder
Edit the file
If you have not done so, enable these modules on Apache:
Finally restart Apache:
Edit: Got noVNC working because of this post: https://forum.proxmox.com/threads/working-novnc-with-reverse-proxy-on-5-1.43644/
/etc/apache2/sites-enabled/000-default.conf:
Code:
<VirtualHost *:80>
Redirect "/" "https://yourservername/"
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/pve/nodes/pve/pve-ssl.pem
SSLCertificateKeyFile /etc/pve/nodes/pve/pve-ssl.key
ProxyPass / https://localhost:8006/
ProxyPassReverse / https://localhost:8006/
<LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
ProxyPass wss://localhost:8006/$1 retry=0
</LocationMatch>
<Location /websockify>
ProxyPass ws://localhost:8006
ProxyPassReverse ws://localhost:8006
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>In the above config, we are forwarding requests on port 80 to port 443 (https). The SSL certificates are the same as used from the PVE web-gui.
Take care! The folder
/etc/pve/nodes/pve might be named different on your machine, depending on your node name.Also replace the
https://yourservername/ with the correct domain name of your server.With
ProxyPass[Reverse] we are transparently routing traffic to/from port 8006.The folder
/etc/pve/nodes/pve does not exist until PVE is up and running, thus Apache service will fail to start, unless you configure a systemd dependency.Edit the file
/etc/systemd/system/multi-user.target.wants/apache2.service and put pveproxy.service into the After= line:
Code:
After=network.target remote-fs.target nss-lookup.target pveproxy.serviceIf you have not done so, enable these modules on Apache:
Code:
a2enmod proxy
a2enmod sslFinally restart Apache:
Code:
systemctl deamon-reload
systemctl restartEdit: Got noVNC working because of this post: https://forum.proxmox.com/threads/working-novnc-with-reverse-proxy-on-5-1.43644/
Last edited: