[SOLVED] PVE Console behind NGINX Reverse Proxy

daniel.tremmel

New Member
Jan 29, 2021
7
1
3
Hello,

I hope this is the correct sub-forum. I want to get the PVE console (NoVNC) working in combination with an NGINX reverse proxy. My current NGINX conf is:

Code:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log debug;

events {
    worker_connections  1024;
}
 
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
 
    server {
        listen     80;
        server_name  localhost;
 
        location / {
 
            default_type text/html;
            proxy_set_header Host $http_host;
            proxy_pass https://192.168.10.5:8006$request_uri;

            proxy_ssl_server_name on;
            proxy_ssl_protocols TLSv1.2;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_buffering off;
            client_max_body_size 0;
            proxy_connect_timeout  3600s;
            proxy_read_timeout  3600s;
            proxy_send_timeout  3600s;
            send_timeout  3600s;
        }
    }
}

I already read to enable websockets, but unfortunately it's still not working. When I try to access the console, after 30sec. I get the following error message and the console stays black:

Code:
failed waiting for client: timed out
TASK ERROR: command '/usr/bin/termproxy 5900 --path /vms/445 --perm VM.Console -- /usr/bin/ssh -e none -o 'BatchMode=yes' -o 'HostKeyAlias=pve02' -t root@192.168.10.6 -- /usr/sbin/qm terminal 445 -escape 0 -iface serial0' failed: exit code 1

I'm running a two-node PVE cluster with version 6.3-3. Has anyone every got the console with NGINX working?

Thanks!
 

oguz

Proxmox Retired Staff
Retired Staff
Nov 19, 2018
5,207
704
118
you're missing things in your config. you should try adapting the config from the wiki example and it will work
 

daniel.tremmel

New Member
Jan 29, 2021
7
1
3
you're missing things in your config. you should try adapting the config from the wiki example and it will work

The only thing that was missing was "proxy_redirect", I added that but still not working - same error.
 

oguz

Proxmox Retired Staff
Retired Staff
Nov 19, 2018
5,207
704
118
here on my test machine with latest PVE 6.3 this works:

Code:
apt update
apt install nginx
rm /etc/nginx/sites-enabled/default
nano /etc/nginx/conf.d/proxmox.conf

and the contents of proxmox.conf:

Code:
upstream proxmox {
    server "YOUR.FQDN.GOES.HERE";
}

server {
    listen 80 default_server;
    rewrite ^(.*) https://$host$1 permanent;
}

server {
    listen 443;
    server_name _;
    ssl on;
    ssl_certificate /etc/pve/local/pve-ssl.pem;
    ssl_certificate_key /etc/pve/local/pve-ssl.key;
    proxy_redirect off;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://localhost:8006;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
}

you need to change the FQDN part to the fully qualified domain name of your host, you can check cat /etc/hosts output to find yours. in my case it was pve-dev-machine.proxmox.com. save the file and then check the syntax:
Code:
nginx -t

it should return:

Code:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

if you see this message then you can restart the service:

Code:
systemctl restart nginx

and access the user interface at https://your.fqdn.goes.here or https://your.ip.address.here


if everything works (web interface, noVNC) then you can follow the additional steps described on the wiki to make it persistent


hope this helps
 
Last edited:

daniel.tremmel

New Member
Jan 29, 2021
7
1
3
I recreated it now from scratch with the exact same config mentioned in the article above, and now it works. No clue what's the problem, but it's solved. Thanks oguz for your patience.
 

oguz

Proxmox Retired Staff
Retired Staff
Nov 19, 2018
5,207
704
118
you're welcome, please mark the thread as [SOLVED] so others know what to expect :)
 
Aug 24, 2021
3
0
1
41
here on my test machine with latest PVE 6.3 this works:

Code:
apt update
apt install nginx
rm /etc/nginx/sites-enabled/default
nano /etc/nginx/conf.d/proxmox.conf

and the contents of proxmox.conf:

Code:
upstream proxmox {
    server "YOUR.FQDN.GOES.HERE";
}

server {
    listen 80 default_server;
    rewrite ^(.*) https://$host$1 permanent;
}

server {
    listen 443;
    server_name _;
    ssl on;
    ssl_certificate /etc/pve/local/pve-ssl.pem;
    ssl_certificate_key /etc/pve/local/pve-ssl.key;
    proxy_redirect off;
    location / {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://localhost:8006;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
}

you need to change the FQDN part to the fully qualified domain name of your host, you can check cat /etc/hosts output to find yours. in my case it was pve-dev-machine.proxmox.com. save the file and then check the syntax:
Code:
nginx -t

it should return:

Code:
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

if you see this message then you can restart the service:

Code:
systemctl restart nginx

and access the user interface at https://your.fqdn.goes.here or https://your.ip.address.here


if everything works (web interface, noVNC) then you can follow the additional steps described on the wiki to make it persistent


hope this helps
Hello,

I stumbled across this post whilst attempting to set up Let's Encrypt SSL while also utilizing Nginx Reverse Proxy. The issue I am encountering, even updating the conf file to reflect the location of where the SSL cert is living, still suggests that the connection is not secure. However, without the Nginx Reverse proxy, and maintaining the default port of 8006, there are no issues and the connection is secure. What is the configuration that might be missing to redirect to Let's Encrypt certs?

upstream proxmox { server "my.FQDN.here"; } server { listen 80 default_server; rewrite ^(.*) https://$host$1 permanent; } server { listen 443 ssl; server_name _; ssl_certificate /etc/pve/nodes/nodename/pve-ssl.pem; ssl_certificate_key /etc/pve/nodes/nodename/pve-ssl.key; proxy_redirect off; location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_pass https://localhost:8006; proxy_buffering off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; } }
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!