reverse proxy nginx noVNC problem since V5

For the record we experience the same issue here with HAProxy with HTTP mode.

The HAProxy config is quite simple:

Code:
backend pved-cdc
    mode http
    option httpchk GET / HTTP/1.0
    option forwardfor except 127.0.0.1
    default-server inter 10s
 
   # Added to test proposed fixes
    http-request del-header  X-Frame-Options
    http-request del-header  Connection
    http-request add-header  X-Frame-Options SAMEORIGIN
    http-request add-header  Connection Upgrade

    server pved01-cdc pved01-cdc:8006 ssl verify none check maxconn 32
    server pved02-cdc pved02-cdc:8006 ssl verify none check backup maxconn 32
    server pved03-cdc pved03-cdc:8006 ssl verify none check backup maxconn 32

I try to downgrade novnc-pve from 0.6-4 to 0.5-9 but other issue shows up:
Screen Shot 2018-06-01 at 11.24.03.png


If I switch HAProxy to TCP mode it works like a sharm:

Code:
listen pved-cdc-tcp
    bind *:444
    mode tcp
    option tcplog
    default-server inter 10s

    server pved01-cdc pved01-cdc:8006 check maxconn 32
    server pved02-cdc pved02-cdc:8006 backup maxconn 32
    server pved03-cdc pved03-cdc:8006 backup maxconn 32


Setup:

  • HAProxy: 1.7.5-1
  • PVE: 5.2 (latest version)
 
Yes you rock!

with libpve-http-server-perl from pvetest (version 2.0-9) it works.

If you don't want to install extra packages from pvetest you can pin them using this in /etc/apt/preferences.d/pvetest:

Code:
Package: *
Pin: release o=Proxmox,c=pvetest
Pin-Priority: 100


Thanks for the quick update
 
Thank you so much!

Libpve-http-server-perl version 2.0-9 fixed all my nginx reverse proxy problems.

Keep up the good work!
 
  • Like
Reactions: tom
made an account to post this, i was getting a cant connect error so messed around with nginx proxy manager and found a solution to my problem
enable websockets support when creating/editing your proxy host if you have the gui click the three dots then edit
 
  • Like
Reactions: akaber
made an account to post this, i was getting a cant connect error so messed around with nginx proxy manager and found a solution to my problem
enable websockets support when creating/editing your proxy host if you have the gui click the three dots then edit
This is the way ! Thank you very much for taking the time to share your solution on an old topic.
If it can help, here is my .conf file which is working like a charm, with websocket support :

Code:
# ------------------------------------------------------------
# pve.mydomain.fr
# ------------------------------------------------------------
server {
  set $forward_scheme https;
  set $server         "192.168.1.77";
  set $port           8006;

  listen 8080;
listen [::]:8080;

listen 4443 ssl http2;
listen [::]:4443 ssl http2;

  server_name pve.mydomain.fr;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;


    # Force SSL
    include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

  access_log /config/log/proxy-host-10_access.log proxy;
  error_log /config/log/proxy-host-10_error.log warn;

  location / {

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
    # Proxy!
    include conf.d/include/proxy.conf;
  }
 
This is the way ! Thank you very much for taking the time to share your solution on an old topic.
If it can help, here is my .conf file which is working like a charm, with websocket support :

Code:
# ------------------------------------------------------------
# pve.mydomain.fr
# ------------------------------------------------------------
server {
  set $forward_scheme https;
  set $server         "192.168.1.77";
  set $port           8006;


  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
   include conf.d/include/force-ssl.conf;


    include conf.d/include/proxy.conf;
  }

Can you share other .conf files?
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!