reverse proxy nginx noVNC problem since V5

gottlieb

New Member
Jul 12, 2017
2
0
1
38
hello,

i have a problem when i want use noVNC console from my reverse proxy nginx
when i was on proxmox 4, i havent problem, now on proxmox 5 with new console features
i have a black screen on console, he said me connected (encrypted ) on QEMU, but i can nothing
on my local network with IP of proxmox, its work

my nginx config in attach


have you a idea?
thanks
 

Attachments

  • nginx.PNG
    nginx.PNG
    15.5 KB · Views: 135
I am facing the same issue. Proxying via nginx results in a blank screen in noVNC while direct connections to port 8006 works as intended.
 
So, i'm no longer getting a blank screen when trying to connect to console. However, it's still not 100% working all the time. Here's an example of my config

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream proxmox {
server 192.168.1.5;
}

server {
listen 80;
rewrite ^(.*) https://DOMAIN.NET permanent;
}

server {
listen 443 ssl;
server_name PROXMOX.DOMAIN.NET;
ssl on;
include snippets/ssl-default.conf;
include snippets/ssl-params.conf;
client_max_body_size 5g;
proxy_read_timeout 3000s;
proxy_send_timeout 3000s;


location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# Also proxy websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
add_header X-Frame-Options SAMEORIGIN;

# proxy backend
proxy_pass https://192.168.1.50:8006/;
}
}
 
Same issue. For what its worth I've tried reverse proxying with haproxy also only to have the same issue. Black screens on consoles about 60% of the time.
 
I was able to use chrome dev menu to debug a bit.

Adding this line: add_header X-Frame-Options SAMEORIGIN;
stopped a blank screen and started allowing it sometimes. Sometimes it worked with the inline console, sometimes it worked with the pop out window console.

It will still say it's connected and encrypted, but stays blank.
 
The solution to your problems is to enable sticky sessions. Your problem is that your novnc some times makes connection to another node than the one you are currently connected to.
 
Anyways, you guys can also do TCP forwarding like this which works fine

stream {
server {
listen 8006;
proxy_pass 192.168.1.65:8006;
}
}​

But we lose the advanced HTTP ACL features :(
 
since current noVNC version in PVE5.1 not work well, possible to downgrade to previous version?
ip_hash nginx work fine for noVNC in PVE4.4.
 
The article misses this in the 'location / { ..' section: add_header X-Frame-Options SAMEORIGIN;
I changed it to be like this:
location / { ...
.
.
.
add_header X-Frame-Options SAMEORIGIN;
}
Still doesn't work, Am I missing something?
I can verify adding this on my firefox (view image)
As I'm new to forum I can't post my image.
View this link: aminvakil.com/proxmox/1.png
 
I use firefox and I checked network tab of developers options, and the only sent headers when connecting to vnc websocket different from using IP itself which works novnc on it is Host & Origin.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!