reverse proxy nginx noVNC problem since V5

[Sébastien Gross]

For the record we experience the same issue here with HAProxy with HTTP mode.

The HAProxy config is quite simple:

backend pved-cdc
    mode http
    option httpchk GET / HTTP/1.0
    option forwardfor except 127.0.0.1
    default-server inter 10s
 
   # Added to test proposed fixes
    http-request del-header  X-Frame-Options
    http-request del-header  Connection
    http-request add-header  X-Frame-Options SAMEORIGIN
    http-request add-header  Connection Upgrade

    server pved01-cdc pved01-cdc:8006 ssl verify none check maxconn 32
    server pved02-cdc pved02-cdc:8006 ssl verify none check backup maxconn 32
    server pved03-cdc pved03-cdc:8006 ssl verify none check backup maxconn 32

I try to downgrade novnc-pve from 0.6-4 to 0.5-9 but other issue shows up:



If I switch HAProxy to TCP mode it works like a sharm:

listen pved-cdc-tcp
    bind *:444
    mode tcp
    option tcplog
    default-server inter 10s

    server pved01-cdc pved01-cdc:8006 check maxconn 32
    server pved02-cdc pved02-cdc:8006 backup maxconn 32
    server pved03-cdc pved03-cdc:8006 backup maxconn 32

Setup:

• HAProxy: 1.7.5-1
• PVE: 5.2 (latest version)

 

[r.jochum]

Can you try to install "libpve-http-server-perl" from pvetest and test again?

This should be fixed there.

 

[r.jochum]

Don't forget to reset novnc-pve back to latest version.

 

[Sébastien Gross]

Yes you rock!

with libpve-http-server-perl from pvetest (version 2.0-9) it works.

If you don't want to install extra packages from pvetest you can pin them using this in /etc/apt/preferences.d/pvetest:

Package: *
Pin: release o=Proxmox,c=pvetest
Pin-Priority: 100

Thanks for the quick update

 

[ChrisE]

Thank you so much!

Libpve-http-server-perl version 2.0-9 fixed all my nginx reverse proxy problems.

Keep up the good work!

 

[gottlieb]

i update Libpve-http-server-perl version 2.0-9
and now noVNC work !

thank you

 

[r.jochum]

Just a reminder, libpve-http-server-perl 2.0.9 is since some days in the pve-nosubscription repo.

 

[j5boot]

Working like a charm now! Thanks!

 

[bennyboy153]

made an account to post this, i was getting a cant connect error so messed around with nginx proxy manager and found a solution to my problem
enable websockets support when creating/editing your proxy host if you have the gui click the three dots then edit

 

[caprageon]

made an account to post this, i was getting a cant connect error so messed around with nginx proxy manager and found a solution to my problem
enable websockets support when creating/editing your proxy host if you have the gui click the three dots then edit

This is the way ! Thank you very much for taking the time to share your solution on an old topic.
If it can help, here is my .conf file which is working like a charm, with websocket support :

# ------------------------------------------------------------
# pve.mydomain.fr
# ------------------------------------------------------------
server {
  set $forward_scheme https;
  set $server         "192.168.1.77";
  set $port           8006;

  listen 8080;
listen [::]:8080;

listen 4443 ssl http2;
listen [::]:4443 ssl http2;

  server_name pve.mydomain.fr;

  # Let's Encrypt SSL
  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
  ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;


    # Force SSL
    include conf.d/include/force-ssl.conf;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;

  access_log /config/log/proxy-host-10_access.log proxy;
  error_log /config/log/proxy-host-10_error.log warn;

  location / {

  # HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
  add_header Strict-Transport-Security "max-age=63072000;includeSubDomains; preload" always;

    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $http_connection;
    proxy_http_version 1.1;
    # Proxy!
    include conf.d/include/proxy.conf;
  }

 

[zhujixx]

This is the way ! Thank you very much for taking the time to share your solution on an old topic.
If it can help, here is my .conf file which is working like a charm, with websocket support :

# ------------------------------------------------------------
# pve.mydomain.fr
# ------------------------------------------------------------
server {
  set $forward_scheme https;
  set $server         "192.168.1.77";
  set $port           8006;


  include conf.d/include/letsencrypt-acme-challenge.conf;
  include conf.d/include/ssl-ciphers.conf;
   include conf.d/include/force-ssl.conf;


    include conf.d/include/proxy.conf;
  }

Can you share other .conf files?

 

[cxm25]

Ran into this with nginx and after adding "proxy_set_header Upgrade $http_upgrade;" to my location in the nginx conf file, it the novnc worked again from the Proxmox ui

proxy_pass https://localhost:8006;
proxy_set_header Connection "upgrade";
proxy_set_header Upgrade $http_upgrade; # I was missing this line and seeing the error