reverse proxy - VNC Strange behaviour

A

aychprox

Renowned Member
Oct 27, 2015
76
7
73
hi,

I am doing lab test on nginx reverse proxy with load balancing. Running latest Proxmox VE 4.2

I am able to access proxmox web GUI via normal https via port 443 to all nodes and it will automatically select available node as per nginx/conf.d configuration:

-------> Node 1
|
VM (nginx reverse proxy) -------> Node 2
|
-------> Node 2

VM run on bridge mode and port 80,443, 8006 is open for external and nodes communications. It install with let's encrypt SSL.

One thing is that the VNC will drop after a while and the screen is freeze. During this time I try to open another session directly via node Web GUI (local IP). i can see eventhough the previous session via reverse proxy screen is freezed, but the action like typing or enter still able to send via the freezed console (I can see the respond from second console).

From daemon.log i can see this line when run noVNC via proxy:

LXC :

pveproxy[17321]: EV: error in callback (ignoring): connect to 'localhost:5901" failed: connection refused at /usr/share/perl5/PVE/HTTPServer.pm line 418

KVM:

pvedaemon[6635]: command '/bin/nc6 -l -p 5900 -w 10 -e '/usr/bin/ssh -T -o BatchMode=yes 1x.xx.xx.104 /usr/sbin/qm vncproxy 302 2>/dev/null'' failed: exit code 1

I had tried to completely disable firewall on host and data center level but still the same.

On data center level, port 5900:5999, 8006 is open and accept incoming only from the VM nginx proxy
Same setting on host level, too.

Hopefully guru here can point out my mistake.
 
Last edited:
I'd absolutely love to find a way to make proxmox through a reverse proxy work via a subdirectory. Currently, I can get only get it to work on the root, which while it works, is far from desireable.

i.e. somedomain.com/proxmox instead of just somedomain.com
 
Here the nginx config.

upstream proxmox {
server 1.x.x.x:8006;
server 2.x.x.x:8006;
server 3.x.x.x:8006;
}
proxy_redirect off;
server {
listen 443 ssl;
server_name vnc.subdomain.com;

ssl on;
ssl_certificate /etc/letsencrypt/live/vnc.subdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/vnc.subdomain.com/privkey.pem;

location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://proxmox;
proxy_buffering off;
client_max_body_size 0;
proxy_redirect off;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

I observed that if make other 2 nodes status as down in nginx upstream, it work perfectly, no freeze screen in noVNC.
Would it be possible round-robin load balancing will send requests to all nodes at same time that causes conflict or confuse in Proxmox noVNC connection?

I saw someone tested with subdirectory, but haven't try out yet
http://ixorthings.blogspot.my/2015/10/proxmox-v4-nginx-reverse-proxy-with-vnc.html
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back