[SOLVED] Reverse web proxy for cluster

[TodorPetkov]

Hello,


I am trying to setup nginx as layer7 load balancer to cluster with 2 nodes. Setup looks like this:
Nginx hostname: office-proxmox.internal.domain, Fedora33 with nginx
Proxmox1 host: SRV1
Proxmost2 host: SRV2

Everything is working fine, but now and then I see in nginx error log messages like this (I have removed some of the vncticket string):

2021/01/30 10:07:22 [error] 240#0: *148 upstream prematurely closed connection while reading response header from upstream, client: 10.0.3.10, server: office-proxmox.internal.domain, request: "GET /api2/json/nodes/SRV1/vncwebsocket?port=5900&vncticket=PVEVNC%3A60152FD6%3A%3AgEibbLKrtnP8KbxQ HTTP/1.1", upstream: "https://SRV1:8006/api2/json/nodes/SRV1/vncwebsocket?port=5900&vncticket=PVEVNC%3A60152FD6%3A%3AgEibbLKrtnP8KbxQT7cyqLsO3Fme4z8BbDn1TsSdVBnyVldoiN2", host: "office-proxmox.internal.domain"

I have similar messages for SRV2 as well.

I have followed the guide on https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy and added upstream definition for the two nodes:

upstream backend {
 server SRV1:8006;
 server SRV2:8006;
 }

Have anyone tried such thing? What are the possible issues I can run into? I can think of issue with authenticated sessions, for example upon first connection I am redirected to SRV1, I authenticate there, and sometime later I am redirected to SRV2, where I don't have authenticated session.

Proxmox version is 6.3-3, with latest community updates.

Thanks in advance

 

[dcsapak]

I can think of issue with authenticated sessions, for example upon first connection I am redirected to SRV1, I authenticate there, and sometime later I am redirected to SRV2, where I don't have authenticated session.

this is not an issue, since the ticket is not bound to any server side session, it simply runs out after 2 hours (the ui refreshes that regularly)