hi,
I needed to access Spice, outside the local network and through a reverse proxy.
I had configured the nginx proxy manager, but after reading some forums I realized that it does not support the TCP protocol, which apparently, is necessary for spice.
I was testing HAproxy, but I can't access Spice at all, it always returns the error "Unable to connect to the graphic Server ... pve-spice.vv".
this is my haproxy config:
I have the haproxy version 2.8.5
I have the domain/subdomain in cloudflare that I use to connect to proxmox, the router as ports 443 and 80 pointing to haproxy (no 3128 open in router), proxmox webui is working fine but SPICE doesn't.
If I connect to proxmox with the ISP IP of the router and with the 3128 opened in router, Spice works.
Could any one give me an help?
(I can change the reverse proxy software, as long as it allows access to spice and the use of http https reverse proxy, because I have more things than spice, in reverse proxy).
Thanks...
I needed to access Spice, outside the local network and through a reverse proxy.
I had configured the nginx proxy manager, but after reading some forums I realized that it does not support the TCP protocol, which apparently, is necessary for spice.
I was testing HAproxy, but I can't access Spice at all, it always returns the error "Unable to connect to the graphic Server ... pve-spice.vv".
this is my haproxy config:
Code:
global
log /dev/log local0
log /dev/log local1 notice
chroot /var/lib/haproxy
stats socket /run/haproxy/admin.sock mode 660 level admin
stats timeout 30s
user haproxy
group haproxy
daemon
# Default SSL material locations
ca-base /etc/ssl/certs
crt-base /etc/ssl/private
# See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate
ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256
ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets
stats socket /var/lib/haproxy/stats
stats socket *:1999 level admin
stats socket /var/run/haproxy.sock mode 600 level admin
server-state-file /etc/haproxy/haproxy.state
defaults
log global
mode http
option httplog
option dontlognull
timeout connect 5000
timeout client 50000
timeout server 50000
errorfile 400 /etc/haproxy/errors/400.http
errorfile 403 /etc/haproxy/errors/403.http
errorfile 408 /etc/haproxy/errors/408.http
errorfile 500 /etc/haproxy/errors/500.http
errorfile 502 /etc/haproxy/errors/502.http
errorfile 503 /etc/haproxy/errors/503.http
errorfile 504 /etc/haproxy/errors/504.http
listen stats
bind *:8085
mode http
stats enable
stats uri /stats
stats realm HAProxy-04\ Statistics
stats auth user:alskgalskdfjalskdn
stats admin if TRUE
backend per_ip_and_url_rates
stick-table type binary len 8 size 1m expire 24h store http_req_rate(24h)
backend per_ip_rates
stick-table type ip size 1m expire 24h store gpc0,gpc0_rate(30s)
frontend spice
bind :3128
#bind :61000
mode tcp
default_backend pvespice
backend pvespice
mode tcp
balance source
server spice 192.168.1.99:3128
#server spicetls 192.168.1.99:61000
#listen SpiceVMs
# bind :3128
# mode tcp
# maxconn 2000
# server pve007 192.168.1.99:3128 check port 3128 maxconn 200I have the haproxy version 2.8.5
I have the domain/subdomain in cloudflare that I use to connect to proxmox, the router as ports 443 and 80 pointing to haproxy (no 3128 open in router), proxmox webui is working fine but SPICE doesn't.
If I connect to proxmox with the ISP IP of the router and with the 3128 opened in router, Spice works.
Could any one give me an help?
(I can change the reverse proxy software, as long as it allows access to spice and the use of http https reverse proxy, because I have more things than spice, in reverse proxy).
Thanks...