[SOLVED] SPICE I/O Time Out Behind NGINX Proxy

Discussion in 'Proxmox VE: Installation and configuration' started by eBell, Oct 24, 2018.

  1. eBell

    eBell New Member

    Joined:
    Jun 11, 2017
    Messages:
    11
    Likes Received:
    0
    My reverse proxy seems to be blocking my SPICE connection attempts to my ProxMox host.
    I can connect fine if I connect to the ProxMox local IP, but not if I try to use the FQDN that passes through my reverse proxy.

    Trying to connect through my reverse proxy gives the following error:
    Code:
    Could not connect to proxy server xxx.xxx.xxx.xxx: Socket I/O timed out
    I've tested connecting with Edge (wouldn't download the .vv file at all, unfortunately) and Firefox.

    My NGINX reverse proxy config for my PVE host is as follows:
    Code:
    server {
            server_name *FQDN*;
     
            location / {
                    proxy_pass *PVE-IP*;
                    
                    proxy_set_header Host $host;
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    
                    proxy_http_version 1.1;
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header Connection "upgrade";
                    
                    proxy_buffering off;
                    
                    add_header X-Frame-Options SAMEORIGIN;
                    
                    client_max_body_size 0;
                    proxy_connect_timeout  3600s;
                    proxy_read_timeout  3600s;
                    proxy_send_timeout  3600s;
                    send_timeout  3600s;
     }
     
    
        listen 443 ssl; # managed by Certbot
        *SSL GUBBINS*
    
    }server {
        if ($host = *FQDN*) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
    
            listen 80;
            server_name *FQDN*;
        return 404; # managed by Certbot
    }


    pveversion -v just in case it's relevant:
    Code:
    $ pveversion -v
    proxmox-ve: 5.2-2 (running kernel: 4.15.18-7-pve)
    pve-manager: 5.2-10 (running version: 5.2-10/6f892b40)
    pve-kernel-4.15: 5.2-10
    pve-kernel-4.13: 5.2-2
    pve-kernel-4.15.18-7-pve: 4.15.18-27
    pve-kernel-4.15.18-5-pve: 4.15.18-24
    pve-kernel-4.15.18-4-pve: 4.15.18-23
    pve-kernel-4.15.18-3-pve: 4.15.18-22
    pve-kernel-4.15.18-2-pve: 4.15.18-21
    pve-kernel-4.15.18-1-pve: 4.15.18-19
    pve-kernel-4.15.17-3-pve: 4.15.17-14
    pve-kernel-4.15.17-2-pve: 4.15.17-10
    pve-kernel-4.15.17-1-pve: 4.15.17-9
    pve-kernel-4.15.15-1-pve: 4.15.15-6
    pve-kernel-4.13.16-4-pve: 4.13.16-51
    pve-kernel-4.13.16-3-pve: 4.13.16-50
    pve-kernel-4.13.16-2-pve: 4.13.16-48
    pve-kernel-4.13.16-1-pve: 4.13.16-46
    pve-kernel-4.13.13-6-pve: 4.13.13-42
    pve-kernel-4.13.13-5-pve: 4.13.13-38
    pve-kernel-4.13.13-4-pve: 4.13.13-35
    pve-kernel-4.13.13-3-pve: 4.13.13-34
    pve-kernel-4.13.13-2-pve: 4.13.13-33
    pve-kernel-4.13.13-1-pve: 4.13.13-31
    pve-kernel-4.13.8-3-pve: 4.13.8-30
    pve-kernel-4.13.8-2-pve: 4.13.8-28
    pve-kernel-4.13.8-1-pve: 4.13.8-27
    pve-kernel-4.10.17-5-pve: 4.10.17-25
    corosync: 2.4.2-pve5
    criu: 2.11.1-1~bpo90
    glusterfs-client: 3.8.8-1
    ksm-control-daemon: 1.2-2
    libjs-extjs: 6.0.1-2
    libpve-access-control: 5.0-8
    libpve-apiclient-perl: 2.0-5
    libpve-common-perl: 5.0-40
    libpve-guest-common-perl: 2.0-18
    libpve-http-server-perl: 2.0-11
    libpve-storage-perl: 5.0-30
    libqb0: 1.0.1-1
    lvm2: 2.02.168-pve6
    lxc-pve: 3.0.2+pve1-3
    lxcfs: 3.0.2-2
    novnc-pve: 1.0.0-2
    proxmox-widget-toolkit: 1.0-20
    pve-cluster: 5.0-30
    pve-container: 2.0-28
    pve-docs: 5.2-8
    pve-firewall: 3.0-14
    pve-firmware: 2.0-5
    pve-ha-manager: 2.0-5
    pve-i18n: 1.0-6
    pve-libspice-server1: 0.14.1-1
    pve-qemu-kvm: 2.11.2-1
    pve-xtermjs: 1.0-5
    qemu-server: 5.0-36
    smartmontools: 6.5+svn4324-1
    spiceterm: 3.0-5
    vncterm: 1.5-3
    zfsutils-linux: 0.7.11-pve1~bpo1
     
  2. eBell

    eBell New Member

    Joined:
    Jun 11, 2017
    Messages:
    11
    Likes Received:
    0
    I wasn't aware that port 3128 was required for the SPICE connection, I have since opened this port on my router firewall and can connect to the VM without issue.
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice