too many Error 401: No ticket" no result
- Thread starter haiwan
- Start date
The general issue is, as the reply indicates, that there needs to be a valid ticket cookie (in the near future a plain "Authorization" header also works, as some context limit setting cookies (even if it's just a header)).
The questions is, what exactly do you want to do? Is it including the noVBNC somewhere or is it just accessing it normally through PVE webinterface?
we Developed a panel . so need this.
just now , we have test ok.
this panel forexample whmcs same. sale panel and user center.
As said, you need to have a valid ticket and use that to set the "PVEAuthCookie" when requesting the noVNC console.
The ticket can be requested from /access/ticket path, the user requesting the ticket needs to have permissions to see the console for the respective VMs.
If you use a WHCMS module you probably should ask them for help, as they are not made by Proxmox but ModulesGarden/WHCMS (IIRC).
The ticket can be requested from /access/ticket path, the user requesting the ticket needs to have permissions to see the console for the respective VMs.
If you use a WHCMS module you probably should ask them for help, as they are not made by Proxmox but ModulesGarden/WHCMS (IIRC).
Yeah sure, that by design. The noVNC console you're using is part of Proxmox VE, if one is logged in in the console they have the same (not more not less) privileges as you assigned them in PVE - so it'd be a bad idea to use an "Administrator" Role for that user
Just give the user which need to access the noVNC console only the
VM.Console priviledge on the VM/CTs they own, or may use. See https://pve.proxmox.com/pve-docs/chapter-pveum.html#_privilegesso have a question.Yeah sure, that by design. The noVNC console you're using is part of Proxmox VE, if one is logged in in the console they have the same (not more not less) privileges as you assigned them in PVE - so it'd be a bad idea to use an "Administrator" Role for that user
Just give the user which need to access the noVNC console only theVM.Consolepriviledge on the VM/CTs they own, or may use. See https://pve.proxmox.com/pve-docs/chapter-pveum.html#_privileges
set group name vncuser or every VM set a user?
i worry another safe trouble.
if set a group user novnc, maybe have happen this safe trouble.
forexample a b c customer have himself vm.
customer A use novnc group user login vnc see A vm same happen login customer b c vm.
you think understand?
What? No, client can only check the VMs were you (or your management tooling) gave them access to.
Why would you use a group permission if you want VM granularity privileges??
Either:
* define user permissions on the VMs they are allowed to access, not more not less
* if you want to manage users with multiple VMs in a nicer slightly more efficient way, add a "resource pool" per user, give the user (not a group!) the VM.Console privilege on that pool and add the VMs the users owns to that pool, then they can view all of those in the pool.
A ticket which you give the user must always be privilege restricted, I mean, how else could you restrict the user?
You'd need to have a self-written proxy which translates from your PVE management application access database to PVE itself, but I guess that's more work to get right.
You'd need to have a self-written proxy which translates from your PVE management application access database to PVE itself, but I guess that's more work to get right.
ok . tks.
let me first creat vnc group test.
we just worry this
my website connect promox api .
website show running member cloud.
we worry member A login website open member A cloud use vnc . if him have curious try other member cloud id test try login use novnc.
maybe we worry is no live.
let me test .
about your reply proxy we have no history . we have one write one study .
tks
Hi.
thanks reply me.
we have a question.
api nodes-qemu api vncproxy vncwebsocket this 2 api how to use.
now we have no understand this 2 api