Unable to connect to PVE web console through reverse proxy

[Telperion]

I have an nginx reverse proxy running in an unprivileged container to access resources running in other containers / VM's with my 1 public IP. My nginx configuration is listed below. I can access the web interface, but I can't access the console on any of my VM's, containers, or host. I'm assuming this has to do with the reverse proxy configuration and VNC ports, but I'm unsure what port mapping I need to modify to make this work. I'd think that this is a pretty common setup.

(server and server_name are modified because the forum won't let me post 'links')

upstream pvehost {
        server 10.3.2.100:8006;
}

server {
        listen 80 http2;
        listen [::]:80 http2;
        server_name sub.domain.com;
        return 301 htt ps://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name sub.domain.com;
        ssl_certificate /etc/letsencrypt/certs/star_domain_me/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/certs/star_domain_me/privkey.pem;

        location / {
                proxy_pass htt ps://pvehost;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_http_version 1.1;
        }
}

 

[Telperion]

Found a fix online, had to enable a websocket connection. Updated, working config:

upstream proxmoxhost {
        server localhost:8006;
}

server {
        listen 80 http2;
        listen [::]:80 http2;
        server_name proxmox.domain.com;
        return 301 htt ps://$server_name$request_uri;
}

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
        server_name proxmox.domain.com;
        ssl_certificate /etc/dehydrated/certs/star_domain_com/fullchain.pem;
        ssl_certificate_key /etc/dehydrated/certs/star_domain_com/privkey.pem;

        location / {
                proxy_pass htt ps://proxmoxhost;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_http_version 1.1;
        }
}

 

[James Jeon]

Hi, so which part from the location is the websocket?
i have the same problem

 

[bythelake]

Telperion, thanks a bunch ... this worked for me and saved me some time. I added the following 2 lines from your example to my nginx config:

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

 

[mswedv]

i have a nginx reverse proxy (https://github.com/jc21/nginx-proxy-manager v2.9.8 ) which runs as lxc docker container at this proxmox node i want to redirect the web gui to.

my settings


Accessing the FQDN resulting in Error 503

Any Idear how to fix?

btw: my url via ip looks very odd, is that normal?

 

[dcsapak]

my settings

your scheme is http, should be https probably...

btw: my url via ip looks very odd, is that normal?

what looks odd?

 

[MysticalSam]

Same issue, any ideas.

on npm


on url: https://pve.home/

 

[dcsapak]

no idea sorry, i am not familiar with the proxy manager, was just a guess. but here is a guide for setting up a plain nginx: https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

 

[mswedv]

no idea sorry, i am not familiar with the proxy manager, was just a guess. but here is a guide for setting up a plain nginx: https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

This guide is how to set up nginx proxy at same host as proxmox. It's not the way i wanna go. I want to keep my host hypervisor untouched for this....

 

[firebowl]

I have a similar problem. I installed nginx reverse proxy in it's own lxc container. I can access the proxmox webinterface from outside my network via the reverse proxy. So far so good.
But I cannot access any service hosted in an other lxc container.
Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> proxmox host website
Not Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> adguard webinterface (lxc container 2)

 

[dcsapak]

This guide is how to set up nginx proxy at same host as proxmox. It's not the way i wanna go. I want to keep my host hypervisor untouched for this....

its just an nginx config, where you run it does not really matter (only that the ips, etc. are configured correctly)

I have a similar problem. I installed nginx reverse proxy in it's own lxc container. I can access the proxmox webinterface from outside my network via the reverse proxy. So far so good.
But I cannot access any service hosted in an other lxc container.
Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> proxmox host website
Not Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> adguard webinterface (lxc container 2)

this is not really the same issue, can you please open a new thread for a separate issue? (and please post more details, for example your network configs)

 

[dklobucaric]

I've just enabled those in my nginx proxy manager and now i can start console in my proxmox 7
have to test i on PVE 8

 

[Dyon]

I have a similar problem. I installed nginx reverse proxy in it's own lxc container. I can access the proxmox webinterface from outside my network via the reverse proxy. So far so good.
But I cannot access any service hosted in an other lxc container.
Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> proxmox host website
Not Working: Internet client ==> nginx reverse proxy (lxc container 1) ==> adguard webinterface (lxc container 2)

Hi, I think I have the same setup. A ProxMox VPE host with in there a Alpine LXC running NginX Reverse Proxy Manager.
Now I want to reach the :8006 webinterface via the NPM but I keep ketting bad gateway 502.
How have you set it up to work?

What I do have working is that the NPM interface ( :81) I have running via itself, for that I had to add to port forward in
/etc/network/interfaces

# Forward port to NPM LXC on proxmox
post-up iptables -t nat -A PREROUTING -i eno1 -p tcp -m multiport --dports 80,81,443 -j DNAT --to 10.10.11.2
post-down iptables -t nat -D PREROUTING -i eno1 -p tcp -m multiport --dports 80,81,443 -j DNAT --to 10.10.11.2

so 10.10.11.2 is the local ip for the LXC host in ProxMox.
My Proxmox host is on a different range 192.x.x.x/32

My bridge is setup like this:
auto vmbr0
iface vmbr0 inet static
address 10.10.11.1/24
bridge-ports none
bridge-stp off
bridge-fd 0

post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '10.10.11.0/24' -o eno1 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '10.10.11.0/24' -o eno1 -j MASQUERADE


Depending on your setup, and your type of bridge, you may also need to open/forward ports to container ip?