[SOLVED] VE gives 401 Ticket while accessing web GUI

WikiTech

Member
Dec 22, 2019
6
0
21
25
Hello,
I apologize on front, I was not sure where to put this thread.

I have a standalone host running Proxmox VE 7.4-3 on Debian 11 Installation.
During maintanence I decided to put a firewall behind the proxmox so the host is protected and not exposed to the public.
To still able to access the web GUI I forwarded via the firewall (PfSense) the port 8006 to 10000
It works, but it gives me an error 30-60s after access the GUI with Ticket Error 401.

Do I need to forward some more ports or proxmox VE does have some limitation when It comes to port forwarding?
Or do you guys have a better advice?
Thank you
 
I just checked it:

from timedatectl:


Code:
root@pm1:~# timedatectl
               Local time: Mo 2023-05-15 12:50:05 CEST
           Universal time: Mo 2023-05-15 10:50:05 UTC
                 RTC time: Mo 2023-05-15 10:50:05
                Time zone: Europe/Berlin (CEST, +0200)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

from stat /etc/pve/authkey* (output after logged to GUI)

Code:
root@pm1:~# stat /etc/pve/authkey*
  Datei: /etc/pve/authkey.pub
  Größe: 451            Blöcke: 1          EA Block: 4096   reguläre Datei
Gerät: 36h/54d  Inode: 5390713     Verknüpfungen: 1
Zugriff: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (   33/www-data)
Zugriff    : 2023-05-15 00:03:11.000000000 +0200
Modifiziert: 2023-05-15 00:03:11.000000000 +0200
Geändert   : 2023-05-15 00:03:11.000000000 +0200
 Geburt    : -
  Datei: /etc/pve/authkey.pub.old
  Größe: 451            Blöcke: 1          EA Block: 4096   reguläre Datei
Gerät: 36h/54d  Inode: 5390712     Verknüpfungen: 1
Zugriff: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (   33/www-data)
Zugriff    : 2023-05-15 00:03:11.000000000 +0200
Modifiziert: 2023-05-15 00:03:11.000000000 +0200
Geändert   : 2023-05-15 00:03:11.000000000 +0200

But weird, the ticket error is now gone but It comes back after time....
Edit: Now it happened again....
 
Last edited:
that stat output looks okay (unless your system regularly jumps back and forth in time ;)). anything visible in the logs server-side?
 
Like using a time machine ;)?

I just testing a theory and I think maybe that will be it.
I just took firefox to incognito mode and seems to work, maybe the old cache was doing his magic.... I will update if this fixed the issue.
Update: When It dont work, I will check the logs.
 
Last edited:
So, Im back after testing:
When I have more than 1 tab open with different proxmox host the error 401 ticket comes to live. (which its under the same firewall)
When I only have 1 tab open with only 1 machine it works as intended.
 
that sounds like they both use the same hostname then? that's a problem, since cookie scope doesn't include the port and you are thus sending wrong cookies..
 
The Machines are not using the same hostname. (just checked, IPs and Hostname are different)
I just have one Public IP in the firewall and thats why forwarding is being in use.
 
Last edited:
yeah, but that means the cookie is set for that public IP for both hosts ;) the hostname that you connect to is what counts.