[SOLVED] VE gives 401 Ticket while accessing web GUI

WikiTech

Member
Dec 22, 2019
6
0
21
24
Hello,
I apologize on front, I was not sure where to put this thread.

I have a standalone host running Proxmox VE 7.4-3 on Debian 11 Installation.
During maintanence I decided to put a firewall behind the proxmox so the host is protected and not exposed to the public.
To still able to access the web GUI I forwarded via the firewall (PfSense) the port 8006 to 10000
It works, but it gives me an error 30-60s after access the GUI with Ticket Error 401.

Do I need to forward some more ports or proxmox VE does have some limitation when It comes to port forwarding?
Or do you guys have a better advice?
Thank you
 
I just checked it:

from timedatectl:


Code:
root@pm1:~# timedatectl
               Local time: Mo 2023-05-15 12:50:05 CEST
           Universal time: Mo 2023-05-15 10:50:05 UTC
                 RTC time: Mo 2023-05-15 10:50:05
                Time zone: Europe/Berlin (CEST, +0200)
System clock synchronized: yes
              NTP service: active
          RTC in local TZ: no

from stat /etc/pve/authkey* (output after logged to GUI)

Code:
root@pm1:~# stat /etc/pve/authkey*
  Datei: /etc/pve/authkey.pub
  Größe: 451            Blöcke: 1          EA Block: 4096   reguläre Datei
Gerät: 36h/54d  Inode: 5390713     Verknüpfungen: 1
Zugriff: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (   33/www-data)
Zugriff    : 2023-05-15 00:03:11.000000000 +0200
Modifiziert: 2023-05-15 00:03:11.000000000 +0200
Geändert   : 2023-05-15 00:03:11.000000000 +0200
 Geburt    : -
  Datei: /etc/pve/authkey.pub.old
  Größe: 451            Blöcke: 1          EA Block: 4096   reguläre Datei
Gerät: 36h/54d  Inode: 5390712     Verknüpfungen: 1
Zugriff: (0640/-rw-r-----)  Uid: (    0/    root)   Gid: (   33/www-data)
Zugriff    : 2023-05-15 00:03:11.000000000 +0200
Modifiziert: 2023-05-15 00:03:11.000000000 +0200
Geändert   : 2023-05-15 00:03:11.000000000 +0200

But weird, the ticket error is now gone but It comes back after time....
Edit: Now it happened again....
 
Last edited:
that stat output looks okay (unless your system regularly jumps back and forth in time ;)). anything visible in the logs server-side?
 
Like using a time machine ;)?

I just testing a theory and I think maybe that will be it.
I just took firefox to incognito mode and seems to work, maybe the old cache was doing his magic.... I will update if this fixed the issue.
Update: When It dont work, I will check the logs.
 
Last edited:
So, Im back after testing:
When I have more than 1 tab open with different proxmox host the error 401 ticket comes to live. (which its under the same firewall)
When I only have 1 tab open with only 1 machine it works as intended.
 
that sounds like they both use the same hostname then? that's a problem, since cookie scope doesn't include the port and you are thus sending wrong cookies..
 
The Machines are not using the same hostname. (just checked, IPs and Hostname are different)
I just have one Public IP in the firewall and thats why forwarding is being in use.
 
Last edited:
yeah, but that means the cookie is set for that public IP for both hosts ;) the hostname that you connect to is what counts.
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!