WEB GUI from different servers in the same browser

jasminj

Active Member
Sep 27, 2014
44
0
26
Vienna 19
jasmin.anw.at
Hi!

I have two test nodes (PVE 4.1/no subscription).
Both servers have only SSH access.
I am using two shell scripts to activate two ssh connections with port forwarding:
$ ssh -X -L 8007:localhost:8006 -L 3129:localhost:3128 xxx@192.168.23.150
$ ssh -X -L 8006:localhost:8006 -L 3128:localhost:3128 xxx@192.168.23.160

This does forward the port 8006 of node 192.168.23.160 to the local port 8006 and
the port 8006 of node 192.168.23.150 to the local port 8007. With port 3128 it is similar.

I can access the PVE WEB GUI of one server with this URL:
https://localhost:8006
but I can't access the WEB GUI of the other server with this URL:
https://localhost:8007
I get "Secure Connection Failed" in Firefox.
Now the strange thing. I can access https://localhost:8007 with another browser (Chrome).
When I clean the browser cache and connect again with Firefox to https://localhost:8007
I can access it, but I can't access https://localhost:8006 then.

Can someone explain why this happens?
Is there a solution to this problem, because I like to use only one browser to access
both servers and I like to keep only SSH open on the servers.

BR
Jasmin
 
Hi,

Try


$ ssh -X -L 8007:192.168.23.150:8006 -L 3129:192.168.23.150:3128 xxx@192.168.23.150
$ ssh -X -L 8006:mad:192.168.23.160:8006 -L 3128:192.168.23.160:3128 xxx@192.168.23.160

Christophe.
 
Hi!

On both servers the firewall allows currently only SSH (will be more, if VMs are running). Moreover, I restricted the pveproxy and spiceproxy to 127.0.0.1(localhost). This allows a connection only from the server itself.

When you use SSH for port forwarding, it uses the "-L l-port:<ip-addr>:r-port" option to connect from the remote (!) server to "<ip-addr>:r-port". So this part is evaluated not locally, but remotely! But on the remote side, I restricted the access to localhost only, so the port forwarding does not work.
And I want exactly this behaviour!

Look here(Connecting to a database behind a firewall) for details.
I know it is a common practice by many users to use the remote IP address in the -L statement also, but in reality they want mostly localhost there.

My problem is not related to the SSH connection. The port forwarding works already perfectly. The problem is related to the browser, I guess. I can have both SSH with port forwarding working in parallel with two browsers, but not within the same browser. I even can connect from the same browser to the other server, when I clear the browser cache, but then the former server does no longer work in the browser.
Maybe this is related how the GUI works internally.

Any further hints for me?

BR,
Jasmin
 
Last edited:
My son told me, I should try an "incognito" or "private" window to access the servers via my tunnels.
This works great with Chrome, but not with Firefox.
Can someone explain how the WEB GUI works and if it is possible to fix this
in one of the next releases.
 
My son told me, I should try an "incognito" or "private" window to access the servers via my tunnels.
This works great with Chrome, but not with Firefox.
Can someone explain how the WEB GUI works and if it is possible to fix this
in one of the next releases.
Hi,
I guess firefox remember the cert for localhost during a session and if you connect to another localhost connection with serves another cert, this connection will dropped...
Have you tried to define an second localhost (like "127.0.0.2 localhost2") and connect with them?

Udo
 
Hello Udo!

THX, for answering!

> Have you tried to define an second localhost (like "127.0.0.2 localhost2") and connect with them?
I had this idea already, but I made a mistake with my port forwarding command two days ago. I need to bind it locally to the localhost2 address. So the SSH commands are now:
ssh -X -L 8006:localhost:8006 -L 3128:localhost:3128 xxx@192.168.23.160
ssh -X -L localhost2:8007:localhost:8006 -L localhost2:3129:localhost:3128 xxx@192.168.23.150

In the /etc/hosts file I added:
127.0.0.2 localhost2

And it WORKS in Firefox and Chrome without any problems and even in parallel.

THX Udo for solving this problem!

Now I have another problem with the SPICE console. It works for the first forwarding port 3128, but not for the second 3129. I guess the problem is related to the IP address/port in the downloaded files for virt-viewer. Any ideas how I can solve this?

BR
Jasmin
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!