[SOLVED] Working NoVNC with reverse proxy on 5.1

dm15

New Member
Mar 4, 2018
13
3
3
82
Hello, as I have spent a lot of time last week fighting nginx in order to make it render the NoVNC websocket correctly without any success, I saw there are multiple messages from many members indicating that it doesn't really work right now, not even this configuration.

I've managed to make it with Apache/2.4.25 and pasting a working configuration so anyone can use it.
Replace 10.1.1.1 with your Proxmox 5.1 node IP address.


Code:
<IfModule mod_ssl.c>
    <VirtualHost _default_:443>
   
        ServerAdmin admin@dummy.com
        ServerName dummy.com

        SSLEngine on

        SSLCertificateFile    /etc/nginx/ssl/yourcert.crt
        SSLCertificateKeyFile    /etc/nginx/ssl/yourcert.key
       
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
       
        ProxyRequests off
        ProxyPreserveHost on
   
        <Location />
            ProxyPass https://10.1.1.1:8006/
            ProxyPassReverse https://10.1.1.1:8006/
        </Location>
         
        <LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
            ProxyPass wss://10.1.1.1:8006/$1 retry=0
        </LocationMatch>
   
        <Location /websockify>
            ProxyPass ws://10.1.1.1:8006
            ProxyPassReverse ws://10.1.1.1:8006
        </Location>
       
    </VirtualHost>
</IfModule>
 
  • Like
Reactions: mrE and t.lamprecht

loomes

Active Member
May 22, 2018
101
24
38
42
Works 100% Thank you.
Im failed at the configuration and then i found your Post :)
 

loomes

Active Member
May 22, 2018
101
24
38
42
I have found out that the PVE _shell itself dont work with this configuration:

timed out waiting for client
TASK ERROR: command '/usr/bin/termproxy 5900 --path /nodes/proxmox --perm Sys.Console -- /bin/login -f root' failed: exit code 4

The Consoles from my LCX Containers works.

OK solved. Extend the Code with this:
<LocationMatch ^/(api2/json/nodes/[^\/]+/vncwebsocket.*)$>
ProxyPass wss://ip:8006/$1 retry=0
</LocationMatch>

The Path is different when we open the Host Shell.
 
Last edited:

genel

Member
Nov 20, 2012
8
0
21
Thanks, this helped me a lot. But to get it to work I had to do this also:
Code:
a2enmod proxy_wstunnel

It took me a few minutes to figure out why it still did not work after following you example. So I post this to help others.
 

phr53

New Member
Jul 16, 2019
1
0
1
26
Hi in my case it's not working for the websocket until i restarted the browser... think about it ;)
 

tamet83

Member
Nov 15, 2019
8
1
8
39
Hi, I tried to follow this example on my proxmox setup.
I have apache inside an lxc container and already configured different "config" files.
I'd like to have access to my Proxmox instance from outside my lan.
I wrote the following code form the above example but it doesn't work.

Code:
<VirtualHost *:80>
    ServerName proxmox.mydomain.it
    Redirect / https://proxmox.mydomain.it/
</VirtualHost>

<IfModule mod_ssl.c>
    <VirtualHost *:443>
        ServerName proxmox.mydomain.it
        Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains; preload$
        Header always set X-Frame-Options DENY
        SSLEngine on
        SSLProxyEngine on
        SSLProxyVerify none
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        ProxyRequests off
        ProxyPreserveHost on
        <Location />
            ProxyPass https://192.168.1.9:8006/
            ProxyPassReverse https://192.168.1.9:8006/
        </Location>
        <LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
            ProxyPass wss://192.168.1.9:8006/$1 retry=0
        </LocationMatch>
        <Location /websockify>
            ProxyPass ws://192.168.1.9:8006
            ProxyPassReverse ws://192.168.1.9:8006
        </Location>
        <LocationMatch ^/(api2/json/nodes/[^\/]+/vncwebsocket.*)$>
        ProxyPass wss://192.168.1.9:8006/$1 retry=0
        </LocationMatch>
</VirtualHost>
</IfModule>

when I try a2ensite and restart apache service i receive this error:

Code:
apache2.service - The Apache HTTP Server
   Loaded: loaded (/lib/systemd/system/apache2.service; enabled; vendor preset: enabled)
   Active: failed (Result: exit-code) since Fri 2019-11-15 21:25:54 UTC; 9s ago
  Process: 1228 ExecStop=/usr/sbin/apachectl stop (code=exited, status=0/SUCCESS)
  Process: 1224 ExecReload=/usr/sbin/apachectl graceful (code=exited, status=0/SUCCESS)
 Main PID: 172 (code=exited, status=1/FAILURE)

Nov 15 21:16:24 Apache systemd[1]: Starting The Apache HTTP Server...
Nov 15 21:16:24 Apache systemd[1]: Started The Apache HTTP Server.
Nov 15 21:25:54 Apache systemd[1]: apache2.service: Failed to reset devices.list: Operation not permitted
Nov 15 21:25:54 Apache systemd[1]: apache2.service: Failed to set invocation ID on control group /system.slice/apache2.service, ignoring: Operation not permitted
Nov 15 21:25:54 Apache systemd[1]: Reloading The Apache HTTP Server.
Nov 15 21:25:54 Apache systemd[1]: Reloaded The Apache HTTP Server.
Nov 15 21:25:54 Apache systemd[1]: apache2.service: Main process exited, code=exited, status=1/FAILURE
Nov 15 21:25:54 Apache apachectl[1228]: httpd (pid 172?) not running
Nov 15 21:25:54 Apache systemd[1]: apache2.service: Unit entered failed state.
Nov 15 21:25:54 Apache systemd[1]: apache2.service: Failed with result 'exit-code'.

Can you please help me? I'm new on this stuff
 

bluesite

Well-Known Member
Oct 18, 2017
170
36
48
46
thanx this is also working for me at proxmox 6.3.6 but i have added htauth at my config so it is a little bit secured an added totp at my user in proxmox to secure my user

Code:
<Proxy *>
                        Order deny,allow
                        Allow from all
                        Authtype Basic
                        Authname "Password Required"
                        AuthUserFile /etc/apache2/passwd
                        Require valid-user
</Proxy>

here is my complete config file

Code:
<IfModule mod_ssl.c>
        <VirtualHost _default_:443>
                ServerName pvedomain.tld
                ServerAlias pvedomain.tld

                SSLProxyEngine On
                SSLProxyVerify none
                SSLProxyCheckPeerCN off
                SSLProxyCheckPeerName off
                SSLProxyCheckPeerExpire off

                ErrorLog /var/log/apache2/pve_error.log
                CustomLog /var/log/apache2/pve_access.log combined

                ProxyRequests Off
                ProxyPreserveHost on

                <Location />
                    ProxyPass https://x.x.x.x:8006/
                    ProxyPassReverse https://x.x.x.x:8006/
                </Location>

                <LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
                    ProxyPass wss://x.x.x.x:8006/$1 retry=0
                </LocationMatch>

                <Location /websockify>
                    ProxyPass ws://x.x.x.x:8006
                    ProxyPassReverse ws://x.x.x.x:8006
                </Location>

                SSLCertificateFile      /etc/letsencrypt/live/pvedomain.tld/cert.pem
                SSLCertificateKeyFile /etc/letsencrypt/live/pvedomain.tld/privkey.pem
                SSLCertificateChainFile /etc/letsencrypt/live/pvedomain.tld/chain.pem
                <Proxy *>
                        Order deny,allow
                        Allow from all
                        Authtype Basic
                        Authname "Password Required"
                        AuthUserFile /etc/apache2/passwd
                        Require valid-user
                </Proxy>
        </VirtualHost>
</IfModule>

i have changed my domian and ips in the example
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!