[PVE-User] Console issue with reverse proxy.
Alexandre Kouznetsov
alk at ondore.com
Tue Jun 18 17:38:39 CEST 2013
Hello.
El 05/06/13 06:33, Julien Groselle escribió:
> Just one point failed :
> The web browser send a request to our proxy which redirect us on a
> proxmox node. And if I open a VM Console, proxmox send the request to
> the proxy and not to my web browser.
Yes, this is a issue that comes not from a bug, but from design.
I'm not sure what do you mean by "proxmox send the request". My whole
impression is that the web browser implements a VNC client and try to
connect to Proxmox. In your case, instead it connects to the reverse
proxy which of course has no VNC server listening.
I have solved this myself via NAT:
- My reverse proxy has a public IP and a private IP. It has enabled IP
forwarding and fairly simple iptables setup.
- Reverse proxy accepts incoming connections from outside at ports
5900:6000 and DNAT them to the chosen Proxmox node (same that acts as
web backend).
- Reverse proxy accepts forwarding from Proxmox node to outside and does
SNAT on it's external interface.
- The Proxmox node is forced to route outgoing packets from VNC server
via the reverse proxy. This may be done just setting default route or
tricking policy based routing, both work.
The load balance is not possible with this setup, at least not
automatically. But Proxmox's IP is not exposed to the evil Internets.
Greetings.
--
Alexandre Kouznetsov
More information about the pve-user
mailing list