Reverse Proxy Proxmox with Apache

Reverse Proxy Proxmox with Apache

Get Social!

proxmox logo gradThe Proxmox web GUI is accessible on port 8006 by default using SSL encryption. The web GUI is served by the built in Proxmox lightweight HTTP server however changing the config could cause issues when upgrading to future Proxmox releases. The easiest way to expose the Proxmox web GUI externally is to use Apache to reverse proxy the site. You can then add additional security or specify SSL certificates at the proxy level without interfering with the Proxmox installation.

See my blog post on the basics of using Apache to reverse proxy websites.

To setup the reverse proxy for Proxmox, create a new sites-available entry called proxmox.

vi /etc/apache2/sites-available/proxmox

Add the following to the file and substitute a few settings for your own environment:

  • proxmox.cer – change to your SSL certificate for Proxmox
  • proxmox.key – change to the SSL certificate key for Proxmox.
  • proxmox.host – appears in the Location tags and must be the IP address or resolvable hostname of your internal Proxmox server. The ServerAdmin attribute is an email address which will be displayed on error pages such as 404.
  • proxmox.jamescoyle.net – change this to the external URL which will be used to access the reverse proxy server. The server will only proxy requests which contain this URL.
  SSLEngine On
  SSLCertificateFile /etc/apache2/ssl/proxmox.cer
  SSLCertificateKeyFile /etc/apache2/ssl/proxmox.key
  SSLProxyEngine on
  SSLProxyVerify none

  ServerAdmin [email protected]
  DocumentRoot /var/www
  ServerName proxmox.jamescoyle.net

  # Possible values include: debug, info, notice, warn, error, crit,alert, emerg.
  LogLevel warn
  CustomLog ${APACHE_LOG_DIR}/proxmox-access.log combined
  ErrorLog ${APACHE_LOG_DIR}/proxmox-error.log

  ProxyRequests off
  ProxyPreserveHost on
  RequestHeader unset Accept-Encoding

  
     ProxyPass https://proxmox.host:8006/
     ProxyPassReverse https://proxmox.host:8006/
     Order allow,deny
     Allow from all
  

Enable the new site in Apache. In Ubuntu the command a2ensite will create the symlink, or you can create it manually.

a2ensite proxmox

Reload Apache to load the new configuration.

service apache2 reload


8 Comments

sergii

16-Jul-2014 at 3:48 pm

Please help with proxmox>>I have 1 ssd 120 gb for the system and 4tb for storage .The problem is how to make 4 different lvm partitions like
1. 1tb virtual mashine
2. 1tb video storage
3. 1tb pictures
4. 700 gb free space [for later on]
and use lv partition nomber 1 . 1tb virtual mashine for storage
can you help me ?
I tried for 72 hours but no luck , google fu works only for simple staff . Thank YOU

Danny

1-Dec-2015 at 7:07 pm

Hi James,

Big fan of your site, your guides have been really helpful in the past!

I followed a similar guide to set up an Apache reverse proxy server for my Proxmox server. It’s working great, except for the noVNC console, which throws a sever disconnected error (code: 1006). I haven’t been able to figure it out myself, although I think it’s related to web sockets per your other article here: http://www.jamescoyle.net/how-to/1736-reverse-proxy-proxmox-vnc-with-nginx. Would you consider doing a similar article for Apache?

Once again, love the site. Thanks for putting up all these excellent articles!

Cheers,

Danny

    james.coyle

    1-Dec-2015 at 8:21 pm

    Hi Danny,

    I’m forever banging on about Nginx to people simply because it’s a technology developed in the 21st century, for the 21st century. Web sockets have been supported by Nginx for a while now and work flawlessly. The 2.2 version of Apache, however, doesn’t support web sockets but luckily version 2.4 does with the module proxy_wstunnel.

    I haven’t used it – I ditched Apache for most things some time ago – but if you can apt-get/ yum the module you should be in business.

    Thanks for the kind comments, all the best.

    James.

      Marco

      10-Jul-2019 at 2:21 pm

      Apache 2.4.38 here, seems the problem persists with proxy_wstunnel.
      Please, can you refresh the guide?

Corto Malese

22-Sep-2019 at 3:20 pm

Hi. Thank you for this tuto. I get an error with line “Order allow,deny” : “order not allowed here”.
Can you help me please ?

etron770

27-Sep-2019 at 8:13 am

Put it above like:

RequestHeader unset Accept-Encoding

Order deny,allow
Allow from all

ProxyPass /

etron770

27-Sep-2019 at 8:17 am

substitute [angle bracket …] with angle brackets they have been deletes in the last reply

RequestHeader unset Accept-Encoding

[angle bracket open]Proxy *[angle bracket close]
Order deny,allow
Allow from all
[angle bracket open]/Proxy[angle bracket close]

ProxyPass /

Leave a Reply to etron770 Cancel reply

Visit our advertisers

Quick Poll

Do you use ZFS on Linux?

Visit our advertisers