I have noticed that a match made in heaven is Proxmox with HAProxy. HAProxy provides the high availability we need on for the frontend configuration UI of Proxmox. When working with my Proxmox cluster I was unable to get the VNC WSS client working properly. I noticed this only after putting my cluster behind HAProxy. There are a few gotchas with HAProxy and Proxmox that I discovered.
After switching to HAProxy, I was unable to login and was getting a blank page unless I cleared my cookies in the browser. I noticed the cookie that Proxmox was saving, and then I made a modification to that cookie. Then I ran into issues with Proxmox VNC over HAProxy.
Fixing Options
Once I did get login to work I could not get Proxmox VNC over HAProxy to work. I was able to fix this by:
- Only using a single backend.
- Switch away from round-robin mode.
- Tweaking Proxmox HAProxy backends to allow for HAProxy to keep the same backend used during the browser session.
I could not use option #1 because that would defeat the point of HAProxy running above Proxmox.
I could not go with option #2 as I wanted to have more users and load-balance according to the user logged in.
So, I decided to go with option #3. I implemented this option with HAProxy and sticky cookie sessions.
This has all been done after setting up HAProxy on Ubuntu a quick guide can be seen here. After this setup is completed we can now look at the frontend code which is pretty simple if proxmox is your default backend.
default_backend proxmox
HAProxy Cookie Fix
From here we will need to look into the proxmox backend settings and this is where the HAProxy magic happens. You will want to add the following portion to your backend settings:
cookie SERVERID insert indirect nocache
You will also need to add in the setting to the actual backend to allow for a cookie. Here is an example of the server backend:
server proxmox-nuc3 192.168.1.14:8006 maxconn 501 cookie S3 check ssl verify none
Full Backend Configuraiton
After completing all the configuration changes described above we get a proxmox backend configuration that looks like the following:
backend proxmox
description Back-end proxmox
mode http
balance roundrobin
option forwardfor
option httpchk GET /
cookie SERVERID insert indirect nocache
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
server proxmox-nuc1 192.168.1.12:8006 cookie S1 check ssl verify none
server proxmox-nuc2 192.168.1.13:8006 cookie S2 check ssl verify none
server proxmox-nuc3 192.168.1.14:8006 cookie S3 check ssl verify none
Verification
Getting Proxmox to work with HAProxy has been great for us especially for high availability issues that might arise for configuring Proxmox when a HV is down. This doesn’t often happen in Proxmox but any high availability is good, HA!
As we can see from the screenshot below VNC now works on proxmox through HAProxy this works across reboots, across browsers, and sessions. We can see from the screenshot below that starting up proxmox VNC on a VM works without anything being stuck or getting those pesky WSS timeouts.
Awesome stuff – it really helped me in getting my site started!
Thank you verry much, that’s exactly what’s i’m looking for. thanks again 🙂
[…] is what spurred this article for me. I found this post related to Proxmox and HAProxy. So, I knew cookies have to be my problem as initially I did not […]
[…] Try out this tutorial too Proxmox VNC Behind HAProxy […]