proxmox logo

Proxmox VNC Behind HAProxy

Posted by

I have noticed that a match made in heaven is Proxmox with HAProxy. HAProxy provides the high availability we need on for the frontend configuration UI of Proxmox. When working with my Proxmox cluster I was unable to get the VNC WSS client working properly. I noticed this only after putting my cluster behind HAProxy. There are a few gotchas with HAProxy and Proxmox that I discovered.

After switching to HAProxy, I was unable to login and was getting a blank page unless I cleared my cookies in the browser. I noticed the cookie that Proxmox was saving, and then I made a modification to that cookie. Then I ran into issues with Proxmox VNC over HAProxy.

Fixing Options

Once I did get login to work I could not get Proxmox VNC over HAProxy to work. I was able to fix this by:

  1. Only using a single backend.
  2. Switch away from round-robin mode.
  3. Tweaking Proxmox HAProxy backends to allow for HAProxy to keep the same backend used during the browser session.

I could not use option #1 because that would defeat the point of HAProxy running above Proxmox.

I could not go with option #2 as I wanted to have more users and load-balance according to the user logged in.

So, I decided to go with option #3. I implemented this option with HAProxy and sticky cookie sessions.

This has all been done after setting up HAProxy on Ubuntu a quick guide can be seen here. After this setup is completed we can now look at the frontend code which is pretty simple if proxmox is your default backend.

default_backend proxmox

HAProxy Cookie Fix

From here we will need to look into the proxmox backend settings and this is where the HAProxy magic happens. You will want to add the following portion to your backend settings:

cookie SERVERID insert indirect nocache

You will also need to add in the setting to the actual backend to allow for a cookie. Here is an example of the server backend:

server proxmox-nuc3 192.168.1.14:8006 maxconn 501 cookie S3 check ssl verify none

Full Backend Configuraiton

After completing all the configuration changes described above we get a proxmox backend configuration that looks like the following:

backend proxmox
   description Back-end proxmox
   mode http
   balance roundrobin
   option forwardfor
   option httpchk GET /
   cookie SERVERID insert indirect nocache
   http-request set-header X-Forwarded-Port %[dst_port]
   http-request add-header X-Forwarded-Proto https if { ssl_fc }
   server proxmox-nuc1 192.168.1.12:8006 cookie S1 check ssl verify none
   server proxmox-nuc2 192.168.1.13:8006 cookie S2 check ssl verify none
   server proxmox-nuc3 192.168.1.14:8006 cookie S3 check ssl verify none

Verification

Getting Proxmox to work with HAProxy has been great for us especially for high availability issues that might arise for configuring Proxmox when a HV is down. This doesn’t often happen in Proxmox but any high availability is good, HA!

As we can see from the screenshot below VNC now works on proxmox through HAProxy this works across reboots, across browsers, and sessions. We can see from the screenshot below that starting up proxmox VNC on a VM works without anything being stuck or getting those pesky WSS timeouts.

Share of working proxmox through haproxy

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.