he have a php application that has access to proxmox and display the vnc console by sharing the token. this is in a apache2 server. We try to proxying the vnc requests behind apache so the end user has no direct access to proxmox. The issue based on the logs that there is no handler for apache:
AH01144: No protocol handler was valid for the URL /api2/json/nodes/server/qemu/vmid/vncwebsocket (scheme 'wss'). If you are using a DSO version of mod_proxy, make sure the proxy submodules are included in the configuration using LoadModule.
My issue is that the module is loaded and the server has been restarted:
root@server-01:~# apache2ctl -M
Loaded Modules:
core_module (static)
so_module (static)
watchdog_module (static)
http_module (static)
log_config_module (static)
logio_module (static)
version_module (static)
unixd_module (static)
access_compat_module (shared)
alias_module (shared)
auth_basic_module (shared)
authn_core_module (shared)
authn_file_module (shared)
authz_core_module (shared)
authz_host_module (shared)
authz_user_module (shared)
autoindex_module (shared)
deflate_module (shared)
dir_module (shared)
dumpio_module (shared)
env_module (shared)
filter_module (shared)
mime_module (shared)
mpm_prefork_module (shared)
negotiation_module (shared)
php7_module (shared)
proxy_module (shared)
proxy_ajp_module (shared)
proxy_balancer_module (shared)
proxy_http_module (shared)
proxy_wstunnel_module (shared)
reqtimeout_module (shared)
rewrite_module (shared)
setenvif_module (shared)
slotmem_shm_module (shared)
socache_shmcb_module (shared)
ssl_module (shared)
status_module (shared)
The implementation is based on the following guide:
https://forum.proxmox.com/threads/working-novnc-with-reverse-proxy-on-5-1.43644/
the apache config for proxying to proxmox is:
root@server01:~# cat /etc/apache2/sites-enabled/proxy-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName app01-proxy
ServerAdmin webmaster@localhost
SSLProxyEngine on
LogLevel dumpio:trace7
DumpIOInput on
DumpIOOutput on
<Location />
ProxyPass https://proxmoxserver:8006/
ProxyPassReverse https://proxmoxserver:8006/
</Location>
<LocationMatch ^/(api2/json/nodes/[^\/]+/[^\/]+/[^\/]+/vncwebsocket.*)$>
ProxyPass wss://proxmoxserver:8006/$1 retry=0
</LocationMatch>
<Location /websockify>
ProxyPass ws://proxmoxserver:8006/
ProxyPassReverse ws://proxmoxserver:8006/
</Location>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
and the other config for the local application:
root@server-01:~# cat /etc/apache2/sites-enabled/console-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName app01
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/hyper-controller/public
<Directory /var/www/html/hyper-controller/public>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Order allow,deny
allow from all
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
php_flag log_errors on
php_flag display_errors on
php_value error_reporting 2147483647
php_value error_log /var/log/php.error.log
</VirtualHost>
</IfModule>
the occured error on browser level is:
error
