starred/proxmox-service-discovery
1
0
Fork 0
mirror of https://github.com/andrew-d/proxmox-service-discovery.git synced 2026-04-26 12:55:51 +03:00
Code Issues 9 Projects Releases Packages Wiki Activity

[GH-ISSUE #4] Unable to start the demon #1

New issue
Open
opened 2026-03-14 08:22:51 +03:00 by kerem · 3 comments
kerem commented 2026-03-14 08:22:51 +03:00
Owner
Copy link

Originally created by @pippo73 on GitHub (Apr 10, 2025).
Original GitHub issue: https://github.com/andrew-d/proxmox-service-discovery/issues/4

Originally assigned to: @andrew-d on GitHub.

Hi,
I'm trying to start this service but I get an error:

$ ./proxmox-service-discovery \
  --proxmox-host=https://myFQDN \
  --proxmox-user=user@pve \
  --proxmox-token-id=mc-DNS \
  --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx \
  --dns-zone=my.lan
2025/04/10 18:42:59 INFO performing initial DNS record fetch
2025/04/10 18:42:59 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://myFQDN/api2/json/nodes\": dial tcp 192.168.1.200:443: connect: connection refused"

I'm exposing the nameserver trought a cloudflare tunnel on a 443, but it seem that it searches on the 443 port also on the interlan il instead of 8006.

Is there a way to fix it?

tnx

Originally created by @pippo73 on GitHub (Apr 10, 2025). Original GitHub issue: https://github.com/andrew-d/proxmox-service-discovery/issues/4 Originally assigned to: @andrew-d on GitHub. Hi, I'm trying to start this service but I get an error: ``` $ ./proxmox-service-discovery \ --proxmox-host=https://myFQDN \ --proxmox-user=user@pve \ --proxmox-token-id=mc-DNS \ --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx \ --dns-zone=my.lan 2025/04/10 18:42:59 INFO performing initial DNS record fetch 2025/04/10 18:42:59 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://myFQDN/api2/json/nodes\": dial tcp 192.168.1.200:443: connect: connection refused" ``` I'm exposing the nameserver trought a cloudflare tunnel on a 443, but it seem that it searches on the 443 port also on the interlan il instead of 8006. Is there a way to fix it? tnx
kerem commented 2026-03-14 08:22:57 +03:00
Author
Owner
Copy link

@andrew-d commented on GitHub (Apr 10, 2025):

I should probably clarify the documentation, but you need to use the full URL + port in the --proxmox-host flag; for example, --proxmox-host=https://myFQDN:8006. Let me know if that works for you?

<!-- gh-comment-id:2795392807 --> @andrew-d commented on GitHub (Apr 10, 2025): I should probably clarify the documentation, but you need to use the full URL + port in the `--proxmox-host` flag; for example, `--proxmox-host=https://myFQDN:8006`. Let me know if that works for you?
kerem commented 2026-03-14 08:23:02 +03:00
Author
Owner
Copy link

@pippo73 commented on GitHub (Apr 11, 2025):

No, I think I was not clear. My situation is this way:

internet => FQDN:443 => cloudflare tunner => myinernalserver:8006

so what should I put in --proxmox-host part?

If I set the FQDN the port 443 is not correct on the internal address because the port is 8006

$ ./proxmox-service-discovery   --proxmox-host=https://myFQDN:443   --proxmox-user=user_name@pve   --proxmox-token-id=mc-DNS   --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx    --dns-zone=leo.lan
2025/04/11 08:06:28 INFO performing initial DNS record fetch
2025/04/11 08:06:28 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://myFQDN:443/api2/json/nodes\": dial tcp 192.168.1.200:443: connect: connection refused"

if I set the port 8006 it is closed to the big internet

$ ./proxmox-service-discovery   --proxmox-host=https://myFQDN:8006   --proxmox-user=user_name@pve   --proxmox-token-id=mc-DNS   --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx    --dns-zone=leo.lan
2025/04/11 08:06:47 INFO performing initial DNS record fetch
2025/04/11 08:06:47 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://myFQDN:8006/api2/json/nodes\": tls: failed to verify certificate: x509: certificate signed by unknown authority"

and I cannot set the internal addes with the right port beacuse in this case the DNS is not correct

$ ./proxmox-service-discovery   --proxmox-host=https://192.168.1.200:8006   --proxmox-user=user_name@pve   --proxmox-token-id=mc-DNS   --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx    --dns-zone=leo.lan
2025/04/11 08:10:05 INFO performing initial DNS record fetch
2025/04/11 08:10:05 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://192.168.1.200:8006/api2/json/nodes\": tls: failed to verify certificate: x509: certificate signed by unknown authority"

Hope now I'm more clear

<!-- gh-comment-id:2795934068 --> @pippo73 commented on GitHub (Apr 11, 2025): No, I think I was not clear. My situation is this way: internet => FQDN:443 => cloudflare tunner => myinernalserver:8006 so what should I put in _--proxmox-host_ part? If I set the FQDN the port 443 is not correct on the internal address because the port is 8006 ``` $ ./proxmox-service-discovery --proxmox-host=https://myFQDN:443 --proxmox-user=user_name@pve --proxmox-token-id=mc-DNS --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx --dns-zone=leo.lan 2025/04/11 08:06:28 INFO performing initial DNS record fetch 2025/04/11 08:06:28 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://myFQDN:443/api2/json/nodes\": dial tcp 192.168.1.200:443: connect: connection refused" ``` if I set the port 8006 it is closed to the big internet ``` $ ./proxmox-service-discovery --proxmox-host=https://myFQDN:8006 --proxmox-user=user_name@pve --proxmox-token-id=mc-DNS --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx --dns-zone=leo.lan 2025/04/11 08:06:47 INFO performing initial DNS record fetch 2025/04/11 08:06:47 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://myFQDN:8006/api2/json/nodes\": tls: failed to verify certificate: x509: certificate signed by unknown authority" ``` and I cannot set the internal addes with the right port beacuse in this case the DNS is not correct ``` $ ./proxmox-service-discovery --proxmox-host=https://192.168.1.200:8006 --proxmox-user=user_name@pve --proxmox-token-id=mc-DNS --proxmox-token-secret=xxxxxxxx-xxxx-xxxx-xxxx-xxxxcodexxxxxxxx --dns-zone=leo.lan 2025/04/11 08:10:05 INFO performing initial DNS record fetch 2025/04/11 08:10:05 ERROR error fetching initial DNS records error="fetching inventory: fetching inventory from Proxmox: fetching nodes: sending HTTP request: Get \"https://192.168.1.200:8006/api2/json/nodes\": tls: failed to verify certificate: x509: certificate signed by unknown authority" ``` Hope now I'm more clear
kerem commented 2026-03-14 08:23:07 +03:00
Author
Owner
Copy link

@andrew-d commented on GitHub (Apr 11, 2025):

Aha, I see the issue. I use a publicly-trusted TLS certificate for my proxmox host, but tls: failed to verify certificate: x509: certificate signed by unknown authority indicates that you're either using a self-signed certificate, or a certificate where the name on the certificate doesn't match the address that you connect to. I've just added the --tls-no-verify flag in #6 which will turn off certificate verification, and I've filed #7 to track additional improvements here. Can you test with that new flag?

<!-- gh-comment-id:2797489735 --> @andrew-d commented on GitHub (Apr 11, 2025): Aha, I see the issue. I use a publicly-trusted TLS certificate for my proxmox host, but `tls: failed to verify certificate: x509: certificate signed by unknown authority` indicates that you're either using a self-signed certificate, or a certificate where the name on the certificate doesn't match the address that you connect to. I've just added the `--tls-no-verify` flag in #6 which will turn off certificate verification, and I've filed #7 to track additional improvements here. Can you test with that new flag?
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
main
andrew/address-refactor
No results found.
Labels
Clear labels   
pull-request

Mirrored from GitHub Pull Request

No labels
pull-request
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/proxmox-service-discovery#1
No description provided.