[GH-ISSUE #50] Question: do proxmox nodes share auth token? #23

New issue

Closed

opened 2026-02-27 15:46:01 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 15:46:01 +03:00

Owner

Originally created by @variable on GitHub (Apr 23, 2021).
Original GitHub issue: https://github.com/proxmoxer/proxmoxer/issues/50

Let's say I have setup a proxmox api load balancer that reverse proxy to my cluster.

If the load balancer switch to another node, does the existing auth token still work?

Originally created by @variable on GitHub (Apr 23, 2021). Original GitHub issue: https://github.com/proxmoxer/proxmoxer/issues/50 Let's say I have setup a proxmox api load balancer that reverse proxy to my cluster. If the load balancer switch to another node, does the existing auth token still work?

kerem

2026-02-27 15:46:01 +03:00

closed this issue
added the
backend:https

type:question ❓
labels

kerem commented

2026-02-27 15:46:01 +03:00

Author

Owner

@jhollowe commented on GitHub (May 21, 2021):

yes, if your nodes are in a cluster, load balancing across their API will work.

I tested this by creating 2 nodes (in VMs) and joining them together in a cluster. I then created a container on one node, installed nginx, and added the following to /etc/nginx/nginx.conf:

stream {
        upstream api_nodes {
                server 10.0.1.111:8006;
                server 10.0.1.112:8006;
        }

        server {
                listen 8006;
                proxy_pass api_nodes;
        }
}

using the container's IP address, I can access the web UI or use proxmoxer and the calls are evenly distributed between the two nodes. If I were actually doing this for continued use, I would add hash $remote_addr; to the upstream so connections from any give IP are tied to a specific node. This means all the traffic from your computer will go to one node, but multiple clients will be load balanced across the nodes.

I think load balancing individual requests between nodes is okay, but there might be weird race conditions or different responses that I haven't seen. I would try to tie connections (or at least chunks of requests) to a single node (like done above with the hash of the IP).

@jhollowe commented on GitHub (May 21, 2021): yes, if your nodes are in a cluster, load balancing across their API will work. I tested this by creating 2 nodes (in VMs) and joining them together in a cluster. I then created a container on one node, installed nginx, and added the following to `/etc/nginx/nginx.conf`: ``` stream { upstream api_nodes { server 10.0.1.111:8006; server 10.0.1.112:8006; } server { listen 8006; proxy_pass api_nodes; } } ``` using the container's IP address, I can access the web UI or use proxmoxer and the calls are evenly distributed between the two nodes. If I were actually doing this for continued use, I would add `hash $remote_addr;` to the upstream so connections from any give IP are tied to a specific node. This means all the traffic from your computer will go to one node, but multiple clients will be load balanced across the nodes. I *think* load balancing individual requests between nodes is okay, but there might be weird race conditions or different responses that I haven't seen. I would try to tie connections (or at least chunks of requests) to a single node (like done above with the hash of the IP).

kerem commented

2026-02-27 15:46:02 +03:00

Author

Owner

@jhollowe commented on GitHub (May 21, 2021):

also note, this will only work when not verifying SSL certificates or updating the certificates on all nodes to allow the IP and/or hostname of the load balancer.

@jhollowe commented on GitHub (May 21, 2021): also note, this will only work when not verifying SSL certificates or updating the certificates on all nodes to allow the IP and/or hostname of the load balancer.

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/proxmoxer#23

No description provided.

Rows
Columns