With the release of Proxmox VE 3.0 back in May 2013, the Proxmox VE web interface does no longer require Apache. Instead, they’re using now a new event driven API server called pveproxy. That was actually a great step ahead, as we all know Apache get’s bulkier every day and the new pveproxy is a much more lightweight solution. But the question arose:
How do I protect my Proxmox VE WebUI with basic user authentication?
Basically, we do not trust any web application out there so we better double protect the whole WebUI with plain old basic auth – previously done in Apache by .htaccess.
The main idea:
- Restrict access to the pveproxy (= Web UI) to localhost
- Install a local Nginx web proxy server that forwards requests from port 443 to pveproxy’s port 8006 and restrict access to it using HTTP BASIC AUTH