Hi AP, I have Proxmox running bare metal with a VM running both Incus and ssh2incus. Is it possible to open a Browser on the host and forward localhost:2280 to ssh2incus web console? Version 1.0 ssh2incus. Version 6.23 Incus. Ubuntu 24.04.4 LTS. Cheers.
Browser on Proxmox host - forward localhost:2280 to ssh2incus in an Incus VM
nickwalt
1
Viewed 25
3 Answers
Thanks for your question!
The easiest way to expose a VM port on a localhost is using Caddy reverse proxy. VM port/socket must be reachable from the host.
Caddy supports many kinds of upstream servers, see here https://caddyserver.com/docs/caddyfile/directives/reverse_proxy#upstream-addresses
If you can describe your specific use case, I can give you an exact instruction on how to configure it using a few different approaches.
Hi Arthur — Proxmox is running as a Workstation OS and this Incus-ssh2incus combo is an alternative to Podman-Devpod. The environment will run a Scaffolding / Harness for Claude Code models that create and interact with containers. It's not a commercial production environment. However, this is likely a common workstation setup.
The AI will run completely isolated from the host within the VM. It will be limited to only direct-to-Internet access.
Vsock looks awesome as a long term solution for host-to-vm connectivity that isn't exposed on any network. Vsock vhost-user is a more secure user-mode option (not kernel-mode).
Another option could be a dedicated management network from host to VM. Isolated from the internet, although not sure if that is even possible to configure. Not a fan of the way Linux does networking — it's very server-centric in concept and terminology and implementations are limiting and fragmented. Talk about ripping hair out trying to find solutions!
Caddy looks unbelievably good! Thanks 😁 maybe I can implement a Tailscale Headscale network from within the VM in front of Caddy.
Workstation is an Epyc ROME Supermicro server platform with 32 cores, 384GB RAM, multiple PCIe-x4 direct-to-cpu nvme ssds. The VM currently has 8 cores, 32GB assigned but can bump up to 64+ as it grows.
Each Container will host a distinct developer environment that I hope to connect to as a Workspace configured in vscodium, without Devcontainers.
Would the proxy be installed on the Proxmox host to capture localhost and other URLs for routing to VMs and Containers?
Nick, what you're describing aligns with what we've been doing internally for several years. We're preparing to open-source our tools and workflows, including Tailscale-Headscale integration through our management platform. This will launch soon under the Tailhead brand name.
I'll be happy to help you personally with what you are looking for. Drop a note to ask at ssh2incus.com and I'll get back to you.
Hi Arthur, sounds awesome! The AI Scaffolding Harness is PAI:
https://github.com/danielmiessler/Personal_AI_Infrastructure
Regarding the OP, I'll setup a host-only-network bridge via Proxmox and add an OOBM interface on the host and VM. Then redirect <vm-oobm-ip>:2280 to vm-localhost:2280 and point the host browser URL to the VM's new listen port <vm-oobmip>:2280.
Ok, so Incus Forwards don't allow bridge to localhost port redirection. Only redirection within the same subnet although the docs refers to a network. Will use nftables (Incus default).
Looking for a way to use Sockets from the browser through the host OS (Proxmox Debian) to the targeted VM running Ubuntu. Would like to avoid IP and SSH port forwarding.
Seems like vsock is the solution but how to redirect a browser URL on the host through to an app running in a VM?
https://lencerf.github.io/post/2023-05-28-virtio-vhost-vsock/