Connections
The Connections page is where you manage your Proxmox VE (PVE) and Proxmox Backup Server (PBS) connections. Each connection represents a link between ProxCenter and a Proxmox instance, providing the credentials and access configuration needed to communicate with the Proxmox API and SSH.
Overview
ProxCenter needs two types of access to fully manage a Proxmox instance:
- API access -- Used for reading cluster state, managing VMs, monitoring resources, and executing most operations
- SSH access -- Used for operations that require direct node access, such as disk imports, compliance scans, CVE scanning, and system updates
Adding a Connection
- Navigate to Settings > Connections
- Click Add Connection
- Select the connection type: Proxmox VE or Proxmox Backup Server
- Fill in the connection details
PVE Connection Settings
| Field | Description |
|---|---|
| Name | A friendly name for this connection (e.g., "Production Cluster") |
| Host | The IP address or hostname of any node in the cluster |
| Port | API port (default: 8006) |
| Token ID | API token in the format user@realm!tokenid |
| Token Secret | The API token secret |
| SSH User | SSH username for node access (default: root) |
| SSH Port | SSH port (default: 22) |
| SSH Key / Password | Authentication method for SSH |
| Verify TLS | Whether to validate the server's TLS certificate |
PBS Connection Settings
| Field | Description |
|---|---|
| Name | A friendly name for this PBS instance |
| Host | The IP address or hostname of the PBS server |
| Port | API port (default: 8007) |
| Token ID | API token for PBS access |
| Token Secret | The API token secret |
| Fingerprint | The PBS server's TLS certificate fingerprint (optional) |
API Token Setup
ProxCenter uses Proxmox API tokens rather than username/password authentication. To create an API token on Proxmox:
- Log in to the Proxmox web UI
- Go to Datacenter > Permissions > API Tokens
- Click Add and select the user (e.g.,
root@pam) - Uncheck Privilege Separation if you want the token to inherit the user's full permissions
- Copy the token ID and secret -- the secret is only shown once
The API token secret is only displayed at creation time. If you lose it, you must create a new token. Store it securely.
Reverse Proxy Configuration
If your Proxmox instance is behind a reverse proxy (e.g., nginx, Traefik, HAProxy), ensure the proxy forwards WebSocket connections, as ProxCenter uses them for real-time updates. The proxy should pass through the Upgrade and Connection headers.
When using a reverse proxy with TLS termination, you can disable TLS verification in the ProxCenter connection settings since the connection between the proxy and Proxmox will be internal.
Connection Health
Each connection shows a status indicator:
- Connected -- API and SSH connections are both active
- API Only -- API is reachable but SSH is not configured or unreachable
- Disconnected -- Cannot reach the Proxmox instance
ProxCenter periodically checks connection health and alerts you if a connection goes down.
Permissions
| Permission | Description |
|---|---|
connection.view | View configured connections |
connection.manage | Add, edit, and delete connections |