windows icon indicating copy to clipboard operation
windows copied to clipboard
verified publisher icon dockur

VNC cannot connect to windows instance through reverse proxy (traefik)

Open bobsdacool opened this issue 6 months ago • 1 comments

Operating system

Docker version 28.2.2, build e6534b4

Description

I'm trying to put this service behind a reverse proxy (traefik) but I'm having issues.

Whilst access on localhost on port 8006, and rdp on the appropriate ports work, I am struggling to access through my reverse proxy.

VNC can't connect to the windows server apparently, and there are no logs at all in the container. RDP won't connect full stop over reverse proxy.

This is the only instance where I've had this issue with VNC behind traefik, other services I have like linuxservers inkscape etc... run through vnc and have no issues with this.

Any help is much appreciated.

Edit: it seems that the implementation of ws here is for non encrypted connections, whilst I am looking for encrypted connections. This was supposed to be changed as of v4.04 per this thread here, but this may yet be an issue. https://github.com/dockur/windows/issues/808 I am not willing to open unencrypted connections to my server, I hope this is understandable.

Edit2: What actually seems to be happening is that ports 3389 and 8006 are not accessible when not directly port forwarded through docker. Unfortunately utilising expose: instead of ports: does not fix this an issue. So for instance with

ports:
    - 3389:3389/tcp
    - 3389:3389/udp

works, but with

expose:
    - 3389:3389/tcp
    - 3389:3389/udp

does not

Docker compose

labels:
      - traefik.enable=true
      - traefik.docker.network=traefik_windows
      - traefik.http.routers.windows-secure.entrypoints=websecure
      - traefik.http.routers.windows-secure.rule=Host("windows.domain")
      - traefik.http.services.windows-secure.loadbalancer.server.port=8006
      - traefik.http.routers.windows-secure.middlewares=middlewares-authentik@file

Docker log

2025-07-05T14:35:30.861307470Z ❯ Booting Windows using QEMU v10.0.0...

2025-07-05T14:35:31.851448252Z BdsDxe: loading Boot0004 "Windows Boot Manager" from HD(1,GPT,6D07947E-C43A-44AB-ACAD-4A5AC8DE86BA,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi

2025-07-05T14:35:31.854514027Z BdsDxe: starting Boot0004 "Windows Boot Manager" from HD(1,GPT,6D07947E-C43A-44AB-ACAD-4A5AC8DE86BA,0x800,0x40000)/\EFI\Microsoft\Boot\bootmgfw.efi

2025-07-05T14:36:01.068147767Z ❯ Windows started succesfully, visit http://127.0.0.1:8006/ to view the screen...

Screenshots (optional)

No response

bobsdacool avatar Jul 05 '25 14:07 bobsdacool

Try using v5.00 of the container, putting port 8006 behind a reverse proxy should work now.

kroese avatar Sep 18 '25 18:09 kroese