Currently stuck with connectivity issue to HTTPS. Debugging steps:
Found that the buck stops with Proxmox. Port 443/tcp not exposed, but continues to intercept requests:
proxmox:~$ nc -kl -p 443 proxmox:~$ lsof -nPi | grep 443 nc 362829 root 3u IPv4 2612663 0t0 TCP *:443 (LISTEN) # nc listener no output # Applies to ports 443 and 8006. Other ports are not intercepted, e.g. 8007 container:~$ echo "test" | nc 192.168.1.2 443 HTTP/1.0 400 bad request Cache-Control: max-age=0 Connection: close Date: Tue, 20 Jan 2026 16:22:36 GMT Pragma: no-cache Server: pve-api-daemon/3.0 Expires: Tue, 20 Jan 2026 16:22:36 GMT
Stopping pveproxy of course terminates connections, while stopping pvedaemon does not change the behaviour:
proxmox:~$ pveproxy stop container:~$ echo "test" | nc 192.168.1.2 443 (UNKNOWN) [192.168.1.2] 443 (https) : Connection refused
Aha... of course it has got to do with the deactivated iptable rule to redirect 443/tcp to 8006/tcp created a year ago, which did not filter by destination IP address (so all incoming 443/tcp packets got redirected...). Fixed with:
root:~# iptables -t nat -D PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8006 root:~# iptables -t nat -A PREROUTING -d 192.168.1.2/32 -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 8006