diff --git a/PVE/Service/Makefile b/PVE/Service/Makefile
index 316369a6..91aaaa0b 100644
--- a/PVE/Service/Makefile
+++ b/PVE/Service/Makefile
@@ -1,6 +1,6 @@
 include ../../defines.mk
 
-SOURCES=pvestatd.pm pveproxy.pm pvedaemon.pm
+SOURCES=pvestatd.pm pveproxy.pm pvedaemon.pm spiceproxy.pm
 
 .PHONY: install
 install: ${SOURCES}
diff --git a/PVE/Service/spiceproxy.pm b/PVE/Service/spiceproxy.pm
new file mode 100755
index 00000000..47a791a5
--- /dev/null
+++ b/PVE/Service/spiceproxy.pm
@@ -0,0 +1,107 @@
+package PVE::Service::spiceproxy;
+
+# Note: In theory, all this can be done by 'pveproxy' daemon. But some 
+# API call still have blocking code, so we use a separate daemon to avoid 
+# that the console gets blocked.
+
+use strict;
+use warnings;
+
+use PVE::SafeSyslog;
+use PVE::Daemon;
+use PVE::API2Tools;
+use PVE::API2;
+use PVE::HTTPServer;
+
+use base qw(PVE::Daemon);
+
+my $cmdline = [$0, @ARGV];
+
+my %daemon_options = (
+    max_workers => 1, # todo: do we need more?
+    restart_on_error => 5, 
+    stop_wait_time => 15,
+    leave_children_open_on_reload => 1,
+    setuid => 'www-data',
+    setgid => 'www-data',
+    pidfile => '/var/run/pveproxy/spiceproxy.pid',
+    );
+
+my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options); 
+
+sub init {
+    my ($self) = @_;
+
+    # we use same ALLOW/DENY/POLICY as pveproxy
+    my $proxyconf = PVE::API2Tools::read_proxy_config();
+
+    my $accept_lock_fn = "/var/lock/spiceproxy.lck";
+
+    my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
+	die "unable to open lock file '${accept_lock_fn}' - $!\n";
+
+    my $family = PVE::Tools::get_host_address_family($self->{nodename});
+    my $socket = $self->create_reusable_socket(3128, undef, $family);
+
+    $self->{server_config} = {
+	base_handler_class => 'PVE::API2',
+	keep_alive => 0,
+	max_conn => 500,
+	lockfile => $accept_lock_fn,
+	socket => $socket,
+	lockfh => $lockfh,
+	debug => $self->{debug},
+	spiceproxy => 1,
+	trusted_env => 0,
+	logfile => '/var/log/pveproxy/access.log',
+	allow_from => $proxyconf->{ALLOW_FROM},
+	deny_from => $proxyconf->{DENY_FROM},
+	policy => $proxyconf->{POLICY},
+    };
+}
+
+sub run {
+    my ($self) = @_;
+
+    my $server = PVE::HTTPServer->new(%{$self->{server_config}});
+    $server->run();
+}
+
+$daemon->register_start_command();
+$daemon->register_restart_command(1);
+$daemon->register_stop_command();
+$daemon->register_status_command();
+
+our $cmddef = {
+    start => [ __PACKAGE__, 'start', []],
+    restart => [ __PACKAGE__, 'restart', []],
+    stop => [ __PACKAGE__, 'stop', []],
+    status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
+};
+
+1;
+
+__END__
+
+=head1 NAME
+                                          
+spiceproxy - SPICE proxy server for Proxmox VE
+
+=head1 SYNOPSIS
+
+=include synopsis
+
+=head1 DESCRIPTION
+
+SPICE proxy server for Proxmox VE. Listens on port 3128.
+
+=head1 Host based access control
+
+It is possible to configure apache2 like access control lists. Values are read 
+from file /etc/default/pveproxy (see 'pveproxy' for details).
+
+=head1 FILES
+
+ /etc/default/pveproxy
+
+=include pve_copyright
diff --git a/bin/Makefile b/bin/Makefile
index 015acc06..7fb56ff6 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -2,7 +2,7 @@ include ../defines.mk
 
 SUBDIRS = init.d ocf test
 
-SERVICES = pvestatd pveproxy pvedaemon
+SERVICES = pvestatd pveproxy pvedaemon spiceproxy
 CLITOOLS = vzdump pvesubscription
 
 SCRIPTS =  			\
@@ -12,7 +12,6 @@ SCRIPTS =  			\
 	pvesh			\
 	pveam			\
 	pvebanner		\
-	spiceproxy		\
 	pveversion		\
 	pvemailforward.pl	\
 	pveupgrade		\
@@ -24,7 +23,6 @@ SERVICE_MANS = $(addsuffix .8, ${SERVICES})
 CLI_MANS = 				\
 	$(addsuffix .1, ${CLITOOLS})	\
 	pveceph.1			\
-	spiceproxy.1			\
 	pveversion.1			\
 	pveupgrade.1			\
 	pveperf.1
@@ -69,9 +67,6 @@ pveperf.1.pod: pveperf
 	perl -I.. -T -e "use PVE::CLI::$*; PVE::CLI::$*->generate_bash_completions();" >$@.tmp
 	mv $@.tmp $@
 
-spiceproxy.1.pod: spiceproxy
-	perl -I.. -T ./spiceproxy printmanpod >$@
-
 pvectl.1.pod: pvectl
 	perl -I.. ./pvectl printmanpod >$@
 
diff --git a/bin/spiceproxy b/bin/spiceproxy
index c0531444..353ac9a6 100755
--- a/bin/spiceproxy
+++ b/bin/spiceproxy
@@ -1,23 +1,12 @@
 #!/usr/bin/perl -T
 
-# Note: In theory, all this can be done by 'pveproxy' daemon. But some 
-# API call still have blocking code, so we use a separate daemon to avoid 
-# that the console gets blocked.
-
 $ENV{'PATH'} = '/sbin:/bin:/usr/sbin:/usr/bin';
 
 delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};  
 
 use strict;
 use warnings;
-
-use PVE::SafeSyslog;
-use PVE::Daemon;
-use PVE::API2Tools;
-use PVE::API2;
-use PVE::HTTPServer;
-
-use base qw(PVE::Daemon);
+use PVE::Service::spiceproxy;
 
 $SIG{'__WARN__'} = sub {
     my $err = $@;
@@ -28,106 +17,13 @@ $SIG{'__WARN__'} = sub {
     $@ = $err;
 };
 
-my $cmdline = [$0, @ARGV];
-
-my %daemon_options = (
-    max_workers => 1, # todo: do we need more?
-    restart_on_error => 5, 
-    stop_wait_time => 15,
-    leave_children_open_on_reload => 1,
-    setuid => 'www-data',
-    setgid => 'www-data',
-    pidfile => '/var/run/pveproxy/spiceproxy.pid',
-    );
-
-my $daemon = __PACKAGE__->new('spiceproxy', $cmdline, %daemon_options); 
-
-sub prepare {
+my $prepare  = sub {
     my $rundir="/var/run/pveproxy";
     if (mkdir($rundir, 0700)) { # only works at first start if we are root)
 	my $gid = getgrnam('www-data') || die "getgrnam failed - $!\n";
 	my $uid = getpwnam('www-data') || die "getpwnam failed - $!\n";
 	chown($uid, $gid, $rundir);
     }
-}
-
-sub init {
-    my ($self) = @_;
-
-    # we use same ALLOW/DENY/POLICY as pveproxy
-    my $proxyconf = PVE::API2Tools::read_proxy_config();
-
-    my $accept_lock_fn = "/var/lock/spiceproxy.lck";
-
-    my $lockfh = IO::File->new(">>${accept_lock_fn}") ||
-	die "unable to open lock file '${accept_lock_fn}' - $!\n";
-
-    my $family = PVE::Tools::get_host_address_family($self->{nodename});
-    my $socket = $self->create_reusable_socket(3128, undef, $family);
-
-    $self->{server_config} = {
-	base_handler_class => 'PVE::API2',
-	keep_alive => 0,
-	max_conn => 500,
-	lockfile => $accept_lock_fn,
-	socket => $socket,
-	lockfh => $lockfh,
-	debug => $self->{debug},
-	spiceproxy => 1,
-	trusted_env => 0,
-	logfile => '/var/log/pveproxy/access.log',
-	allow_from => $proxyconf->{ALLOW_FROM},
-	deny_from => $proxyconf->{DENY_FROM},
-	policy => $proxyconf->{POLICY},
-    };
-}
-
-sub run {
-    my ($self) = @_;
-
-    my $server = PVE::HTTPServer->new(%{$self->{server_config}});
-    $server->run();
-}
-
-$daemon->register_start_command();
-$daemon->register_restart_command(1);
-$daemon->register_stop_command();
-$daemon->register_status_command();
-
-my $cmddef = {
-    start => [ __PACKAGE__, 'start', []],
-    restart => [ __PACKAGE__, 'restart', []],
-    stop => [ __PACKAGE__, 'stop', []],
-    status => [ __PACKAGE__, 'status', [], undef, sub { print shift . "\n";} ],
 };
 
-my $cmd = shift;
-
-PVE::CLIHandler::handle_cmd($cmddef, $0, $cmd, \@ARGV, undef, $0, \&prepare);
-
-exit (0);
-
-__END__
-
-=head1 NAME
-                                          
-spiceproxy - SPICE proxy server for Proxmox VE
-
-=head1 SYNOPSIS
-
-=include synopsis
-
-=head1 DESCRIPTION
-
-SPICE proxy server for Proxmox VE. Listens on port 3128.
-
-=head1 Host based access control
-
-It is possible to configure apache2 like access control lists. Values are read 
-from file /etc/default/pveproxy (see 'pveproxy' for details).
-
-=head1 FILES
-
- /etc/default/pveproxy
-
-=include pve_copyright
+PVE::Service::spiceproxy->run_cli(undef, undef, $prepare);