Connection error 401: No ticket - Nginx Reverse Proxy

E

ebiscaia

New Member
Aug 9, 2021
13
0
1
43
Hi, guys

I'm trying to use proxmox out of my network with nginx proxy. However I always get the message in the title. If I try using port forwarding I have no issues at all.
My proxmox.conf file:

Code: 
server {
        listen 80;
        listen [::]:80;

        server_name proxmox.sever.com;


        location / {
                proxy_pass https://192.168.1.151:8006;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # Enable proxy websockets for the noVNC console to work
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

Thanks for all the help,

Eduardo
 
the authentication cookie is TLS only, so your reverse proxy also needs to speak TLS with the browser.
 
Hi Fabian,

Thanks for reaching out. I forgot to mention that my reverse proxy is running in a VM not in the host. Therefore, I am not sure if that page applies to my situation.
 
well, you still can't put a HTTP-only reverse proxy in front of a TLS-only service ;)
 
Hi,

I was a little bit empirical but managed to work. Here is my final config:

Code: 
upstream proxmox {
      server 192.168.1.150:8006;
      server 192.168.1.151:8006;
      server 192.168.1.153:8006;
      }


server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name proxmox.server.com;
        ssl_certificate /opt/pve/pve-ssl.pem;
        ssl_certificate_key /opt/pve/pve-ssl.key;
        proxy_redirect off;

        location / {
                proxy_pass https://proxmox;
                proxy_buffering off;
                client_max_body_size 0;
                proxy_connect_timeout  3600s;
                proxy_read_timeout  3600s;
                proxy_send_timeout  3600s;
                send_timeout  3600s;
        # Enable proxy websockets for the noVNC console to work
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

For those who don't have much experience with reverse proxying (like me):
- The upstream part means I am using a load balancer so I am "divinding" the request between my three servers.
- I am listening to port 443 (https) both IPv4 and IPv6
- I decided to copy the .pem and .key files from one machine to where the nginx machine is and pasted in the /opt/pve folder.
- Everytime I type proxmox.server.com the proxy redirects the request to the upstream and the name after https:// (in the proxy_pass line) must match the name after upstream (in my case proxmox). If you see my first config file, I was redirecting to one of my servers.

Thanks for the help
 
You must log in or register to reply here.
Top Bottom