Connection error 401: No ticket - Nginx Reverse Proxy

E

ebiscaia

New Member
Aug 9, 2021
13
0
1
42
Hi, guys

I'm trying to use proxmox out of my network with nginx proxy. However I always get the message in the title. If I try using port forwarding I have no issues at all.
My proxmox.conf file:

Code: 
server {
        listen 80;
        listen [::]:80;

        server_name proxmox.sever.com;


        location / {
                proxy_pass https://192.168.1.151:8006;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # Enable proxy websockets for the noVNC console to work
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

Thanks for all the help,

Eduardo
 
the authentication cookie is TLS only, so your reverse proxy also needs to speak TLS with the browser.
 
Hi Fabian,

Thanks for reaching out. I forgot to mention that my reverse proxy is running in a VM not in the host. Therefore, I am not sure if that page applies to my situation.
 
well, you still can't put a HTTP-only reverse proxy in front of a TLS-only service ;)
 
Hi,

I was a little bit empirical but managed to work. Here is my final config:

Code: 
upstream proxmox {
      server 192.168.1.150:8006;
      server 192.168.1.151:8006;
      server 192.168.1.153:8006;
      }


server {
        listen 443 ssl;
        listen [::]:443 ssl;
        server_name proxmox.server.com;
        ssl_certificate /opt/pve/pve-ssl.pem;
        ssl_certificate_key /opt/pve/pve-ssl.key;
        proxy_redirect off;

        location / {
                proxy_pass https://proxmox;
                proxy_buffering off;
                client_max_body_size 0;
                proxy_connect_timeout  3600s;
                proxy_read_timeout  3600s;
                proxy_send_timeout  3600s;
                send_timeout  3600s;
        # Enable proxy websockets for the noVNC console to work
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
        }
}

For those who don't have much experience with reverse proxying (like me):
- The upstream part means I am using a load balancer so I am "divinding" the request between my three servers.
- I am listening to port 443 (https) both IPv4 and IPv6
- I decided to copy the .pem and .key files from one machine to where the nginx machine is and pasted in the /opt/pve folder.
- Everytime I type proxmox.server.com the proxy redirects the request to the upstream and the name after https:// (in the proxy_pass line) must match the name after upstream (in my case proxmox). If you see my first config file, I was redirecting to one of my servers.

Thanks for the help
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back