NGINX Reverse Proxy for Proxmox WebUI on domain path

Rudde

New Member
Aug 25, 2014
8
0
1
Hello!

My server is running nginx delivering my web content hosted on various ports through port 80 and 443 on my domain, and I usually run a /path for each service.

I have one Proxmox server and it won't grow right now so I only need this to be compatible with one server.

I want my https://*INTERNAL IP*:8006 to be server through https://mydomain.com/admin on port 443 and 80 if possible, if not possible I want port 80 connections to be redirected to https.

I've seen some guide on doing this on path / but not any other and I can't configure those to work with /admin, is there any headers I have to rewrite for /admin?

My proxmox server is running with the default self-signed cert, my nginx instance have a valid SSL certificate, that is the certificate I want my users exposed to.
 

udo

Famous Member
Apr 22, 2009
5,923
180
83
Ahrensburg; Germany
Hi,
I think not that this will work... because you need the SSL traffic for the console-traffic too.
But if your valid cert is an wildcard cert, you can put this on the pve-server too and give perhaps simply an redirect with nginx?! (I know, that is not your goal).

Udo
 

Rudde

New Member
Aug 25, 2014
8
0
1
Hi,
I think not that this will work... because you need the SSL traffic for the console-traffic too.
But if your valid cert is an wildcard cert, you can put this on the pve-server too and give perhaps simply an redirect with nginx?! (I know, that is not your goal).

Udo

Can't I get nginx to decrypt the console traffic and reencrypt it with it's own cert? I only have one subdomain in this network, my ultimate goal is to deliver the proxmox webif on port 443 outside of my NAT without having to take down my other services since I only have one global IP to work with.
 

udo

Famous Member
Apr 22, 2009
5,923
180
83
Ahrensburg; Germany
Can't I get nginx to decrypt the console traffic and reencrypt it with it's own cert? I only have one subdomain in this network, my ultimate goal is to deliver the proxmox webif on port 443 outside of my NAT without having to take down my other services since I only have one global IP to work with.
Hi,
don't know nginx good enough... but look here about the ports: http://pve.proxmox.com/wiki/Ports

Udo
 

vkhera

Member
Feb 24, 2015
192
13
18
Maryland, USA
The SSL parts are no problem for the reverse proxy. The trick is to get PVE to know that it is rooted at "/admin" not "/" so any URLs it produces are correct. If it always emits relative URLs (none of which start with "/") it should pretty much work, but I wouldn't count on it.

I know in Apache with the reverse proxy there is a filter you can apply that adjusts any URLs in the returned response for you. I do not know if nginx has that. The directive in Apache is "ProxyPassReverse", but I don't think it meddles with URLs within the document, only the headers. Perhaps using a similar feature would help you here.
 

Rudde

New Member
Aug 25, 2014
8
0
1
So I've looked at the headers when using proxy_revers and it seems your right, it try to load a lot of recourse from domain.com/pve when I'm accessing from domain.com/admin and the recourses would be under admin/
 

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!