Proxmox + Nginx Reverse Proxy

M

mcdowellster

Well-Known Member
Jun 13, 2018
31
4
48
39
Hello,

I have been fiddeling with a reverse proxy setup for my cluster. While I can 100% get this functional, spice/VNC are off the table.

Port 3128 has been added to nginx and shows access in the access log.
Code: 
[04/Nov/2021:02:51:17 +0000] "CONNECT pvespiceproxy:61834aa4:108:discovery::20937e8b84f1509380cc686ff18d20bb09ebc60f:61002 HTTP/1.0" 400 166 "-" "-"


Firewall ports are open to the proxy as required.

It looks like a client side issue. When I connect locally (hostname/ip) to a node and start a spice session netstat shows port 3128 -> 10xx tcp to the client. I believe this is where I'm seeing issues.

Any input?
 
Here is what I setup (removed others). Keep in mind the spice section is minimal as I've been troubleshooting this:

Code: 
##### /etc/nginx/nginx.conf #####
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events { worker_connections 1024; }
http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ssl_protocols TLSv1.2;
        ssl_prefer_server_ciphers on;
        access_log /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;
        gzip on;
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
      
    upstream proxmox {
                server 192.168.1.254:8006 max_fails=3 fail_timeout=30s;
                server 192.168.1.253:8006 max_fails=3 fail_timeout=30s;
            server 192.168.1.252:8006 max_fails=3 fail_timeout=30s;
    }
        upstream proxmox_spice {
                server 192.168.1.254:3128 max_fails=3 fail_timeout=30s;
                server 192.168.1.253:3128 max_fails=3 fail_timeout=30s;
                server 192.168.1.252:3128 max_fails=3 fail_timeout=30s;
        }
        upstream proxmox_vnc {
                server 192.168.1.254 max_fails=3 fail_timeout=30s;
                server 192.168.1.253 max_fails=3 fail_timeout=30s;
                server 192.168.1.252 max_fails=3 fail_timeout=30s;
        }
    
    upstream proxmox_backup {
        server 192.168.1.230:8007 max_fails=3 fail_timeout=30s;
    }

##################################### Proxmox #######################################################
    server {
                listen *:80;
                server_name proxmox.eclipsenetwork.org;
                return 301 https://$host$request_uri;
                access_log /var/log/nginx/http_proxmox.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_promox.eclipsenetwork.org.error.log;
        }
        server {
                listen *:443 ssl;
                server_name proxmox.eclipsenetwork.org;
                ssl_certificate /etc/nginx/certs/https_eclipsenetwork.org_crt.pem;
                ssl_certificate_key /etc/nginx/certs/https_eclipsenetwork.org_key.pem;
                ssl_session_cache   shared:SSL:10m;
                ssl_protocols  TLSv1.2;
                access_log /var/log/nginx/https_proxmox.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/https_proxmox.eclipsenetwork.org.error.log;
                location / {
                        proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_pass https://proxmox;
            proxy_buffering off;
            client_max_body_size 0;
            proxy_connect_timeout  3600s;
            proxy_read_timeout  3600s;
            proxy_send_timeout  3600s;
            send_timeout  3600s;
                }
        }

        server {
        listen 3128;
        server_name proxmox.eclipsenetwork.org;       
        access_log /var/log/nginx/http_proxmox_spice.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_proxmox_spice.eclipsenetwork.org.error.log;
        location / {
            proxy_pass http://proxmox_spice;
        }   
    }
        server {
                listen 5900-5903;
                server_name proxmox.eclipsenetwork.org;
                access_log /var/log/nginx/http_proxmox_vnc.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_proxmox_vnc.eclipsenetwork.org.error.log;
                location / {
                        proxy_pass http://proxmox_vnc;
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                        proxy_buffering off;
                        add_header X-Frame-Options SAMEORIGIN;
                        client_max_body_size 0;
                        proxy_connect_timeout 3600s;
                        proxy_read_timeout 3600s;
                        proxy_send_timeout 3600s;
                        send_timeout 3600s;
                }
        }
####################################################################################################

##################################### Proxmox Backup Server ########################################
    server {
                listen *:80;
                server_name pbs.eclipsenetwork.org;
                return 301 https://$host$request_uri;
                access_log /var/log/nginx/http_pbs.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_pbs.eclipsenetwork.org.error.log;
        }
        server {
                listen *:443 ssl;
                server_name pbs.eclipsenetwork.org;
                ssl_certificate /etc/nginx/certs/https_eclipsenetwork.org_crt.pem;
                ssl_certificate_key /etc/nginx/certs/https_eclipsenetwork.org_key.pem;
                ssl_session_cache   shared:SSL:10m;
                ssl_protocols  TLSv1.2;
                access_log /var/log/nginx/https_pbs.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/https_pbs.eclipsenetwork.org.error.log;
                location / {
                        proxy_set_header        Host $host;
                        proxy_set_header        X-Real-IP $remote_addr;
                        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header        X-Forwarded-Proto $scheme;
                        proxy_pass              https://proxmox_backup;
                        proxy_read_timeout 90;
                }
        }
###################################################################################################
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom