Proxmox + Nginx Reverse Proxy

M

mcdowellster

Well-Known Member
Jun 13, 2018
31
4
48
40
Hello,

I have been fiddeling with a reverse proxy setup for my cluster. While I can 100% get this functional, spice/VNC are off the table.

Port 3128 has been added to nginx and shows access in the access log.
Code: 
[04/Nov/2021:02:51:17 +0000] "CONNECT pvespiceproxy:61834aa4:108:discovery::20937e8b84f1509380cc686ff18d20bb09ebc60f:61002 HTTP/1.0" 400 166 "-" "-"


Firewall ports are open to the proxy as required.

It looks like a client side issue. When I connect locally (hostname/ip) to a node and start a spice session netstat shows port 3128 -> 10xx tcp to the client. I believe this is where I'm seeing issues.

Any input?
 
Here is what I setup (removed others). Keep in mind the spice section is minimal as I've been troubleshooting this:

Code: 
##### /etc/nginx/nginx.conf #####
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events { worker_connections 1024; }
http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;
        ssl_protocols TLSv1.2;
        ssl_prefer_server_ciphers on;
        access_log /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;
        gzip on;
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
      
    upstream proxmox {
                server 192.168.1.254:8006 max_fails=3 fail_timeout=30s;
                server 192.168.1.253:8006 max_fails=3 fail_timeout=30s;
            server 192.168.1.252:8006 max_fails=3 fail_timeout=30s;
    }
        upstream proxmox_spice {
                server 192.168.1.254:3128 max_fails=3 fail_timeout=30s;
                server 192.168.1.253:3128 max_fails=3 fail_timeout=30s;
                server 192.168.1.252:3128 max_fails=3 fail_timeout=30s;
        }
        upstream proxmox_vnc {
                server 192.168.1.254 max_fails=3 fail_timeout=30s;
                server 192.168.1.253 max_fails=3 fail_timeout=30s;
                server 192.168.1.252 max_fails=3 fail_timeout=30s;
        }
    
    upstream proxmox_backup {
        server 192.168.1.230:8007 max_fails=3 fail_timeout=30s;
    }

##################################### Proxmox #######################################################
    server {
                listen *:80;
                server_name proxmox.eclipsenetwork.org;
                return 301 https://$host$request_uri;
                access_log /var/log/nginx/http_proxmox.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_promox.eclipsenetwork.org.error.log;
        }
        server {
                listen *:443 ssl;
                server_name proxmox.eclipsenetwork.org;
                ssl_certificate /etc/nginx/certs/https_eclipsenetwork.org_crt.pem;
                ssl_certificate_key /etc/nginx/certs/https_eclipsenetwork.org_key.pem;
                ssl_session_cache   shared:SSL:10m;
                ssl_protocols  TLSv1.2;
                access_log /var/log/nginx/https_proxmox.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/https_proxmox.eclipsenetwork.org.error.log;
                location / {
                        proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_pass https://proxmox;
            proxy_buffering off;
            client_max_body_size 0;
            proxy_connect_timeout  3600s;
            proxy_read_timeout  3600s;
            proxy_send_timeout  3600s;
            send_timeout  3600s;
                }
        }

        server {
        listen 3128;
        server_name proxmox.eclipsenetwork.org;       
        access_log /var/log/nginx/http_proxmox_spice.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_proxmox_spice.eclipsenetwork.org.error.log;
        location / {
            proxy_pass http://proxmox_spice;
        }   
    }
        server {
                listen 5900-5903;
                server_name proxmox.eclipsenetwork.org;
                access_log /var/log/nginx/http_proxmox_vnc.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_proxmox_vnc.eclipsenetwork.org.error.log;
                location / {
                        proxy_pass http://proxmox_vnc;
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                        proxy_buffering off;
                        add_header X-Frame-Options SAMEORIGIN;
                        client_max_body_size 0;
                        proxy_connect_timeout 3600s;
                        proxy_read_timeout 3600s;
                        proxy_send_timeout 3600s;
                        send_timeout 3600s;
                }
        }
####################################################################################################

##################################### Proxmox Backup Server ########################################
    server {
                listen *:80;
                server_name pbs.eclipsenetwork.org;
                return 301 https://$host$request_uri;
                access_log /var/log/nginx/http_pbs.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/http_pbs.eclipsenetwork.org.error.log;
        }
        server {
                listen *:443 ssl;
                server_name pbs.eclipsenetwork.org;
                ssl_certificate /etc/nginx/certs/https_eclipsenetwork.org_crt.pem;
                ssl_certificate_key /etc/nginx/certs/https_eclipsenetwork.org_key.pem;
                ssl_session_cache   shared:SSL:10m;
                ssl_protocols  TLSv1.2;
                access_log /var/log/nginx/https_pbs.eclipsenetwork.org.access.log combined;
                error_log  /var/log/nginx/https_pbs.eclipsenetwork.org.error.log;
                location / {
                        proxy_set_header        Host $host;
                        proxy_set_header        X-Real-IP $remote_addr;
                        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header        X-Forwarded-Proto $scheme;
                        proxy_pass              https://proxmox_backup;
                        proxy_read_timeout 90;
                }
        }
###################################################################################################
 
You must log in or register to reply here.
Top Bottom