Reverse proxy for quarantine zone

Chriswiss

Chriswiss

Well-Known Member
Mar 14, 2017
65
5
48
36
Hello,

I use a reverse proxy under Nginx to allow my customers to access the quarantine zone.

It's functional, but I'd like to improve my configuration.

Currently I use this:
Code: 
location /quarantine {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /api2/extjs/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
     
    location /api2/json/quarantine/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
       
   
    location /api2/htmlmail/quarantine/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

   location ~* ^.+.(css|png|gif|js|ico|woff|woff2|ttf)$ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

I would like to improve this location :
Code: 
 location ~* ^.+.(css|png|gif|js|ico|woff|woff2|ttf)$

Currently I accept in the current directory all files css|png|gif|gif|js|ico|woff|woff|woff2|ttf.
But I wish I could target the right folder !

The idea is to better isolate static files. I have trouble finding the missing directories to use for these files.

Any leads you can offer me?

Thank
CG
 
Good evening,

I think I have isolated all the resources necessary to make the reverse proxy work.

We can do much simpler, but in this way I only use what is necessary.

I share with you the Nginx configuration:

Code: 
    location /quarantine {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    # API
    location /api2/extjs/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /api2/json/quarantine/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }
           
    location /api2/htmlmail/quarantine/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    # JS
    location /pve2/ext6/ext-all.js {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/ext6/charts.js {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/js/pmgmanagerlib.js {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /proxmoxlib.js {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    # CSS
    location /pve2/ext6/theme-crisp/resources/theme-crisp-all.css {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/ext6/theme-crisp/resources/theme-crisp-all_1.css {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/ext6/theme-crisp/resources/theme-crisp-all_2.css {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/ext6/crisp/resources/charts-all.css {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/css/ext6-pmg.css {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /fontawesome/css/font-awesome.css {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    # Locale
    location /pve2/locale/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/ext6/locale/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    # Images
    location /pve2/images/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/ext6/theme-crisp/resources/images/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    # Fonts
    location /fontawesome/fonts/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    # For mobile version
    location /api2/json/access/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /api2/json/nodes/localhost/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/js/pmgmanagerlib-mobile.js {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /framework7/ {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /pve2/css/ext6-pmg-mobile.css {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

    location /favicon.ico {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_http_version 1.1;
        proxy_redirect off;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_pass https://lb-quarantine;
        proxy_buffering off;
        client_max_body_size 0;
        proxy_next_upstream    error timeout invalid_header http_500;
        proxy_connect_timeout  2;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
    }

If you see any errors or improvements, feel free to share them with me. :)

CG
 
  • Like
Reactions: killmasta93
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom