Hi,
I have configured Nginx to access Proxmox WebUI via port 443 based on this documentation.
This works like charm.
However, I need an additional solution to access web services running on specific CTs / VMs.
In my case this web service is: NIPAP
This web service has only connection to private sub network defined for PVE, means any communication is via a Proxmox node with this NIC configuration:
auto vmbr1
iface vmbr1 inet static
address 192.168.100.13
netmask 255.255.255.0
bridge_ports eno3
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
#private sub network pve
This works like charm for outgoing communication. But incoming communication with my Nginx configuration fails with this error:
2019/06/25 09:42:54 [error] 72529#72529: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 10.19.90.60, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "https://[::1]:8006/favicon.ico", host: "ld3955", referrer: "https://ld3955/ipam"
My current Nginx config is this:
upstream proxmox {
server "ld3955.local.example.com";
}
server {
listen 80 default_server;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name _;
ssl on;
ssl_certificate /etc/pve/local/pve-ssl.pem;
ssl_certificate_key /etc/pve/local/pve-ssl.key;
proxy_redirect off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://localhost:8006;
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
}
location /ipam {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://192.168.100.201:80;
proxy_buffering off;
proxy_connect_timeout 3600s;
}
}
I think the issue is related to Nginx configuration; when I access NIPAP on a regular installation, the URL looks like this: http://10.97.206.201/ng/pool#/pool/list
Somehow I must catch this URL to
http://ld3955/ipam/ng/pool#/pool/list
Or will this only work using a subdomain http://ipam.ld3955/?
I would hesitate to install another service just for reverse proxy, e.g. haproxy.
Please advise.
THX
I have configured Nginx to access Proxmox WebUI via port 443 based on this documentation.
This works like charm.
However, I need an additional solution to access web services running on specific CTs / VMs.
In my case this web service is: NIPAP
This web service has only connection to private sub network defined for PVE, means any communication is via a Proxmox node with this NIC configuration:
auto vmbr1
iface vmbr1 inet static
address 192.168.100.13
netmask 255.255.255.0
bridge_ports eno3
bridge_stp off
bridge_fd 0
post-up echo 1 > /proc/sys/net/ipv4/ip_forward
post-up iptables -t nat -A POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
post-down iptables -t nat -D POSTROUTING -s '192.168.100.0/24' -o vmbr0 -j MASQUERADE
#private sub network pve
This works like charm for outgoing communication. But incoming communication with my Nginx configuration fails with this error:
2019/06/25 09:42:54 [error] 72529#72529: *3 connect() failed (111: Connection refused) while connecting to upstream, client: 10.19.90.60, server: _, request: "GET /favicon.ico HTTP/1.1", upstream: "https://[::1]:8006/favicon.ico", host: "ld3955", referrer: "https://ld3955/ipam"
My current Nginx config is this:
upstream proxmox {
server "ld3955.local.example.com";
}
server {
listen 80 default_server;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name _;
ssl on;
ssl_certificate /etc/pve/local/pve-ssl.pem;
ssl_certificate_key /etc/pve/local/pve-ssl.key;
proxy_redirect off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://localhost:8006;
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
}
location /ipam {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://192.168.100.201:80;
proxy_buffering off;
proxy_connect_timeout 3600s;
}
}
I think the issue is related to Nginx configuration; when I access NIPAP on a regular installation, the URL looks like this: http://10.97.206.201/ng/pool#/pool/list
Somehow I must catch this URL to
http://ld3955/ipam/ng/pool#/pool/list
Or will this only work using a subdomain http://ipam.ld3955/?
I would hesitate to install another service just for reverse proxy, e.g. haproxy.
Please advise.
THX
