Difference between revisions of "Web Interface Via Nginx Proxy"
m (formatting) |
|||
| (9 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
| + | = Introduction = | ||
This allows you to access Proxmox VE via the port 443 | This allows you to access Proxmox VE via the port 443 | ||
| − | ''Tested from Proxmox 3.4 - | + | ''Tested from Proxmox 3.4 - 5.1'' |
'''Why do I need this?''' | '''Why do I need this?''' | ||
| − | Sometimes there is a firewall restriction that blocks port 8006 and since we shouldn't touch the port config in proxmox we'll just use nginx as proxy to provide the web interface available on default https port 443. Now let's | + | Sometimes there is a firewall restriction that blocks port 8006 and since we shouldn't touch the port config in proxmox we'll just use nginx as proxy to provide the web interface available on default https port 443. Now let's begin... |
| + | = Configuration = | ||
| + | * '''install nginx''' | ||
| + | <pre>apt install nginx</pre> | ||
| − | ''' | + | * '''remove the default config file – not needed on PVE 4/5 (Stretch & Jessie!)''' |
| − | <pre> | + | <pre>rm /etc/nginx/conf.d/default</pre> |
| + | |||
| + | respectively | ||
| + | |||
| + | <pre>rm /etc/nginx/sites-enabled/default</pre> | ||
| − | ''' | + | * '''create a new config file''' |
| − | <pre> | + | <pre>nano /etc/nginx/conf.d/proxmox.conf</pre> |
| − | ''' | + | '''Note:''' on modern Debian systems the configuration files must have a ''.conf'' ending when placed in /etc/nginx/conf.d/ |
| − | |||
| − | The following is an example config that works for the | + | The following is an example config that works for the web interface and also the noVNC console: |
<pre> | <pre> | ||
| Line 51: | Line 58: | ||
</pre> | </pre> | ||
| − | ''' | + | * '''Test and Apply new config''' |
| − | <pre>/etc/ | + | |
| + | <pre> | ||
| + | nginx -t # checks config syntax | ||
| + | systemctl restart nginx | ||
| + | </pre> | ||
| + | |||
| + | * '''ensure that nginx gets only started after the certificates are available''' | ||
| + | |||
| + | As the certificates reside on /etc/pve which is provided by the pve-cluster.service | ||
| + | we need to tell nginx.service to only start after that one. | ||
| + | The easiest and cleanest way to do that is to add an Requires and After as systemd override snippet. | ||
| + | |||
| + | This can be done with systemd edit UNIT which opens your $EDITOR: | ||
| + | # systemctl edit nginx.service | ||
| + | here add: | ||
| + | <pre> | ||
| + | [Unit] | ||
| + | Requires=pve-cluster.service | ||
| + | After=pve-cluster.service | ||
| + | </pre> | ||
| + | |||
| + | and save + exit. | ||
Enjoy the webinterface on HTTPS port 443! | Enjoy the webinterface on HTTPS port 443! | ||
| + | |||
| + | = See Also = | ||
| + | |||
| + | NoVNC reverse Proxy with Apache https://forum.proxmox.com/threads/working-novnc-with-reverse-proxy-on-5-1.43644/ | ||
| + | |||
| + | [[Category:HOWTO]] | ||
Revision as of 08:20, 12 July 2018
Introduction
This allows you to access Proxmox VE via the port 443
Tested from Proxmox 3.4 - 5.1
Why do I need this?
Sometimes there is a firewall restriction that blocks port 8006 and since we shouldn't touch the port config in proxmox we'll just use nginx as proxy to provide the web interface available on default https port 443. Now let's begin...
Configuration
- install nginx
apt install nginx
- remove the default config file – not needed on PVE 4/5 (Stretch & Jessie!)
rm /etc/nginx/conf.d/default
respectively
rm /etc/nginx/sites-enabled/default
- create a new config file
nano /etc/nginx/conf.d/proxmox.conf
Note: on modern Debian systems the configuration files must have a .conf ending when placed in /etc/nginx/conf.d/
The following is an example config that works for the web interface and also the noVNC console:
upstream proxmox {
server "FQDN HOSTNAME";
}
server {
listen 80 default_server;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name _;
ssl on;
ssl_certificate /etc/pve/local/pve-ssl.pem;
ssl_certificate_key /etc/pve/local/pve-ssl.key;
proxy_redirect off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://localhost:8006;
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
}
}
- Test and Apply new config
nginx -t # checks config syntax systemctl restart nginx
- ensure that nginx gets only started after the certificates are available
As the certificates reside on /etc/pve which is provided by the pve-cluster.service we need to tell nginx.service to only start after that one. The easiest and cleanest way to do that is to add an Requires and After as systemd override snippet.
This can be done with systemd edit UNIT which opens your $EDITOR:
# systemctl edit nginx.service
here add:
[Unit] Requires=pve-cluster.service After=pve-cluster.service
and save + exit.
Enjoy the webinterface on HTTPS port 443!
See Also
NoVNC reverse Proxy with Apache https://forum.proxmox.com/threads/working-novnc-with-reverse-proxy-on-5-1.43644/