Instantly share code, notes, and snippets.

Embed
What would you like to do?
server {
listen 443 ssl http2;
# ssl_certificate and ssl_certificate_key are required
ssl_certificate /etc/nginx/ssl/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/yourdomain.com/key.pem;
include /etc/nginx/snippets/ssl-params.conf;
# removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange.
server_name esxi.yourdomain.com;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off; # No need on isolated LAN
proxy_pass https://10.10.10.10; # esxi IP Address
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
# should make connections faster
proxy_ssl_session_reuse on;
}
location /ui/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://10.10.10.10; # esxi IP Address
proxy_ssl_verify off; # No need on isolated LAN
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
# should make connections faster
proxy_ssl_session_reuse on;
}
# needed to properly proxy login page resources
location /resources {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass https://10.10.10.10/websso/resources; # esxi IP Address
proxy_ssl_verify off; # No need on isolated LAN
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
# should make connections faster
proxy_ssl_session_reuse on;
}
#This is needed to properly proxy the login page through nginx.
location = /ui/login {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off; # No need on isolated LAN
proxy_pass https://10.10.10.10/ui/login; # esxi IP Address
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect off;
# should make connections faster
proxy_ssl_session_reuse on;
proxy_intercept_errors on;
# vsphere performs a 302 redirection to the vsphere FQDN for the SSO
# this will override that redirection and make it go through the proxy.
error_page 302 = @handle_redirects;
}
location @handle_redirects {
set $saved_redirect_location '$upstream_http_location';
proxy_pass $saved_redirect_location;
}
}
server {
listen 80;
server_name esxi.yourdomain.com;
return 301 https://$server_name$request_uri;
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment