Created
August 28, 2018 04:10
-
-
Save dbrownidau/38e044411a02530ec3481078fe2d81d8 to your computer and use it in GitHub Desktop.
Nginx HTTPS with Basic Auth reverse proxy for VMware ESXi 6.5 fixed VMRC /screen
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
server { | |
listen 80; | |
server_name esxi.hackion.com; | |
return 301 https://$server_name$request_uri; | |
} | |
server { | |
listen 443 ssl; | |
server_name esxi.hackion.com; | |
ssl_certificate /mycert.crt | |
ssl_certificate_key /mykey.key | |
location / { | |
auth_basic "Restricted Content"; | |
auth_basic_user_file /etc/nginx/.htpasswd; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | |
proxy_set_header Host $host; | |
proxy_set_header X-Real-IP $remote_addr; | |
proxy_set_header Origin ''; | |
proxy_set_header Authorization ''; #Don't pass the Nginx Basic Auth to ESXi or it will break VMRC. | |
proxy_pass_header X-XSRF-TOKEN; | |
proxy_pass https://esxi_server; | |
proxy_send_timeout 300; | |
proxy_read_timeout 300; | |
send_timeout 300; | |
client_max_body_size 1000m; | |
# enables WS support | |
proxy_http_version 1.1; | |
proxy_set_header Upgrade $http_upgrade; | |
proxy_set_header Connection "upgrade"; | |
} | |
} |
Thanks Lot.. Can you share nginx conf file for Vcenter too
Does anybody have a working version with vCenter 7.0 ? I can't make that thing work :-/
(Login processus has changed from 6.X to 7.0)
That was my working 6.X working for vCenter:
server {
listen 443 ssl http2;
# ssl_certificate and ssl_certificate_key are required
ssl_certificate /etc/letsencrypt/live/myletsencryptdomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myletsencryptdomain/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
# removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange.
server_name fqdn.extern;
location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off; # No need on isolated LAN
proxy_pass https://vcenter.ip; # esxi IP Address
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
#replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
}
location /websso/SAML2 {
proxy_set_header Host fqdn.local; # your actual vcenter's hostname
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off; # No need on isolated LAN
proxy_pass https://vcenter.ip; # esxi IP Address
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_ssl_session_reuse on;
proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
#replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
}
}
Bus as I'm new to NGINX, it a bit difficult to understand everything written above :-)
Thanks
Does anybody have a working version with vCenter 7.0 ? I can't make that thing work :-/
(Login processus has changed from 6.X to 7.0)That was my working 6.X working for vCenter:
server { listen 443 ssl http2; # ssl_certificate and ssl_certificate_key are required ssl_certificate /etc/letsencrypt/live/myletsencryptdomain/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/myletsencryptdomain/privkey.pem; include /etc/nginx/snippets/ssl-params.conf; # removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange. server_name fqdn.extern; location / { proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_ssl_verify off; # No need on isolated LAN proxy_pass https://vcenter.ip; # esxi IP Address proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name. } location /websso/SAML2 { proxy_set_header Host fqdn.local; # your actual vcenter's hostname proxy_set_header X-Real-IP $remote_addr; proxy_ssl_verify off; # No need on isolated LAN proxy_pass https://vcenter.ip; # esxi IP Address proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_buffering off; client_max_body_size 0; proxy_read_timeout 36000s; proxy_ssl_session_reuse on; proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name. } }
Bus as I'm new to NGINX, it a bit difficult to understand everything written above :-)
Thanks its works great!
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Thanks 🎉