Nginx HTTPS with Basic Auth reverse proxy for VMware ESXi 6.5 fixed VMRC /screen

esxi.hackion.com

server {
        listen 80;
        server_name esxi.hackion.com;
        return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl;
        server_name esxi.hackion.com;

        ssl_certificate /mycert.crt
        ssl_certificate_key /mykey.key

        location / {
            auth_basic "Restricted Content";
            auth_basic_user_file /etc/nginx/.htpasswd;

            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Origin '';
            proxy_set_header Authorization ''; #Don't pass the Nginx Basic Auth to ESXi or it will break VMRC.
            proxy_pass_header X-XSRF-TOKEN;
            proxy_pass https://esxi_server;
            proxy_send_timeout      300;
            proxy_read_timeout      300;
            send_timeout            300;
            client_max_body_size    1000m;

            # enables WS support
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
        }

}

Thanks 🎉

Thanks Lot.. Can you share nginx conf file for Vcenter too

Does anybody have a working version with vCenter 7.0 ? I can't make that thing work :-/
(Login processus has changed from 6.X to 7.0)

That was my working 6.X working for vCenter:

server {
        listen 443 ssl http2;
        # ssl_certificate and ssl_certificate_key are required
        ssl_certificate /etc/letsencrypt/live/myletsencryptdomain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/myletsencryptdomain/privkey.pem;
        include /etc/nginx/snippets/ssl-params.conf;
        # removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange.
        server_name fqdn.extern;
        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_ssl_verify off; # No need on isolated LAN
                proxy_pass https://vcenter.ip; # esxi IP Address
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering off;
                client_max_body_size 0;
                proxy_read_timeout 36000s;
                proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
                #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
                }

                location /websso/SAML2 {
                proxy_set_header Host fqdn.local; # your actual vcenter's hostname
                proxy_set_header X-Real-IP $remote_addr;
                proxy_ssl_verify off; # No need on isolated LAN
                proxy_pass https://vcenter.ip; # esxi IP Address
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering off;
                client_max_body_size 0;
                proxy_read_timeout 36000s;
                proxy_ssl_session_reuse on;
                proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
                #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
        }
  }

Bus as I'm new to NGINX, it a bit difficult to understand everything written above :-)

Thanks

Does anybody have a working version with vCenter 7.0 ? I can't make that thing work :-/
(Login processus has changed from 6.X to 7.0)

That was my working 6.X working for vCenter:

server {
        listen 443 ssl http2;
        # ssl_certificate and ssl_certificate_key are required
        ssl_certificate /etc/letsencrypt/live/myletsencryptdomain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/myletsencryptdomain/privkey.pem;
        include /etc/nginx/snippets/ssl-params.conf;
        # removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange.
        server_name fqdn.extern;
        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_ssl_verify off; # No need on isolated LAN
                proxy_pass https://vcenter.ip; # esxi IP Address
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering off;
                client_max_body_size 0;
                proxy_read_timeout 36000s;
                proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
                #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
                }

                location /websso/SAML2 {
                proxy_set_header Host fqdn.local; # your actual vcenter's hostname
                proxy_set_header X-Real-IP $remote_addr;
                proxy_ssl_verify off; # No need on isolated LAN
                proxy_pass https://vcenter.ip; # esxi IP Address
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering off;
                client_max_body_size 0;
                proxy_read_timeout 36000s;
                proxy_ssl_session_reuse on;
                proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
                #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
        }
  }

Bus as I'm new to NGINX, it a bit difficult to understand everything written above :-)

Thanks its works great!