Skip to content

Instantly share code, notes, and snippets.

@dbrownidau

dbrownidau/esxi.hackion.com

Created August 28, 2018 04:10
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save dbrownidau/38e044411a02530ec3481078fe2d81d8 to your computer and use it in GitHub Desktop.
Save dbrownidau/38e044411a02530ec3481078fe2d81d8 to your computer and use it in GitHub Desktop.
Download ZIP
Nginx HTTPS with Basic Auth reverse proxy for VMware ESXi 6.5 fixed VMRC /screen
Raw
esxi.hackion.com
server {
listen 80;
server_name esxi.hackion.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name esxi.hackion.com;
ssl_certificate /mycert.crt
ssl_certificate_key /mykey.key
location / {
auth_basic "Restricted Content";
auth_basic_user_file /etc/nginx/.htpasswd;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Origin '';
proxy_set_header Authorization ''; #Don't pass the Nginx Basic Auth to ESXi or it will break VMRC.
proxy_pass_header X-XSRF-TOKEN;
proxy_pass https://esxi_server;
proxy_send_timeout 300;
proxy_read_timeout 300;
send_timeout 300;
client_max_body_size 1000m;
# enables WS support
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
@infraraja
Copy link

Thanks

Does anybody have a working version with vCenter 7.0 ? I can't make that thing work :-/
(Login processus has changed from 6.X to 7.0)

That was my working 6.X working for vCenter:

server {
        listen 443 ssl http2;
        # ssl_certificate and ssl_certificate_key are required
        ssl_certificate /etc/letsencrypt/live/myletsencryptdomain/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/myletsencryptdomain/privkey.pem;
        include /etc/nginx/snippets/ssl-params.conf;
        # removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange.
        server_name fqdn.extern;
        location / {
                proxy_set_header Host $http_host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_ssl_verify off; # No need on isolated LAN
                proxy_pass https://vcenter.ip; # esxi IP Address
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering off;
                client_max_body_size 0;
                proxy_read_timeout 36000s;
                proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
                #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
                }

                location /websso/SAML2 {
                proxy_set_header Host fqdn.local; # your actual vcenter's hostname
                proxy_set_header X-Real-IP $remote_addr;
                proxy_ssl_verify off; # No need on isolated LAN
                proxy_pass https://vcenter.ip; # esxi IP Address
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_buffering off;
                client_max_body_size 0;
                proxy_read_timeout 36000s;
                proxy_ssl_session_reuse on;
                proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
                #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
        }
  }

Bus as I'm new to NGINX, it a bit difficult to understand everything written above :-)

Thanks its works great!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment