sergey-dryabzhinsky/nginx-vhost-proxprox.conf

## nginx-vhost-proxprox.conf
###
# Nginx vhost file to hide Proxmox pveproxy
# For 3.4+, 5.x version.
#
# Do not forget to create file
# /etc/default/pveproxy:
# ALLOW_FROM="127.0.0.1"
# DENY_FROM="all"
# POLICY="allow"
#
# @2019-08-05
# - disable big iso/templates upload buffering
#
# @2018-08-01 - changes
# - add missing special locations for proxmoxlib.js, vnc
#
# @2017-11-17 - changes
# - use nginx-1.10+ for https
# - move proxy_params inside locations cos
#   some parameters/header are dropping to defaults by the way
# - add other hacks to skip proxy to pveproxy: docs
# - add special location for api access
# - add some descriptions to options

server {
        # nginx-1.0+
        #listen 443 ssl;
        # nginx-1.6+
        #listen 443 ssl spdy;
        # nginx-1.10+
        listen 443 ssl http2;

        root    /var/www/default;

        # Set YOUR server name here
        server_name proxmox.example.com;

        # Check for cross-framing - nuke bustards
        valid_referers none blocked server_names;
        if ($invalid_referer) {
            return 403;
        }
        # Hint for browsers
        add_header X-Frame-Options SAMEORIGIN;
        # Don't "detect" file type by extension (IE10+?)
        add_header X-Content-Type-Options nosniff;

        access_log /var/log/nginx/proxmox.example.com-ssl-access.log;
        error_log /var/log/nginx/proxmox.example.com-ssl-error.log;

        # load images, backups, iso...
        client_max_body_size 64m;

        include proxy_params;
        # Your certificates here must be
        include ssl/proxmox.conf;

        # restrict supported by pveproxy ssl protocols
        # Special for Proxmox-3
        proxy_ssl_protocols     TLSv1;
        # Special for Proxmox-5+
        #proxy_ssl_protocols    TLSv1.2;

        location / {
                # Magic for VNC
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                include proxy_params;
                proxy_pass https://127.0.0.1:8006;
        }

        location ~* ^/(api2|novnc)/ {
                proxy_redirect off;
                # Magic for VNC
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                # Upload templates/iso
                location ~* ^/api2/json/nodes/.*/storage/.*/upload {
                        client_max_body_size 2000m;
                        # nginx-1.8+
                        proxy_request_buffering off;
                        proxy_max_temp_file_size 0;

                        include proxy_params;
                        proxy_pass https://127.0.0.1:8006;
                }

                include proxy_params;
                proxy_pass https://127.0.0.1:8006;
        }

        # MAGICK !!!
        # Proxmox Web-UI loads DEBUG version of ExtJS
        # And nginx waaaaaing sooo long. And hangs.
        # Do not proxy static files, just give them
        location ~* ^/pve2/(?<file>.*)$ {
                gzip_static on;
                root /usr/share/pve-manager;
                try_files /$file @proxmox;
        }
        # Special for proxmox-5.x
        location ~* ^/proxmox.*\.js$ {
                gzip_static on;
                root /usr/share/usr/share/javascript/proxmox-widget-toolkit;
                try_files $uri @proxmox;
        }
        location ~* ^/pve-docs/(?<file>.*)$ {
                gzip_static on;
                root /usr/share/pve-docs;
                try_files /$file @proxmox;
        }
        location @proxmox {
                internal;

                # Magic for VNC
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                # nginx-1.8+
                proxy_request_buffering off;
                proxy_max_temp_file_size 0;

                include proxy_params;
                proxy_pass https://127.0.0.1:8006;
        }
}
	###
	# Nginx vhost file to hide Proxmox pveproxy
	# For 3.4+, 5.x version.
	#
	# Do not forget to create file
	# /etc/default/pveproxy:
	# ALLOW_FROM="127.0.0.1"
	# DENY_FROM="all"
	# POLICY="allow"
	#
	# @2019-08-05
	# - disable big iso/templates upload buffering
	#
	# @2018-08-01 - changes
	# - add missing special locations for proxmoxlib.js, vnc
	#
	# @2017-11-17 - changes
	# - use nginx-1.10+ for https
	# - move proxy_params inside locations cos
	# some parameters/header are dropping to defaults by the way
	# - add other hacks to skip proxy to pveproxy: docs
	# - add special location for api access
	# - add some descriptions to options

	server {
	# nginx-1.0+
	#listen 443 ssl;
	# nginx-1.6+
	#listen 443 ssl spdy;
	# nginx-1.10+
	listen 443 ssl http2;

	root /var/www/default;

	# Set YOUR server name here
	server_name proxmox.example.com;

	# Check for cross-framing - nuke bustards
	valid_referers none blocked server_names;
	if ($invalid_referer) {
	return 403;
	}
	# Hint for browsers
	add_header X-Frame-Options SAMEORIGIN;
	# Don't "detect" file type by extension (IE10+?)
	add_header X-Content-Type-Options nosniff;

	access_log /var/log/nginx/proxmox.example.com-ssl-access.log;
	error_log /var/log/nginx/proxmox.example.com-ssl-error.log;

	# load images, backups, iso...
	client_max_body_size 64m;

	include proxy_params;
	# Your certificates here must be
	include ssl/proxmox.conf;

	# restrict supported by pveproxy ssl protocols
	# Special for Proxmox-3
	proxy_ssl_protocols TLSv1;
	# Special for Proxmox-5+
	#proxy_ssl_protocols TLSv1.2;

	location / {
	# Magic for VNC
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	include proxy_params;
	proxy_pass https://127.0.0.1:8006;
	}

	location ~* ^/(api2\|novnc)/ {
	proxy_redirect off;
	# Magic for VNC
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	# Upload templates/iso
	location ~* ^/api2/json/nodes/./storage/./upload {
	client_max_body_size 2000m;
	# nginx-1.8+
	proxy_request_buffering off;
	proxy_max_temp_file_size 0;

	include proxy_params;
	proxy_pass https://127.0.0.1:8006;
	}

	include proxy_params;
	proxy_pass https://127.0.0.1:8006;
	}

	# MAGICK !!!
	# Proxmox Web-UI loads DEBUG version of ExtJS
	# And nginx waaaaaing sooo long. And hangs.
	# Do not proxy static files, just give them
	location ~* ^/pve2/(?<file>.*)$ {
	gzip_static on;
	root /usr/share/pve-manager;
	try_files /$file @proxmox;
	}
	# Special for proxmox-5.x
	location ~* ^/proxmox.*\.js$ {
	gzip_static on;
	root /usr/share/usr/share/javascript/proxmox-widget-toolkit;
	try_files $uri @proxmox;
	}
	location ~* ^/pve-docs/(?<file>.*)$ {
	gzip_static on;
	root /usr/share/pve-docs;
	try_files /$file @proxmox;
	}
	location @proxmox {
	internal;

	# Magic for VNC
	proxy_set_header Upgrade $http_upgrade;
	proxy_set_header Connection "upgrade";

	# nginx-1.8+
	proxy_request_buffering off;
	proxy_max_temp_file_size 0;

	include proxy_params;
	proxy_pass https://127.0.0.1:8006;
	}
	}