Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Well I couldn't get the Console to work with my Apache ProxyPass Server and then read about how people have used nginx successfully and after further reading found out it is basically built to be a proxy server. So long story short, here is my preferred/updated config for NGinX ProxyPass with the esXi html5 webclient with websocket support and SSL.

It is not necessary to install your ssl in the esxi host, but you can :)

Here is my page for NGinX Reverse Proxy.

But a few specifics about esxi html5 client.

First off the default folder /ui requires files below it in the web directory, this means proxypassing the /ui won't work and instead you need to proxypass the default webroot and manually type /ui.

I put in a request to have the necessary files linked to /ui, so this may not be necessary in the future. The only problem with proxypassing the default webroot is that if you don't type ui people can see the welcome screen. I actually moved everything from /ui into the default webroot @  /usr/lib/vmware/hostd/docroot/

[Update] I now use

rewrite     ^/$ /ui permanent;

which allows me to proxypass the webroot, but when i type it automatically moves me to!

Interestingly if you screw up, or even if you don't esxi repopulated the entire web directory after reboot even the /ui folder. So this workaround requires a reboot script or it isn't persistent.

I am not sure why, it could be my configuration, but I was also unable to proxy to https://ip/ successfully, I instead had to create a subdomain and proxy to https://ip/

NOTE during testing always use a trailing slash after /ui example -.... that took a while to figure out... and there was nothing wrong with my configs!

One thing I like about nginx is you can move things outside the server perameters and make them global to that configuartion file which is what I did. you can also include common configs, please read my linked page for NGinX above.

On to the configs!


ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;


server {
       listen         80;
       return         301 https://$server_name/;

server {
listen 443 ssl;

rewrite     ^/$ /ui permanent;

location / {

        proxy_pass          	https://192.168.XX.XXX:443/;
        include                 /etc/nginx/websocket-proxy.conf;


server {
   listen 80;
   return         301 https://$server_name$request_uri;
server {
listen 443 ssl;

location / {

      proxy_pass          https://192.168.XX.XXX:443/;
      include             /etc/nginx/proxy.conf

proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffers           32 4k;
proxy_redirect          off;
proxy_http_version      1.1;
proxy_set_header        Upgrade            $http_upgrade;
proxy_set_header        Connection         "Upgrade";
proxy_set_header        Authorization      "";
proxy_read_timeout      86400;
proxy_set_header        Host               $host;
proxy_set_header        X-Real-IP          $remote_addr;
proxy_set_header        X-Forwarded-Server $host;
proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
proxy_redirect          off;
  • No labels

1 Comment

  1. Anonymous


    I tried that, but when I attempt to open a VM Player's session, I have this error : "Ticket session not valid or expired"

    And then if I try to re-authenticate : "HTTP 404 Error"

    May be you can help me ?

    My nginx config is the same as yours. BTW is it normal you made a proxy.conf that you never include ?

    Thanks in advance,

    Guillaume T.