Page tree

Welcome to FreeSoftwareServers Confluence Wiki

Skip to end of metadata
Go to start of metadata

Well I couldn't get the Console to work with my Apache ProxyPass Server and then read about how people have used nginx successfully and after further reading found out it is basically built to be a proxy server. So long story short, here is my preferred/updated config for NGinX ProxyPass with the esXi html5 webclient with websocket support and SSL.

It is not necessary to install your ssl in the esxi host, but you can :)

Here is my page for NGinX Reverse Proxy.

But a few specifics about esxi html5 client.

First off the default folder /ui requires files below it in the web directory, this means proxypassing the /ui won't work and instead you need to proxypass the default webroot and manually type /ui.

I put in a request to have the necessary files linked to /ui, so this may not be necessary in the future. The only problem with proxypassing the default webroot is that if you don't type ui people can see the welcome screen. I actually moved everything from /ui into the default webroot @  /usr/lib/vmware/hostd/docroot/

[Update] I now use

rewrite     ^/$ /ui permanent;

which allows me to proxypass the webroot, but when i type subdomain.domain.com it automatically moves me to subdomain.domain.com/ui!

Interestingly if you screw up, or even if you don't esxi repopulated the entire web directory after reboot even the /ui folder. So this workaround requires a reboot script or it isn't persistent.

I am not sure why, it could be my configuration, but I was also unable to proxy domain.com/path to https://ip/ successfully, I instead had to create a subdomain and proxy subdomain.domain.com to https://ip/

NOTE during testing always use a trailing slash after /ui example https://subdomain.domain.com/ui/ -.... that took a while to figure out... and there was nothing wrong with my configs!

One thing I like about nginx is you can move things outside the server perameters and make them global to that configuartion file which is what I did. you can also include common configs, please read my linked page for NGinX above.

On to the configs!

 

##GLOBAL SSL
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/private/server.key;

##ESXI SUBDOMAIN

server {
       listen         80;
       server_name    subdomain.freesoftwareservers.com;
       
       return         301 https://$server_name/;
}

server {
listen 443 ssl;
server_name subdomain.domain.com;

rewrite     ^/$ /ui permanent;

location / {

        proxy_pass          	https://192.168.XX.XXX:443/;
        include                 /etc/nginx/websocket-proxy.conf;
    }
}

##DEFAULT DOMAIN

server {
   listen 80;
   server_name    www.domain.com domain.com;
   return         301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name www.domain.com domain.com;

location / {

      proxy_pass          https://192.168.XX.XXX:443/;
      include             /etc/nginx/proxy.conf

    }
}
 ##/etc/nginx/proxy.conf
proxy_set_header        Host            $host;
proxy_set_header        X-Real-IP       $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffers           32 4k;
proxy_redirect          off;
 ##/etc/nginx/websocket-proxy.conf
proxy_http_version      1.1;
proxy_set_header        Upgrade            $http_upgrade;
proxy_set_header        Connection         "Upgrade";
proxy_set_header        Authorization      "";
proxy_read_timeout      86400;
proxy_set_header        Host               $host;
proxy_set_header        X-Real-IP          $remote_addr;
proxy_set_header        X-Forwarded-Server $host;
proxy_set_header        X-Forwarded-For    $proxy_add_x_forwarded_for;
proxy_redirect          off;
  • No labels

1 Comment

  1. Anonymous

    Hello,

    I tried that, but when I attempt to open a VM Player's session, I have this error : "Ticket session not valid or expired" http://img11.hostingpics.net/pics/5882562016122709h5326.png

    And then if I try to re-authenticate : "HTTP 404 Error" http://img11.hostingpics.net/pics/7382942016122709h4911.png

    May be you can help me ?

    My nginx config is the same as yours. BTW is it normal you made a proxy.conf that you never include ?

    Thanks in advance,

    Guillaume T.