I have a small problem. I was trying to disable access to the proxmox web panel for the ip address and enable it for my domain. As I saw on the proxmox website (https://pve.proxmox.com/pve-docs/pveproxy.8.html) I can create the pveproxy file for Host based Access Control. I did set up a nginx reverse proxy that points to 127.0.0.1:8006, and I did create the pveproxy file with the following content:
ALLOW_FROM="127.0.0.1"
DENY_FROM="all"
POLICY="allow"
And my here is my NGINX Reverse Proxy file content:
server {
server_name *************;
# Check for cross-framing - nuke bustards
valid_referers none blocked server_names;
if ($invalid_referer) {
return 403;
}
# Hint for browsers
add_header X-Frame-Options SAMEORIGIN;
# Don't "detect" file type by extension (IE10+?)
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/***-ssl-access.log;
error_log /var/log/nginx/****-ssl-error.log;
# load images, backups, iso...
client_max_body_size 64m;
include proxy_params;
# Your certificates here must be
# include ssl/proxmox.conf;
location / {
# Magick for VNC
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
location ~* ^/(api2|novnc)/ {
proxy_redirect off;
# Magick for VNC
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Upload templates/iso
location ~* ^/api2/json/nodes/.*/storage/.*/upload {
client_max_body_size 2000m;
# nginx-1.8+
proxy_request_buffering off;
proxy_max_temp_file_size 0;
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
# MAGICK !!!
# Proxmox Web-UI loads DEBUG version of ExtJS
# And nginx waaaaaing sooo long. And hangs.
# Do not proxy static files, just give them
location ~* ^/pve2/(?<file>.*)$ {
gzip_static on;
root /usr/share/pve-manager;
try_files /$file @proxmox;
}
# Special for proxmox-5.x
location ~* ^/proxmox.*\.js$ {
gzip_static on;
root /usr/share/usr/share/javascript/proxmox-widget-toolkit;
try_files $uri @proxmox;
}
location ~* ^/pve-docs/(?<file>.*)$ {
gzip_static on;
root /usr/share/pve-docs;
try_files /$file @proxmox;
}
location @proxmox {
internal;
# Magick for VNC
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# nginx-1.8+
proxy_request_buffering off;
proxy_max_temp_file_size 0;
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/****/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/*****/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = ****) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name *****;
return 404; # managed by Certbot
}
But somehow I still can access my proxmox web UI via the IP address of the server... Does anyone know why?
Greetings
