0

I installed nginx in order to be a lazy person and just go to proxmox.domain.com instead of proxmox.domain.com:8006, but now I can't access the VNC client when connected to the first address, although I can doing the ip+port. A friend of mine pointed out that I have to forward web sockets, so I hit the keyboard and googled it and found this. I tried everything in there, and it isn't working. I have restarted nginx and it said that the config file worked. 

location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $http_host;
            proxy_pass https://localhost:8006;
    }

    location /websockify {
            proxy_http_version 1.1;
            proxy_pass http://127.0.0.1:6080;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            # VNC connection timeout
            proxy_read_timeout 3600s;

            #disable cache
            proxy_buffering off;
    }

    location /vncws/ {
            proxy_pass http://127.0.0.1:6080;
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

    }

This is the block of config in my /etc/nginx/sites-enabled/proxmox. What am I doing wrong?

Seth G.
  • 101
  • 2

1 Answers1

0

This configuration works for me, and does everything you're looking to accomplish. It also automatically redirects http requests to https. In my config, I generated my own SSL certificates through letsencrypt for a proper CA authentication.

upstream proxmoxhost {
    server localhost:8006;
}

server {
    listen 80 http2;
    listen [::]:80 http2;
    server_name proxmox.domain.com;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name proxmox.domain.com;
    ssl_certificate /etc/dehydrated/certs/star_domain_com/fullchain.pem;
    ssl_certificate_key /etc/dehydrated/certs/star_domain_com/privkey.pem;

    location / {
            proxy_pass https://proxmoxhost/;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_http_version 1.1;
    }
}

Note the trailing slash in proxy_pass directive, VNC connection inside the browser does not work without it.

PLANTROON
  • 13
  • 3
Telperion
  • 11
  • 1
  • 4