Question

Access Vsphere web client using Nginx reverse proxy

We have a deployment scenario where in we want to expose a public url and behind that access vcenter web client through Nginx using reverse proxy. Currently we are only able to access the login page which gets stuck when we enter the credentials.

Following is our conf file:

server { listen 80; server_name localhost; #access_log logs/host.access.log main;

    location / {
        root   html;
        index  index.html index.htm;
        resolver DNS server;
        proxy_pass vecenter IP;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

Subscribe
Share

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Doing a little searching I’ve found that a simple reverse proxy will not work for vcenter but i was able to find this repository which includes a sample nginx configuration and the other things needed to proxy vcenter.

The following line fixes the redirect issue. Now I’m getting a 404 error for /websso/SAML2/SSOSSL. The link it’s trying to go to looks just the same as when it’s working locally minus using the IP. Not yet working, but at least I know I’m definitely getting to the server from an external source.

proxy_redirect https://192.168.1.128 https://example.com;

Ok, I was testing externally using a VPN. I’m testing from an external system today, and it’s not working. It looks like it was still saying example.com, but it was actually using 192.168.1.128. I’ve also noticed the HTTPS cert isn’t showing as secure. I’ll follow up if I ever figure out why it doesn’t seem to actually be proxying appropriately.

I’ve got it working with vCenter 6 using ryanpq’s answer and some decent modifications. this repository

Here’s my nginx.conf, minus my site’s name and some comments. I had to add some things and move things around, and I didn’t see that port 7331 was needed at all when I connected locally so it was removed. You can compare with what I’ve linked above. Keep in mind, ports 443 and 9443 need to be forwarded to your NGINX server. Also, remember that your vSphere web client will be at https://<vcenter ip>/vsphere-client. I hope this helps others.

#user html;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
            worker_connections  1024;
}


http {


#
# A virtual host using mix of IP-, name-, and port-based configuration
#

        proxy_set_header            Host            $http_host;
        proxy_set_header            X-Real-IP       $remote_addr;
        proxy_set_header            X-Forwared-For  $proxy_add_x_forwarded_for;

#
# The upstream VCSA hostname or IP address for port 9443
#
        upstream vcsa-9443 {
                  server 192.168.1.128:9443;
        }

#
# HTTP => HTTPS redirect
#
        server {
                listen        80;
                server_name   example.com;

                location / {
                        allow all;
                        return 302 https://$server_name$request_uri;
                }
        }

#
# Main HTTPS Reverse Proxy for the VCSA
#
        server {
                listen        443 ssl;
                listen        9443 ssl;
                server_name   example.com;

                ssl_certificate  /etc/letsencrypt/live/example.com/fullchain.pem;
                ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
                ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
                ssl_ciphers    HIGH:!aNULL:!MD5;
                keepalive_timeout 60;

                location /vsphere-client {
                        allow all;
                        proxy_set_header Host $http_host;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                        proxy_pass https://vcsa-9443;
                }
        }
}