别评判,我的实验室需要这个,我永远不会把它投入生产……
答案1
只需要添加两个参数proxy_set_header Host "fqdn.local"; 和sub_filter "fqdn.local" "fqdn.extern";
适用于 vCenter 7.0
server {
listen 443 ssl http2;
# ssl_certificate and ssl_certificate_key are required
ssl_certificate /etc/letsencrypt/live/myletsencryptdomain/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myletsencryptdomain/privkey.pem;
include /etc/nginx/snippets/ssl-params.conf;
# removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange.
server_name fqdn.extern;
location / {
proxy_set_header Host "fqdn.local";
proxy_set_header Origin "fqdn.local";
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off; # No need on isolated LAN
proxy_pass https://fqdn.local; # esxi IP Address
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
#replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
}
location /websso/SAML2 {
sub_filter "fqdn.local" "fqdn.extern";
proxy_set_header Host fqdn.local; # your actual vcenter's hostname
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off; # No need on isolated LAN
proxy_pass https://fqdn.local; # esxi IP Address
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_ssl_session_reuse on;
proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
#replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
}
}
答案2
我已使此配置与 vCenter 8.0 配合使用,并且任务查看器也正常运行:
location / {
proxy_set_header Host vcenter_hostname;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://vcenter_hostname;
}
location /ui/app-fabric/ {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass https://vcenter_hostname;
}
location /websso/SAML2 {
sub_filter "vcenter_hostname" "vcenter_reverse_proxy_hostname";
proxy_set_header Host vcenter_hostname;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_ssl_session_reuse on;
proxy_pass https://vcenter_hostname;
}