vCenter 7.0 落后于 nginx 反向代理问题

vCenter 7.0 落后于 nginx 反向代理问题

别评判,我的实验室需要这个,我永远不会把它投入生产……

答案1

只需要添加两个参数proxy_set_header Host "fqdn.local"; 和sub_filter "fqdn.local" "fqdn.extern";

适用于 vCenter 7.0

server {
    listen 443 ssl http2;
    # ssl_certificate and ssl_certificate_key are required
    ssl_certificate /etc/letsencrypt/live/myletsencryptdomain/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/myletsencryptdomain/privkey.pem;
    include /etc/nginx/snippets/ssl-params.conf;
    # removed DH params as my ssl-params.conf specifies to only use ECDHE key exchange.

    server_name fqdn.extern;
    location / {
            proxy_set_header Host "fqdn.local";
            proxy_set_header Origin "fqdn.local";
            proxy_set_header X-Real-IP $remote_addr;
            proxy_ssl_verify off; # No need on isolated LAN
            proxy_pass https://fqdn.local; # esxi IP Address
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_buffering off;
            client_max_body_size 0;
            proxy_read_timeout 36000s;
            proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
            #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
            }

    location /websso/SAML2 {
            sub_filter "fqdn.local" "fqdn.extern";
            proxy_set_header Host fqdn.local; # your actual vcenter's hostname
            proxy_set_header X-Real-IP $remote_addr;
            proxy_ssl_verify off; # No need on isolated LAN
            proxy_pass https://fqdn.local; # esxi IP Address
            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";
            proxy_buffering off;
            client_max_body_size 0;
            proxy_read_timeout 36000s;
            proxy_ssl_session_reuse on;
            proxy_redirect https://fqdn.local/ https://fqdn.extern/; # read comment below
            #replace vcenter-hostname with your actual vcenter's hostname, and esxi with your nginx's server_name.
    }
}

答案2

我已使此配置与 vCenter 8.0 配合使用,并且任务查看器也正常运行:

location / {
    proxy_set_header Host vcenter_hostname;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass https://vcenter_hostname;
}
location /ui/app-fabric/ {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_pass https://vcenter_hostname;
}
location /websso/SAML2 {
    sub_filter "vcenter_hostname" "vcenter_reverse_proxy_hostname";
    proxy_set_header Host vcenter_hostname;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_ssl_session_reuse on;
    proxy_pass https://vcenter_hostname;
}

相关内容