Proxmox | /etc/default/pveproxy 文件

Proxmox | /etc/default/pveproxy 文件

我遇到了一个小问题。我试图禁用对 IP 地址的 proxmox Web 面板的访问,并为我的域启用它。正如我在 proxmox 网站上看到的那样(https://pve.proxmox.com/pve-docs/pveproxy.8.html) 我可以为基于主机的访问控制创建 pveproxy 文件。我确实设置了一个指向 127.0.0.1:8006 的 nginx 反向代理,并且我确实创建了包含以下内容的 pveproxy 文件:

ALLOW_FROM="127.0.0.1"
DENY_FROM="all"
POLICY="allow"

这是我的 NGINX 反向代理文件内容:

server {

        server_name *************;

         # Check for cross-framing - nuke bustards
        valid_referers none blocked server_names;
        if ($invalid_referer) {
            return 403;
        }
        # Hint for browsers
        add_header X-Frame-Options SAMEORIGIN;
        # Don't "detect" file type by extension (IE10+?)
        add_header X-Content-Type-Options nosniff;
        
        access_log /var/log/nginx/***-ssl-access.log;
        error_log /var/log/nginx/****-ssl-error.log;

        # load images, backups, iso...
        client_max_body_size 64m;

        include proxy_params;
        # Your certificates here must be
       # include ssl/proxmox.conf;

        location / {
                # Magick for VNC
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                include proxy_params;
                proxy_pass https://127.0.0.1:8006;
        }

        location ~* ^/(api2|novnc)/ {
                proxy_redirect off;
                # Magick for VNC
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                # Upload templates/iso
                location ~* ^/api2/json/nodes/.*/storage/.*/upload {
                        client_max_body_size 2000m;
                        # nginx-1.8+
                        proxy_request_buffering off;
                        proxy_max_temp_file_size 0;

                        include proxy_params;
                        proxy_pass https://127.0.0.1:8006;
                }

                include proxy_params;
                proxy_pass https://127.0.0.1:8006;
        }

        # MAGICK !!!
        # Proxmox Web-UI loads DEBUG version of ExtJS
        # And nginx waaaaaing sooo long. And hangs.
        # Do not proxy static files, just give them
        location ~* ^/pve2/(?<file>.*)$ {
                gzip_static on;
                root /usr/share/pve-manager;
                try_files /$file @proxmox;
        }
        # Special for proxmox-5.x
        location ~* ^/proxmox.*\.js$ {
                gzip_static on;
                root /usr/share/usr/share/javascript/proxmox-widget-toolkit;
                try_files $uri @proxmox;
        }
        location ~* ^/pve-docs/(?<file>.*)$ {
                gzip_static on;
                root /usr/share/pve-docs;
                try_files /$file @proxmox;
        }
        location @proxmox {
                internal;

                # Magick for VNC
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";

                # nginx-1.8+
                proxy_request_buffering off;
                proxy_max_temp_file_size 0;

                include proxy_params;
                proxy_pass https://127.0.0.1:8006;
        }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/****/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/*****/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = ****) {
        return 301 https://$host$request_uri;
    } # managed by Certbot



        listen 80;
        listen [::]:80;

        server_name *****;
    return 404; # managed by Certbot


}

但不知何故,我仍然可以通过服务器的 IP 地址访问我的 proxmox Web UI...有人知道为什么吗?

问候

相关内容