我遇到了一个小问题。我试图禁用对 IP 地址的 proxmox Web 面板的访问,并为我的域启用它。正如我在 proxmox 网站上看到的那样(https://pve.proxmox.com/pve-docs/pveproxy.8.html) 我可以为基于主机的访问控制创建 pveproxy 文件。我确实设置了一个指向 127.0.0.1:8006 的 nginx 反向代理,并且我确实创建了包含以下内容的 pveproxy 文件:
ALLOW_FROM="127.0.0.1"
DENY_FROM="all"
POLICY="allow"
这是我的 NGINX 反向代理文件内容:
server {
server_name *************;
# Check for cross-framing - nuke bustards
valid_referers none blocked server_names;
if ($invalid_referer) {
return 403;
}
# Hint for browsers
add_header X-Frame-Options SAMEORIGIN;
# Don't "detect" file type by extension (IE10+?)
add_header X-Content-Type-Options nosniff;
access_log /var/log/nginx/***-ssl-access.log;
error_log /var/log/nginx/****-ssl-error.log;
# load images, backups, iso...
client_max_body_size 64m;
include proxy_params;
# Your certificates here must be
# include ssl/proxmox.conf;
location / {
# Magick for VNC
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
location ~* ^/(api2|novnc)/ {
proxy_redirect off;
# Magick for VNC
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Upload templates/iso
location ~* ^/api2/json/nodes/.*/storage/.*/upload {
client_max_body_size 2000m;
# nginx-1.8+
proxy_request_buffering off;
proxy_max_temp_file_size 0;
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
# MAGICK !!!
# Proxmox Web-UI loads DEBUG version of ExtJS
# And nginx waaaaaing sooo long. And hangs.
# Do not proxy static files, just give them
location ~* ^/pve2/(?<file>.*)$ {
gzip_static on;
root /usr/share/pve-manager;
try_files /$file @proxmox;
}
# Special for proxmox-5.x
location ~* ^/proxmox.*\.js$ {
gzip_static on;
root /usr/share/usr/share/javascript/proxmox-widget-toolkit;
try_files $uri @proxmox;
}
location ~* ^/pve-docs/(?<file>.*)$ {
gzip_static on;
root /usr/share/pve-docs;
try_files /$file @proxmox;
}
location @proxmox {
internal;
# Magick for VNC
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# nginx-1.8+
proxy_request_buffering off;
proxy_max_temp_file_size 0;
include proxy_params;
proxy_pass https://127.0.0.1:8006;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/****/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/*****/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = ****) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name *****;
return 404; # managed by Certbot
}
但不知何故,我仍然可以通过服务器的 IP 地址访问我的 proxmox Web UI...有人知道为什么吗?
问候