Neoon's Wiki

User Tools

Site Tools

Trace: docker_basics
proxmox_nginx

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
proxmox_nginx [2016/07/17 10:14] neoonproxmox_nginx [2021/11/25 22:42] (current) – external edit 127.0.0.1
Line 11: Line 11:
     proxy_redirect off;     proxy_redirect off;
     location / {     location / {
-    proxy_set_header X-Forwarded-Proto https;+        proxy_set_header X-Forwarded-Proto https;
         proxy_pass https://127.0.0.1:8006;         proxy_pass https://127.0.0.1:8006;
                  
Line 23: Line 23:
 Make sure you replace ssl_certificate and ssl_certificate_key Make sure you replace ssl_certificate and ssl_certificate_key
  
-Restart Nginx: service nginx restart, it should return no errors.+Restart Nginx: 
 +  service nginx restart
  
 Second step, Turn the pveproxy to localhost only. Copy this file to: /etc/default/pveproxy Second step, Turn the pveproxy to localhost only. Copy this file to: /etc/default/pveproxy
Line 31: Line 32:
   POLICY="allow"   POLICY="allow"
      
-Restart pveproxy: service pveproxy+You can also block it over iptables, since it does not fully work anymore on 5.x. 
 +  post-up iptables -A INPUT -p tcp --dport 8006 -s 127.0.0.0/8 -j ACCEPT #allow localhost for reverse proxy 
 +  post-up iptables -A INPUT -p tcp --dport 8006 -j DROP #webinterface 
 +  post-up iptables -A INPUT -p tcp --dport 3128 -j DROP #spiceproxy 
 + 
 +   
 +Restart pveproxy: 
 +  service pveproxy restart
  
 https://YOURIP:8006 should be not more reachable. https://YOURIP:8006 should be not more reachable.
  
  
proxmox_nginx.1468750450.txt.gz · Last modified: 2021/11/25 22:43 (external edit)
Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki