User Tools

Site Tools


Copy this file to /etc/nginx/sites-enabled/proxmox

server {
  listen 443;
  ssl on;
  ssl_certificate /etc/nginx/ssl/ssl.crt;
  ssl_certificate_key /etc/nginx/ssl/ssl.key;
  proxy_redirect off;
  location / {
      proxy_set_header X-Forwarded-Proto https;
      proxy_http_version 1.1;
      proxy_set_header Connection $http_connection;
      proxy_set_header Origin http://$host;
      proxy_set_header Upgrade $http_upgrade;

Make sure you replace ssl_certificate and ssl_certificate_key

Restart Nginx:

service nginx restart

Second step, Turn the pveproxy to localhost only. Copy this file to: /etc/default/pveproxy


You can also block it over iptables, since it does not fully work anymore on 5.x.

post-up iptables -A INPUT -p tcp --dport 8006 -s -j ACCEPT #allow localhost for reverse proxy
post-up iptables -A INPUT -p tcp --dport 8006 -j DROP #webinterface
post-up iptables -A INPUT -p tcp --dport 3128 -j DROP #spiceproxy

Restart pveproxy:

service pveproxy restart

https://YOURIP:8006 should be not more reachable.

proxmox_nginx.txt · Last modified: 2021/11/25 22:42 by

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki