how to setup proxmox with nginx as reverse proxy

/  No Comments

The setup of nginx is basically the same as described here, but some additional directives have to be configured to make Websockets, used for the noVNC console, work:

cat /etc/nginx/sites-available/proxmox

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen [::]:443 ssl;
    server_name YOUR-FQDN-HERE;
    ssl on;
    ssl_certificate /etc/nginx/ssl/certs/cert.crt;
    ssl_certificate_key /etc/nginx/ssl/certs/cert.key;
    client_max_body_size 5g;
    proxy_read_timeout 300s;
    proxy_send_timeout 300s;
    error_log /var/log/nginx/proxmox/error.log;
    access_log /var/log/nginx/proxmox/access.log;
    location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        # Also proxy websocket
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        
        # proxy backend
        proxy_pass https://127.0.0.1:8006;
    }
}

The Important parts are:

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}
# Also proxy websocket
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

I also increased the send and receive timeouts from default 60 seconds to 5 minutes for the console to not close when no data is transferred.
Additionally the max_body_size was increased to 5 GB to allow uploads of huge ISOs via the Web UI.

Note that this works with Cloudflare just fine, they just recently announced Websocket support for free customers.

Leave a Reply

Your email address will not be published. Required fields are marked *