From 3fcb2cf587ba0e89d195a7bea1861619040dbc5d Mon Sep 17 00:00:00 2001 From: Vladimir Protsenko Date: Sun, 12 Nov 2023 22:44:25 +0000 Subject: [PATCH] Update virtualization proxy configuration --- module2/06_virtualization/tasks.md | 75 +++++++++++++++++++----------- 1 file changed, 48 insertions(+), 27 deletions(-) diff --git a/module2/06_virtualization/tasks.md b/module2/06_virtualization/tasks.md index 3e28eea..03198bb 100644 --- a/module2/06_virtualization/tasks.md +++ b/module2/06_virtualization/tasks.md @@ -34,7 +34,9 @@ root@n2 # pvecm status ``` ## 3. -Настройте доступ к веб-интерфейсу с помощью прокси сервера. Прокси-машина должна иметь два сетевых интерфейса, каждый в своей vlan: 499 и X. Первая vlan позволяет подключиться к прокси из сети интернет, вторая позволяет обмениваться данными между прокси и новым кластером Proxmox. +Настройте доступ к веб-интерфейсу с помощью прокси сервера. + +### Вариант прокси 1 для доступа по адресу https://studX.myoffice.ru/proxmox/ Пример настройки прокси сервера nginx. ``` @@ -47,29 +49,15 @@ server { ssl_certificate /etc/letsencrypt/live/stud15.myoffice.ru/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/stud15.myoffice.ru/privkey.pem; ssl_verify_client off; - server_name _; + server_name stud12.myoffice.ru; location / { + # this is for if ($args ~ ^console) { proxy_pass https://192.168.0.201:8006; } try_files $uri $uri/ =404; - } - location /ha/1 { - return 302 https://stud12.myoffice.ru/ha/1/; - } - location /ha/1/ { - # First attempt to serve request as file, then - # as directory, then fall back to displaying a 404. - #try_files $uri $uri/ =404; - proxy_pass http://backend/; - } - location /ha/2 { - return 302 https://stud12.myoffice.ru/ha/2/; - } - location /ha/2/ { - proxy_pass http://192.168.0.4/; - } + } location /proxmox { return 302 https://stud12.myoffice.ru/proxmox/; } @@ -81,8 +69,8 @@ server { proxy_set_header Accept-Encoding ""; # Standard proxying headers (why do we need this?) - proxy_set_header Host stud12.myoffice.ru; - proxy_set_header X-Real-IP 193.32.63.182; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; # You need to set this manually since we include this file inside a server block on a main config proxy_set_header X-Forwarded-Host stud12.myoffice.ru; @@ -92,15 +80,9 @@ server { proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; - # hack - sub_filter_once off; - sub_filter 'stud12.myoffice.ru/' 'stud12.myoffice.ru/proxmox/'; - sub_filter 'src="' 'src="/proxmox'; - sub_filter 'href="' 'href="/proxmox'; - sub_filter_types "text/html" "text/javascript" "application/json"; - proxy_pass https://192.168.0.201:8006/; } + # Hacks location ~ ^\/(pve2|api2|novnc|xtermjs|pve-doc|pwt) { rewrite ^/(.+) /proxmox/$1; proxy_pass https://192.168.0.201:8006/$request_uri; @@ -108,6 +90,45 @@ server { } ``` +### Вариант прокси 2 для доступа по адресу https://proxmox.studX.myoffice.ru/ + +``` +server { + listen 80 default_server; + listen [::]:80 default_server; + return 301 https://$host$request_uri; +} +server { + listen 443 ssl; + ssl_certificate /etc/letsencrypt/live/stud12.samara-myoffice.space/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/stud12.samara-myoffice.space/privkey.pem; + ssl_verify_client off; + server_name proxmox.stud12.samara-myoffice.space; + + location / { + # for websockets + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + # Standard proxying headers + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + + # You need to set this manually since we include this file inside a server block on a main config + proxy_set_header X-Forwarded-Host proxmox.stud12.samara-myoffice.space; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + + # SSL proxying headers + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Ssl on; + + proxy_pass https://10.160.179.184:8006; + } +} +``` + + ## 4. Создайте виртуальную машину в новом Proxmox. Скачайте образ `Core` проекта `Tiny Core Linux` http://tinycorelinux.net/downloads.html.