Update virtualization proxy configuration

pull/3/head
Vladimir Protsenko 1 year ago
parent 50e1353e23
commit 3fcb2cf587

@ -34,7 +34,9 @@ root@n2 # pvecm status
``` ```
## 3. ## 3.
Настройте доступ к веб-интерфейсу с помощью прокси сервера. Прокси-машина должна иметь два сетевых интерфейса, каждый в своей vlan: 499 и X. Первая vlan позволяет подключиться к прокси из сети интернет, вторая позволяет обмениваться данными между прокси и новым кластером Proxmox. Настройте доступ к веб-интерфейсу с помощью прокси сервера.
### Вариант прокси 1 для доступа по адресу https://studX.myoffice.ru/proxmox/
Пример настройки прокси сервера nginx. Пример настройки прокси сервера nginx.
``` ```
@ -47,29 +49,15 @@ server {
ssl_certificate /etc/letsencrypt/live/stud15.myoffice.ru/fullchain.pem; ssl_certificate /etc/letsencrypt/live/stud15.myoffice.ru/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stud15.myoffice.ru/privkey.pem; ssl_certificate_key /etc/letsencrypt/live/stud15.myoffice.ru/privkey.pem;
ssl_verify_client off; ssl_verify_client off;
server_name _; server_name stud12.myoffice.ru;
location / { location / {
# this is for
if ($args ~ ^console) { if ($args ~ ^console) {
proxy_pass https://192.168.0.201:8006; proxy_pass https://192.168.0.201:8006;
} }
try_files $uri $uri/ =404; try_files $uri $uri/ =404;
} }
location /ha/1 {
return 302 https://stud12.myoffice.ru/ha/1/;
}
location /ha/1/ {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
#try_files $uri $uri/ =404;
proxy_pass http://backend/;
}
location /ha/2 {
return 302 https://stud12.myoffice.ru/ha/2/;
}
location /ha/2/ {
proxy_pass http://192.168.0.4/;
}
location /proxmox { location /proxmox {
return 302 https://stud12.myoffice.ru/proxmox/; return 302 https://stud12.myoffice.ru/proxmox/;
} }
@ -81,8 +69,8 @@ server {
proxy_set_header Accept-Encoding ""; proxy_set_header Accept-Encoding "";
# Standard proxying headers (why do we need this?) # Standard proxying headers (why do we need this?)
proxy_set_header Host stud12.myoffice.ru; proxy_set_header Host $host;
proxy_set_header X-Real-IP 193.32.63.182; proxy_set_header X-Real-IP $remote_addr;
# You need to set this manually since we include this file inside a server block on a main config # You need to set this manually since we include this file inside a server block on a main config
proxy_set_header X-Forwarded-Host stud12.myoffice.ru; proxy_set_header X-Forwarded-Host stud12.myoffice.ru;
@ -92,15 +80,9 @@ server {
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Ssl on;
# hack
sub_filter_once off;
sub_filter 'stud12.myoffice.ru/' 'stud12.myoffice.ru/proxmox/';
sub_filter 'src="' 'src="/proxmox';
sub_filter 'href="' 'href="/proxmox';
sub_filter_types "text/html" "text/javascript" "application/json";
proxy_pass https://192.168.0.201:8006/; proxy_pass https://192.168.0.201:8006/;
} }
# Hacks
location ~ ^\/(pve2|api2|novnc|xtermjs|pve-doc|pwt) { location ~ ^\/(pve2|api2|novnc|xtermjs|pve-doc|pwt) {
rewrite ^/(.+) /proxmox/$1; rewrite ^/(.+) /proxmox/$1;
proxy_pass https://192.168.0.201:8006/$request_uri; proxy_pass https://192.168.0.201:8006/$request_uri;
@ -108,6 +90,45 @@ server {
} }
``` ```
### Вариант прокси 2 для доступа по адресу https://proxmox.studX.myoffice.ru/
```
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/stud12.samara-myoffice.space/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stud12.samara-myoffice.space/privkey.pem;
ssl_verify_client off;
server_name proxmox.stud12.samara-myoffice.space;
location / {
# for websockets
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Standard proxying headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
# You need to set this manually since we include this file inside a server block on a main config
proxy_set_header X-Forwarded-Host proxmox.stud12.samara-myoffice.space;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# SSL proxying headers
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on;
proxy_pass https://10.160.179.184:8006;
}
}
```
## 4. ## 4.
Создайте виртуальную машину в новом Proxmox. Скачайте образ `Core` проекта `Tiny Core Linux` http://tinycorelinux.net/downloads.html. Создайте виртуальную машину в новом Proxmox. Скачайте образ `Core` проекта `Tiny Core Linux` http://tinycorelinux.net/downloads.html.

Loading…
Cancel
Save