From eb9abfc2c925998294a38c47e53cb40a0054ac5b Mon Sep 17 00:00:00 2001 From: Vladimir Protsenko Date: Fri, 10 Nov 2023 19:49:20 +0400 Subject: [PATCH] updated nginx proxy settings (hack version) --- module2/06_virtualization/tasks.md | 85 ++++++++++++++++++++---------- 1 file changed, 56 insertions(+), 29 deletions(-) diff --git a/module2/06_virtualization/tasks.md b/module2/06_virtualization/tasks.md index 1351b41..3e28eea 100644 --- a/module2/06_virtualization/tasks.md +++ b/module2/06_virtualization/tasks.md @@ -10,8 +10,8 @@ - сетевое устройство vmbrX. Параметры установки: -- IP из сети `192.168.0.0/24` (192.168.0.[201-202]), -- шлюз `192.168.0.1`, +- IP из сети `192.168.0.0/24` (192.168.0.[201-202]) или из сети 10.160.179.0/24, +- шлюз `192.168.0.1` или 10.160.179.1, - любой общедоступный DNS, - стандартный пароль для пользователя root, - доменные имена `n[1-2].studX.myoffice.ru`. @@ -48,36 +48,63 @@ server { ssl_certificate_key /etc/letsencrypt/live/stud15.myoffice.ru/privkey.pem; ssl_verify_client off; server_name _; - - location /proxmox/ { - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; - - proxy_set_header Accept-Encoding ""; - # Standard proxying headers - proxy_set_header Host stud12.myoffice.ru; - proxy_set_header X-Real-IP 193.32.63.182; + + location / { + if ($args ~ ^console) { + proxy_pass https://192.168.0.201:8006; + } + try_files $uri $uri/ =404; + } + location /ha/1 { + return 302 https://stud12.myoffice.ru/ha/1/; + } + location /ha/1/ { + # First attempt to serve request as file, then + # as directory, then fall back to displaying a 404. + #try_files $uri $uri/ =404; + proxy_pass http://backend/; + } + location /ha/2 { + return 302 https://stud12.myoffice.ru/ha/2/; + } + location /ha/2/ { + proxy_pass http://192.168.0.4/; + } + location /proxmox { + return 302 https://stud12.myoffice.ru/proxmox/; + } + location /proxmox/ { + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + + proxy_set_header Accept-Encoding ""; + + # Standard proxying headers (why do we need this?) + proxy_set_header Host stud12.myoffice.ru; + proxy_set_header X-Real-IP 193.32.63.182; + # You need to set this manually since we include this file inside a server block on a main config - proxy_set_header X-Forwarded-Host stud12.myoffice.ru; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host stud12.myoffice.ru; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # SSL proxying headers - proxy_set_header X-Forwarded-Proto $scheme; - proxy_set_header X-Forwarded-Ssl on; - - # hack. better to use subdomains. - sub_filter_once off; - sub_filter 'src="' 'src="/proxmox'; - sub_filter 'href="' 'href="/proxmox'; - sub_filter_types "text/html" "text/javascript" "application/json"; - - proxy_pass https://192.168.0.201:8006/; - } - # hack. better to use subdomains. - location /api2/ { - proxy_pass https://192.168.0.201:8006/api2/; - } + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-Ssl on; + + # hack + sub_filter_once off; + sub_filter 'stud12.myoffice.ru/' 'stud12.myoffice.ru/proxmox/'; + sub_filter 'src="' 'src="/proxmox'; + sub_filter 'href="' 'href="/proxmox'; + sub_filter_types "text/html" "text/javascript" "application/json"; + + proxy_pass https://192.168.0.201:8006/; + } + location ~ ^\/(pve2|api2|novnc|xtermjs|pve-doc|pwt) { + rewrite ^/(.+) /proxmox/$1; + proxy_pass https://192.168.0.201:8006/$request_uri; + } } ```