Logo

Armand.nz

Home / About / Linkedin / Github

Installing Nginx as a reverse proxy for your Proxmox Web interface

#proxmox #nginx |

Configuring Nginx as a reverse proxy for your Proxmox Web interface enables access to Proxmox VE through the standard HTTPS port 443.

This is particularly useful in scenarios where a firewall might block port 8006. As altering the port configuration in Proxmox isn’t recommended, employing Nginx as a proxy is an effective solution to make the web interface accessible on the default HTTPS port 443. Let’s get started with deploying NGINX on the PVE server…

Install Nginx

Most Linux distributions and BSD variants include NGINX in their standard package repositories, allowing installation using the respective package management systems (such as apt for Debian).

However, it’s important to note that these packages may not always be up-to-date.with the latest features and bug fixes, building from a source or using packages directly from nginx.org is recommended.

Given this, I prefer installing NGINX from the Official Debian NGINX packages. This approach ensures I’m working with a current version and allows me to configure NGINX in a familiar way. Specifically, I avoid using the sites-available / sites-enabled structure, which isn’t employed in the upstream packaging of NGINX from http://nginx.org/packages/.

Finally, you have the option to install either the Mainline or Stable branch of NGINX. The Mainline version incorporates the most recent features and bug fixes, ensuring it is consistently up-to-date. While generally reliable, it might contain experimental modules and potentially a few new bugs. On the other hand, the Stable version may not have all the latest features, but it includes crucial bug fixes that are regularly backported from the mainline version. I recommend Mainline.**

  1. Follow official documentation to install the prebuilt Debian Package from the Official NGINX Repository

Proxmox NGINX config

Create a Nginx config that will proxy localhost:8006

  1. Remove the default config file:
rm /etc/nginx/conf.d/default
  1. Create a new config file. You can name the configuration filename to whatever you want, but it must have a .conf file extension.
upstream proxmox {
    server localhost:8006; #  GINX is installed on the single node PVE server
}

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;

}

server {
    listen 443 ssl;
    server_name _;
    ssl_certificate /etc/ssl/armsultan.com.crt; # Your own PEM cert
    ssl_certificate_key /etc/ssl/armsultan.com.key; # Your own PEM key cert
    proxy_redirect off;

    location / {
    	proxy_ssl_protocols TLSv1.2;
    		
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        proxy_buffering off;
        client_max_body_size 0;
        proxy_connect_timeout  3600s;
        proxy_read_timeout  3600s;
        proxy_send_timeout  3600s;
        send_timeout  3600s;
        
        proxy_pass https://proxmox;
    }
}
  1. Validate updated Nginx Config and Reload the Nginx process
nginx -t && nginx -s reload
  1. Test in your web browser or terminal
curl http://pve.armsultan.com -Lks | grep \<title\>

<title>pve - Proxmox Virtual Environment</title>
comments powered byDisqus

Copyright © Armand