sofakng
Contributor
Contributor

Does this support using behind a reverse proxy?

Does this support being hosted behind an nginx/apache reverse proxy?

I've tested it and it doesn't seem to work...

0 Kudos
6 Replies
elesueur
VMware Employee
VMware Employee

There are some issues with reverse proxy and the assumptions about which URLs can be accessed absolutely.

See the feedback page on the Fling site for a bit of analysis and a possible workaround.

https://labs.vmware.com/flings/esxi-embedded-host-client#comment-538363

0 Kudos
MaartenVM
Contributor
Contributor

Yes, this works fully with an Apache reverse proxy. This is my Apache config to make it all work:

<VirtualHost *:443>

    ServerName esxi.example.com

    ServerAlias esxi

    SSLEngine On

    SSLCertificateFile /etc/ssl/certs/example.crt

    SSLCertificateKeyFile /etc/ssl/private/example.key

    SSLCertificateChainFile /etc/ssl/certs/sub.class2.server.ca.pem

    SSLProxyEngine On

    SSLProxyCACertificateFile /etc/ssl/certs/example.crt

    ProxyRequests Off

    ProxyPreserveHost On

    RewriteEngine on

    ProxyPass /sdk/ https://esxi/sdk/

    ProxyPassReverse /sdk/ https://esxi/sdk/

    ProxyPass /ticket/ wss://esxi/ticket/

    ProxyPassReverse /ticket/ wss://esxi/ticket/

    ProxyPassMatch ^(/screen.*)$ https://esxi.example.com$1

    ProxyPass / https://esxi/ui/ retry=1 keepalive=On

    ProxyPassReverse / https://esxi/ui/

    RequestHeader set X-Forwarded-HTTPS "0"

    CustomLog ${APACHE_LOG_DIR}/access_vmware.log combined

</VirtualHost>

0 Kudos
DaveWut
Contributor
Contributor

Hi, this configuration didn't worked for me. I ended using these directives instead:

RewriteEngine On
RewriteCond %{REQUEST_URI} ^/ticket [NC,OR]
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR]
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC]
RewriteRule .* wss://ip_address_or_server_name%{REQUEST_URI} [P,QSA,L]
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f
RewriteRule .* https://ip_address_or_server_name%{REQUEST_URI} [P,QSA,L]

<Location /ticket>
Require all granted
ProxyPassReverse wss://ip_address_or_server_name/ticket
ProxyPassReverseCookieDomain ip_address_or_server_name esx01.hostname.test
</Location>

<Location />
Require all granted
ProxyPassReverse https://ip_address_or_server_name/
ProxyPassReverseCookieDomain ip_address_or_server_name esx01.hostname.test
</Location>

Also, please note you need to enable mod_proxy_wstunnel.

0 Kudos
eduardz
Contributor
Contributor

Hello, can you post the entire config used for virtual host?

i get HTTP Status 400 - Unable to process request

0 Kudos
eduardz
Contributor
Contributor

not working ;

i have esxi 6

0 Kudos
mrakhras
Contributor
Contributor

After 3 hours of hard work... below configuration worked fine for me. Hope it can help you too.

I am using:

  • ESXi 6.5 u1 on Dell server
  • Apache 2.4.27 on windows 10 (WAMP Server 3.0.9 64bit)
  • Tested in Microsoft Edge & Chrome Version 61.0.3163.91 (Official Build) (64-bit)

Virtual Host Settings:

<VirtualHost *:443>

ServerName esx1.YourServer.com

SSLEngine On

SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

SSLCertificateFile "${INSTALL_DIR}/Cert/esx1.YourServer.com.crt"

SSLCertificateKeyFile "${INSTALL_DIR}/Cert/esx1.YourServer.com.key"

##SSLCACertificateFile "${INSTALL_DIR}/Cert/intermediate.key"

SSLProxyEngine on

SSLProxyVerify none

SSLProxyCheckPeerCN off

SSLProxyCheckPeerName off

SSLProxyCheckPeerExpire off

ProxyRequests Off

ProxyPreserveHost Off  

RequestHeader set "X-Forwarded-Proto" "https"

ProxyPass / https://192.168.1.101:443/

ProxyPassReverse / https://192.168.1.101:443/

</VirtualHost>

0 Kudos