Does this support being hosted behind an nginx/apache reverse proxy?
I've tested it and it doesn't seem to work...
There are some issues with reverse proxy and the assumptions about which URLs can be accessed absolutely.
See the feedback page on the Fling site for a bit of analysis and a possible workaround.
https://labs.vmware.com/flings/esxi-embedded-host-client#comment-538363
Yes, this works fully with an Apache reverse proxy. This is my Apache config to make it all work:
<VirtualHost *:443>
ServerName esxi.example.com
ServerAlias esxi
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example.crt
SSLCertificateKeyFile /etc/ssl/private/example.key
SSLCertificateChainFile /etc/ssl/certs/sub.class2.server.ca.pem
SSLProxyEngine On
SSLProxyCACertificateFile /etc/ssl/certs/example.crt
ProxyRequests Off
ProxyPreserveHost On
RewriteEngine on
ProxyPass /sdk/ https://esxi/sdk/
ProxyPassReverse /sdk/ https://esxi/sdk/
ProxyPass /ticket/ wss://esxi/ticket/
ProxyPassReverse /ticket/ wss://esxi/ticket/
ProxyPassMatch ^(/screen.*)$ https://esxi.example.com$1
ProxyPass / https://esxi/ui/ retry=1 keepalive=On
ProxyPassReverse / https://esxi/ui/
RequestHeader set X-Forwarded-HTTPS "0"
CustomLog ${APACHE_LOG_DIR}/access_vmware.log combined
</VirtualHost>
Hi, this configuration didn't worked for me. I ended using these directives instead:
RewriteEngine On | |
RewriteCond %{REQUEST_URI} ^/ticket [NC,OR] | |
RewriteCond %{HTTP:UPGRADE} ^WebSocket$ [NC,OR] | |
RewriteCond %{HTTP:CONNECTION} ^Upgrade$ [NC] | |
RewriteRule .* wss://ip_address_or_server_name%{REQUEST_URI} [P,QSA,L] | |
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f | |
RewriteRule .* https://ip_address_or_server_name%{REQUEST_URI} [P,QSA,L] | |
<Location /ticket> | ||
Require all granted | ||
ProxyPassReverse wss://ip_address_or_server_name/ticket | ||
ProxyPassReverseCookieDomain ip_address_or_server_name esx01.hostname.test | ||
</Location> |
<Location /> | ||
Require all granted | ||
ProxyPassReverse https://ip_address_or_server_name/ | ||
ProxyPassReverseCookieDomain ip_address_or_server_name esx01.hostname.test | ||
</Location> |
Also, please note you need to enable mod_proxy_wstunnel.
Hello, can you post the entire config used for virtual host?
i get HTTP Status 400 - Unable to process request
not working ;
i have esxi 6
After 3 hours of hard work... below configuration worked fine for me. Hope it can help you too.
I am using:
Virtual Host Settings:
<VirtualHost *:443>
ServerName esx1.YourServer.com
SSLEngine On
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile "${INSTALL_DIR}/Cert/esx1.YourServer.com.crt"
SSLCertificateKeyFile "${INSTALL_DIR}/Cert/esx1.YourServer.com.key"
##SSLCACertificateFile "${INSTALL_DIR}/Cert/intermediate.key"
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyRequests Off
ProxyPreserveHost Off
RequestHeader set "X-Forwarded-Proto" "https"
ProxyPass / https://192.168.1.101:443/
ProxyPassReverse / https://192.168.1.101:443/
</VirtualHost>