HomeContact

Setting Up Nginx on Rocky Linux as a Reverse Proxy for Proxmox

By Shady Nagy
Published in Linux
May 04, 2024
1 min read
Setting Up Nginx on Rocky Linux as a Reverse Proxy for Proxmox

Table Of Contents

01
Introduction
02
Step 1: Install Rocky Linux
03
Step 2: Install Nginx
04
Step 3: Obtain SSL Certificates
05
Step 4: Configure Nginx
06
Step 5: Adjust SELinux Policies
07
Step 6: Test and Restart Nginx
08
Step 7: Configure Firewall
09
Step 8: Verify the Setup
10
Conclusion
11
Feedback and Questions

Introduction

This guide walks you through setting up Nginx on Rocky Linux to serve as a reverse proxy for Proxmox using HTTPS on a subdomain. Proxmox VE is a comprehensive open-source platform for enterprise virtualization that tightly integrates KVM hypervisor and LXC containers, software-defined networking, and storage. This setup allows you to manage virtual machines, containers, highly available clusters, storage, and network configuration on a single platform with ease.

Step 1: Install Rocky Linux

Ensure Rocky Linux is installed. Refer to the official Rocky Linux website for installation instructions if needed.

Step 2: Install Nginx

Install Nginx and start the service using the following commands:

sudo dnf update
sudo dnf install nginx
sudo systemctl enable nginx
sudo systemctl start nginx

Step 3: Obtain SSL Certificates

If you don’t already have SSL certificates, you can obtain them using Certbot:

sudo dnf install certbot python3-certbot-nginx
sudo certbot --nginx -d subdomain.yourdomain.com

Follow the prompts to enable HTTPS automatically.

Step 4: Configure Nginx

Create or edit your Nginx configuration file. Here’s a configuration tailored to your needs:

upstream proxmox {
server 192.168.1.200:8006; # Proxmox server IP and port
}
server {
listen 80;
server_name subdomain.yourdomain.com;
return 301 https://$host$request_uri; # Redirect HTTP to HTTPS
}
server {
listen 443 ssl;
server_name subdomain.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/subdomain.yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.yourdomain.com/privkey.pem;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_verify off;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://proxmox;
proxy_read_timeout 360s;
proxy_connect_timeout 360s;
proxy_send_timeout 360s;
proxy_buffering off;
client_max_body_size 0;
}
}

Step 5: Adjust SELinux Policies

Allow Nginx to make network connections for the reverse proxy:

sudo setsebool -P httpd_can_network_connect 1

Step 6: Test and Restart Nginx

Check the Nginx configuration:

sudo nginx -t

If the test is successful, restart Nginx:

sudo systemctl restart nginx

Step 7: Configure Firewall

Allow HTTP and HTTPS traffic:

sudo firewall-cmd --permanent --zone=public --add-service=http
sudo firewall-cmd --permanent --zone=public --add-service=https
sudo firewall-cmd --permanent --zone=public --add-port=8006/tcp
sudo firewall-cmd --reload

Step 8: Verify the Setup

Access your subdomain (subdomain.yourdomain.com) from a web browser. It should redirect to the HTTPS version and securely proxy traffic to your Proxmox server.

Conclusion

By following the steps outlined in this guide, you have successfully set up Nginx on Rocky Linux as a reverse proxy for Proxmox. This configuration allows you to securely manage your virtual environments through HTTPS, enhancing the security and accessibility of your Proxmox server. With Nginx handling incoming requests and performing SSL termination, you provide a robust gateway for managing your virtual machines and containers efficiently. Remember to regularly update your system and Nginx configurations to maintain security and performance. If any changes occur in your network or server architecture, adjust your Nginx configuration accordingly to ensure continuous, secure, and reliable service.

Feedback and Questions

We’d love to hear your feedback on this tutorial! If you have any questions or suggestions for improvement, please don’t hesitate to reach out. You can leave a comment below, or you can contact us through the following channels:

  1. Email: shady@shadynagy.com
  2. Twitter: @ShadyNagy_
  3. LinkedIn: Shady Nagy
  4. GitHub: ShadyNagy

If you found this guide beneficial, don’t hesitate to share it with your network. Until the next guide, happy coding!


Tags

#Linux#Centos#Centos 8#Rocky 8#nginx#proxmox

Share


Previous Article
Managing Multiple Angular Projects with Different Versions on a Single Machine
Shady Nagy

Shady Nagy

Software Innovation Architect

Topics

AI
Angular
dotnet
GatsbyJS
Github
Linux
MS SQL
Oracle

Related Posts

Allowing Nginx to Connect to the Network on Rocky Linux 9
Allowing Nginx to Connect to the Network on Rocky Linux 9
June 07, 2024
2 min

Quick Links

Contact Us

Social Media