Nginx ProxMox Proxy using Letsencrypt SSL cert
Linux | nginx | Virtualization
Why use a nginx proxmox proxy using letsencrypt ssl?
1st: why not? 2nd: Load balancing! Nginx is built to handle many concurrent connections at the same time from multitude of clients. This makes it ideal for being the point-of-contact for said clients. The server can pass requests to any number of backend servers to handle the bulk of the work, which spreads the load across your infrastructure. This design also provides you with flexibility in easily adding backend servers or taking them down as needed for maintenance. 3rd: Security! Many times Nginx can be secured to not allow access to certain parts of the underlying application so life doesnt throw you a curveball at 3AM on December 24thremove default nginx configapt-get install nginx-light
add new nginx config copying the code belowrm /etc/nginx/sites-enabled/default
add the folllowing in therenano /etc/nginx/sites-enabled/default
install gitupstream proxmox { server "proxmoxdomain.com"; } server { listen 80 default_server; location ~ /.well-known { root "/var/www/html"; allow all; } rewrite ^(.*) https://$host$1 permanent; } server { listen 443; server_name _; ssl on; ssl_certificate /etc/letsencrypt/live/proxmoxdomain.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/proxmoxdomain.com/privkey.pem; include ssl-params.conf; proxy_redirect off; location ~ /.well-known { root "/var/www/html"; allow all; } location / { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass https://localhost:8006; proxy_buffering off; client_max_body_size 0; proxy_connect_timeout 3600s; proxy_read_timeout 3600s; proxy_send_timeout 3600s; send_timeout 3600s; } }
grab a copy of letsencrypt clientapt-get -y install git
get the certsgit clone https://github.com/letsencrypt/letsencrypt /opt/letsencrypt
specify your email when asked, this is only to retrieve lost certs. Agree to the TOS. you will get 4 files from this:cd /opt/letsencrypt ./letsencrypt-auto certonly -a webroot --webroot-path=/var/www/html -d proxmoxdomain.com
- cert.pem: Your domain’s certificate
- chain.pem: The Let’s Encrypt chain certificate
- fullchain.pem:
cert.pem
andchain.pem
combined - privkey.pem: Your certificate’s private key
- /etc/letsencrypt/live/proxmoddomain.com
orservice nginx restart
systemctl restart nginx