Welcome! Log In Create A New Profile

Advanced

vCenter behind Nginx v1.14

Posted by chauhuuphat 
vCenter behind Nginx v1.14
March 12, 2021 03:27AM
Hi Folks

I created Revere Proxy Nginx in front of vCenter 7.0. But vCenter users can see some information sensitive such as: Administration, Roles and Global Permission,.... but we don't that.
In this case, i rewrite URL to /ui, it will work if we put URLs to URL Bar and will return to /ui. But if users click to item in web the rewrite rules will not working.
That's my nginx config file
server {
listen 80;

## Change values to fix your environment. ##
server_name vmware-portal.example.net;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;

## Change values to fix your environment. ##
## TODO support multiple vCenter
ssl_certificate /etc/ssl/vcenter/bundle.pem;
ssl_certificate_key /etc/ssl/vcenter/higio.net.key;
set $vcenter https://vcenter.phat.net;

# Change vcenter-hostname to your actual vcenter hostname.
server_name vmware-portal.example.net;
access_log /var/log/nginx/vcenter-access.log;
error_log /var/log/nginx/vcenter-error.log warn;

location / {
## Change values to fix your environment. ##
proxy_pass https://100.100.100.100; # VCSA IP Address

# Fixed value
proxy_set_header Host "vcenter.phat.net";
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Authorization "";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect $vcenter/ https://$server_name/;
rewrite ^/ui/data/propertiesWithParameters/urn:vmomi:ClusterComputeResource:domain-c1006:2ce913cc-b93c-4ff6-8258-d7b8088cde6a$ /ui redirect;
rewrite ^/ui/data/propertiesWithParameters/urn:vmomi:Folder:group-d1:2ce913cc-b93c-4ff6-8258-d7b8088cde6a$ /ui redirect;
rewrite ^/ui/data/propertiesWithParameters/urn:vmomi:Datacenter:datacenter-1001:2ce913cc-b93c-4ff6-8258-d7b8088cde6a$ /ui redirect;
## Protect Host ###
rewrite ^/ui/data/properties/urn:vmomi:HostSystem:host-1032:2ce913cc-b93c-4ff6-8258-d7b8088cde6a$ /ui permanent;
### Protect Administration ###
rewrite ^/ui/data/properties/urn:vri:acl:RootPermissionNode:936e9aec-3c69-4c06-b8e1-bdbe63c7c05c$ /ui permanent;
rewrite ^/ui/navigator/navigate/vsphere.core.administration.roleView?(.*)$ /ui permanent;
rewrite ^/ui/app/admin/(.*)$ /ui permanent;
###Protect Developer Center###
rewrite ^/ui/navigator/navigate/com.vmware.vsphere.client.h5.devcenter.overview(.*)$ /ui permanent;
rewrite ^/ui/extensions/com.vmware.vsphere.client.h5.devcenter.plugin-views(.*)$ /ui permanent;
rewrite ^/ui/navigator/navigate/com.vmware.vsphere.client.h5.codecapture.navigatorView(.*)$ /ui permanent;
rewrite ^//ui/navigator/navigate/com.vmware.vsphere.client.h5.devcenter.apiexplorer(.*)$ /ui permanent;
###Protect vRealize Ops###
rewrite ^/ui/navigation/leaf/com.vmware.vropspluginui.mainView$ /ui permanent;
rewrite ^/ui/app/plugin/com.vmware.vrops.install/com.vmware.vropspluginui.mainView$ /ui permanent;
### ShotCut ###
rewrite ^/ui/extensions/vise.home.shortcuts$ /ui permanent;
rewrite ^/ui/extensions/vsphere.core.controlcenter.shortcutCategories$ /ui permanent;
rewrite ^/ui/navigator/navigate/vsphere.core.controlcenter.domainView$ /ui permanent;
}


location /websso/SAML2 {

## Change values to fix your environment. ##
proxy_set_header Host vcenter.phat.net; # your actual vcenter's hostname
proxy_pass https://100.100.100.100; # VCSA IP Address

# Fixed value
sub_filter "vcenter.phat.net" "vmware-portal.example.net";
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_redirect $vcenter/ https://$server_name/;
}
location ~^/sdk {
deny all;
}
}
Re: vCenter behind Nginx v1.14
May 20, 2021 08:59AM
Hello,
using vCenter 6.7, i have to add an exception for the "data page"
for example, for vRealize :
###Protect vRealize Ops###
rewrite ^/ui/navigation/leaf/com.vmware.vropspluginui.mainView$ /ui permanent;
rewrite ^/ui/app/plugin/com.vmware.vrops.install/com.vmware.vropspluginui.mainView$ /ui permanent;;
rewrite ^/ui/navigation/data/com.vmware.vropspluginui.mainView /ui permanent;
and for administration :

###administration area###
rewrite ^/ui/navigator/navigate/vsphere.core.administration.?(.*)$ /ui permanent;
rewrite ^/ui/navigation/data/vsphere.core.administration.?(.*)$ /ui permanent;
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 62
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready