Has anyone gotten a working nginx reverse proxy working for vcenter 7.0??
I am having the hardest time ever getting the sso portion of the login working.
I am able to use nginx to make public.vcenter.com/ui/ as internal.vcenter.com/ui/, which loads internal.vcenter.com/websso/SAML2/.../.... , once I log in with the sso, it spits me back out to public.vcenter.com/ui/.../...
The issue with this is I want to put a firewall on vcenter so that only the public.vcenter.com host is able to load internal.vcenter.com. So with the above workflow, when it redirects to websso, it would 404.
Ideally i want this workflow.
public.vcenter.com/ui/ -> public.vcenter.com/websso/SAML2/.../.... -> public.vcenter.com/ui/.../...

I googled every single thing online for the topic and the below is the best i came up with. Any help will be dearly appreciated!

server {
listen 9011 ssl http2;
server_name public.vcenter.net;
ssl_certificate /usr/home/user/certificate.pem;
ssl_certificate_key /usr/home/user/certificate.pem;
#rewrite ^/$ /ui permanent;
location / {
proxy_set_header Host "internal.vcenter.net";
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off;
proxy_pass https://internal.vcenter.net;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0; proxy_read_timeout 36000s;
proxy_set_header Origin "https://internal.vcenter.net";
proxy_redirect https://internal.vcenter.net/ https://public.vcenter.net/;
}
location /websso/SAML2 {
sub_filter "internal.vcenter.net" "public.vcenter.net";
proxy_set_header Host "internal.vcenter.net";
proxy_set_header X-Real-IP $remote_addr;
proxy_ssl_verify off;
proxy_pass https://internal.vcenter.net;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_read_timeout 36000s;
proxy_ssl_session_reuse on;
proxy_redirect https://internal.vcenter.net/ https://public.vcenter.net/;
}
}