[PVE-User] PVE behind reverse proxy: different webroot possible?

Uwe Sauter uwe.sauter.de at gmail.com
Tue May 9 11:32:21 CEST 2017 

Hi Thomas,

thank you for the effort of explaining.

> 
> Hmm, there are some problems as we mostly set absolute paths on resources (images, JS and CSS files)
> so the loading fails...
> I.e., pve does not knows that it is accessed from https://example.com/pve-node/ and tries to load the resources from the absolute
> path /pve/foo.js
> but then https://example.com/pve/foo.js results in a 404/501 error.
> Same happens for api calls, AFAIK.
> Normally some webapps allow to set a "ROOT_URL" config entry, where the access URL can be set.
> As there are many places where this would need to be changed it is not just a quick fix, though.
> 

I was afraid of exactly this situation (as I was bitten by that on some other web app as well).


> But you could work with sub-domains and achieve the same, e.g. a rever proxy entry for:
> https://pve-node.example.com
> should work.

Sub-domains unfortunately are not an option in my case.


> 
> AFAICT, the "upstream" config entry described in the wiki is not really needed. Also the redirect from port 80 HTTP to 443 HTTPS
> is just convenience.
> 
> I'll update the wiki article a bit :)
>> Also is it possible to make a whole PVE cluster available behind a rev proxy using [2]?
> 
> How do you mean that? It should be possible to add multiple redirects for multiple nodes so it should work.

I was thinking of having only one ROOT_URL and nginx would then distribute the load (*) to the several PVE hosts, as is described.
in [1]. I assume that session persistence is needed for the web GUI to work correctly, hence the "ip_hash" parameter that would
redirect requests always to the same server (as long as this server is available).

So if I would access https://example.org/pve from client A, I would always access server X while client B would always access
server Y (as long as X or Y can be reached).

Regards,

	Uwe

(*) load here being meant as redundant access, not as high number of requests
[1] http://nginx.org/en/docs/http/load_balancing.html#nginx_load_balancing_with_ip_hash

> 
> cheers,
> Thomas
>

More information about the pve-user mailing list