VMware Cloud director Version Prior to 10.4
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream vcdappserver {
server vcd.example.com:8443; # appserver_ip:ws_port
}
server {
listen 443 ssl;
server_name vcd.example.com 111.222.111.222;
ssl_certificate "/etc/nginx/ssl/star.crt";
ssl_certificate_key "/etc/nginx/ssl/star.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 30m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
access_log /var/log/nginx/https.access.log ;
error_page 404 /404.html;
error_page 403 /404.html;
location = /404.html {
root /var/www/html;
allow all;
}
location ~ /provider/* {
allow 192.168.162.0/24;
allow 192.168.252.0/24;
deny all;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_pass https://vcd.example.com;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_redirect https://vcd.example.com https://$host ;
proxy_max_temp_file_size 0;
}
location ~ /* {
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_pass https://vcd.example.com;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_redirect https://vcd.example.com https://$host ;
proxy_max_temp_file_size 0;
}
}
server {
listen 8443 ssl ;
server_name vcd.example.com 111.222.111.222;
ssl_certificate "/etc/nginx/ssl/star.crt";
ssl_certificate_key "/etc/nginx/ssl/star.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 30m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
access_log /var/log/nginx/https.access.log ;
location ~ /* {
proxy_pass https://vcdappserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_max_temp_file_size 0;
}
}
Also configuration for /provider is allowed only by IP so pay attention to adjust those IP as needed.
location ~ /provider/* {
allow 192.168.162.0/24;
allow 192.168.252.0/24;
VMware Cloud director Version 10.4
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream vcdappserver {
server vcd.example.com:443;
}
server {
listen 443 ssl;
server_name vcd.example.com 111.222.111.222;
ssl_certificate "/etc/nginx/ssl/star.crt";
ssl_certificate_key "/etc/nginx/ssl/star.key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 30m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
access_log /var/log/nginx/https.access.log ;
error_page 404 /404.html;
error_page 403 /404.html;
location = /404.html {
root /var/www/html;
allow all;
}
location ~ ^\/443\;* {
proxy_pass https://vcdappserver;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_max_temp_file_size 0;
}
location ~ /provider/* {
allow 192.168.162.0/24;
allow 192.168.252.0/24;
deny all;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_pass https://vcd.example.com;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_redirect https://vcd.example.com https://$host ;
proxy_max_temp_file_size 0;
}
location ~ /* {
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_pass https://vcd.example.com;
proxy_read_timeout 90;
proxy_http_version 1.1;
proxy_redirect https://vcd.example.com https://$host ;
proxy_max_temp_file_size 0;
}
}