Proxmox: Настраиваем Nginx в роли Reverse Proxy

Настройка Nginx в роли Reverse Proxy не сложна, но если не знать некоторых особенностей то не будут работать консоль и загрузка iso-файлов. Ниже пример готового конфига.

server {
    listen 80;
    server_name pve.you-domain.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl http2;
    server_name pve.you-domain.com;
    ssl on;
    ssl_certificate /etc/nginx/certs/*.you-domain.com/fullchain;
    ssl_certificate_key /etc/nginx/certs/*.you-domain.com/key;

    add_header Allow "GET, POST, HEAD, PUT, DELETE" always;
    if ($request_method !~ ^(GET|POST|HEAD|PUT|DELETE)$) {
        return 405;
    }

    location / {
        proxy_pass https://10.10.10.5:8006;

        # Disable buffering to serve data immediately to clients.
        # Increase timeouts from default 60 seconds to 5 minutes for the console not to close when no data is transferred.
        # Additionally the max_body_size was increased to 5 GB to allow uploads of huge ISOs via the Web UI.
        proxy_buffering off;
        proxy_buffer_size 4k;
        client_max_body_size 5g;
        proxy_connect_timeout 300s;
        proxy_read_timeout 300s;
        proxy_send_timeout 300s;
        send_timeout 300s;

        # Enable proxy websockets for the noVNC console to work
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        # Standard proxying headers
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      
        # SSL proxying headers
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Ssl on;
    }
}