starred/nginx-proxy-manager-NginxProxyManager
1
0
Fork 0
mirror of https://github.com/NginxProxyManager/nginx-proxy-manager.git synced 2026-04-25 09:25:55 +03:00
Code Issues 937 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #484] Question: Forward to two Ports for the same Hostname? #410

New issue
Closed
opened 2026-02-26 06:32:45 +03:00 by kerem · 12 comments
kerem commented 2026-02-26 06:32:45 +03:00
Owner
Copy link

Originally created by @redtripleAAA on GitHub (Jul 2, 2020).
Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/484

What is troubling you?
Is it possible to forward to two Ports for the same Hostname?

Screenshot:
One port - one hostname

I am trying to use the proxy in front of ESXI server.
It works fine when uses (443) as the screenshot above, however when I connect to a virtual machine, it fails, which I assume because it's looking for the second port (902)

KB from VMWare:
https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.upgrade.doc/GUID-5071C86E-FF1E-4E54-A424-A20917401160.html

error missing port 902

Note: everything works fine when I bypass the Proxy Manager, and connect directly to the internet or locally.

Please advise.

Originally created by @redtripleAAA on GitHub (Jul 2, 2020). Original GitHub issue: https://github.com/NginxProxyManager/nginx-proxy-manager/issues/484 **What is troubling you?** Is it possible to forward to two Ports for the same Hostname? Screenshot: ![One port - one hostname](https://user-images.githubusercontent.com/5244872/86310314-bcf36d80-bbeb-11ea-8f0d-ab99eba6fc98.PNG) I am trying to use the proxy in front of ESXI server. It works fine when uses (**443**) as the screenshot above, however when I connect to a virtual machine, it fails, which I assume because it's looking for the second port (**902**) KB from VMWare: [https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.upgrade.doc/GUID-5071C86E-FF1E-4E54-A424-A20917401160.html](url) ![error missing port 902](https://user-images.githubusercontent.com/5244872/86310738-c204ec80-bbec-11ea-8c63-676bd05b24b1.PNG) Note: everything works fine when I bypass the Proxy Manager, and connect directly to the internet or locally. Please advise.
kerem 2026-02-26 06:32:45 +03:00
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@ajagnanan commented on GitHub (Jan 21, 2021):

would like to know this too

<!-- gh-comment-id:764350260 --> @ajagnanan commented on GitHub (Jan 21, 2021): would like to know this too
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@sysadmininator commented on GitHub (Feb 7, 2021):

I have the web console and vmrc working through a different nginx reverse proxy container/project (which I believe is a little more vanilla) using some config files I found on a vmware forum a while back. The important bits seem to be adding the below code to your nginx.conf file:

#vmrc passthru

stream {

        upstream bninetwo {
                server sub.yourdomain.com:902;
        }

        upstream bninethree {
                server sub.yourdomain.com:903;
        }

        #upstream bfourtwoseven {
        #       server [internal IP of your ESXi host]:427;
        #}

        server {
                listen 902;
                proxy_pass bninetwo;
        }

        server {
                listen 902 udp;
                proxy_pass bninetwo;
        }

        server {
                listen 903;
                proxy_pass bninethree;
        }
        #server {
        #       listen 427 udp;
        #       proxy_pass bfourtwoseven;
        #}
}

As you can see I have things for 427 commented out. I wish I could tell you why exactly. Perhaps I was never able to get it to work, or it's not important to my setup, or both.

A couple of things about my environment: 1) I'm connecting to a vCenter server, not an individual host, and 2) I installed my vCenter deployment to use an IP address and not an fqdn internally.

I've only recently started to poke at this project and move my sites over, so I'm not exactly sure where this custom config would go (in the UI, obviously it can go into the nginx.conf file... I'm just not sure if that messes with any automations/checks this project employs). I assumed it would fall under the Advanced > Custom Nginx Configuration section for your host. However in my quick testing, it looks like applying the snippet above causes a failure where the "'stream' directive is not allowed here". I'm sure there's a proper method of modifying the nginx.conf file within the confines of this project, but I haven't gone searching for that quite yet. Regardless, I hope the configs above help!

<!-- gh-comment-id:774577272 --> @sysadmininator commented on GitHub (Feb 7, 2021): I have the web console and vmrc working through a different nginx reverse proxy container/project (which I believe is a little more vanilla) using some config files I found on a vmware forum a while back. The important bits seem to be adding the below code to your nginx.conf file: ``` #vmrc passthru stream { upstream bninetwo { server sub.yourdomain.com:902; } upstream bninethree { server sub.yourdomain.com:903; } #upstream bfourtwoseven { # server [internal IP of your ESXi host]:427; #} server { listen 902; proxy_pass bninetwo; } server { listen 902 udp; proxy_pass bninetwo; } server { listen 903; proxy_pass bninethree; } #server { # listen 427 udp; # proxy_pass bfourtwoseven; #} } ``` As you can see I have things for 427 commented out. I wish I could tell you why exactly. Perhaps I was never able to get it to work, or it's not important to my setup, or both. A couple of things about my environment: 1) I'm connecting to a vCenter server, not an individual host, and 2) I installed my vCenter deployment to use an IP address and not an fqdn internally. I've only recently started to poke at this project and move my sites over, so I'm not exactly sure where this custom config would go (in the UI, obviously it can go into the nginx.conf file... I'm just not sure if that messes with any automations/checks this project employs). I assumed it would fall under the Advanced > Custom Nginx Configuration section for your host. However in my quick testing, it looks like applying the snippet above causes a failure where the "'stream' directive is not allowed here". I'm sure there's a proper method of modifying the nginx.conf file within the confines of this project, but I haven't gone searching for that quite yet. Regardless, I hope the configs above help!
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@binarymime commented on GitHub (Jun 2, 2021):

Any further updates on this. Thsi also affects uploading files to the esxi data store. Pasting the above code into the Advanced page of the Proxy host services puts the server offline. Is there a way to add the custom config via the GUI.

Thanks

<!-- gh-comment-id:853262357 --> @binarymime commented on GitHub (Jun 2, 2021): Any further updates on this. Thsi also affects uploading files to the esxi data store. Pasting the above code into the Advanced page of the Proxy host services puts the server offline. Is there a way to add the custom config via the GUI. Thanks
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@binarymime commented on GitHub (Jun 2, 2021):

Quick update. I was able to get the above working by adding the following code snippet, add this to the Custom Nginx Configuration code window in the Advanced tab of the Proxy Host:

I'm sure this goes without saying but replace <HostIP> with the IP of your Proxy Host

location /sdk/ {
     proxy_pass https://<HostIP>/sdk/;
     proxy_redirect default;
}

location /ticket/ {
     proxy_pass https://<HostIP>/ticket/;
     proxy_redirect default;
     proxy_http_version 1.1;
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header Upgrade $http_upgrade;
     proxy_set_header Connection $http_connection;
}

location /screen {
    proxy_pass https://<HostIP>/screen;
    proxy_redirect default;
<!-- gh-comment-id:853346940 --> @binarymime commented on GitHub (Jun 2, 2021): Quick update. I was able to get the above working by adding the following code snippet, add this to the **Custom Nginx Configuration** code window in the **Advanced** tab of the Proxy Host: I'm sure this goes without saying but replace `<HostIP>` with the IP of your Proxy Host ```nginx location /sdk/ { proxy_pass https://<HostIP>/sdk/; proxy_redirect default; } location /ticket/ { proxy_pass https://<HostIP>/ticket/; proxy_redirect default; proxy_http_version 1.1; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; } location /screen { proxy_pass https://<HostIP>/screen; proxy_redirect default; ```
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@sysadmininator commented on GitHub (Jul 31, 2021):

Can confirm that the configs from @binarymime do the trick.

If anyone else continues to have issues with their setup, I will note that these settings didn't initially work for me. My vCenter appliance (v6.7) had been deployed with a static IP and the hostname was left at the default photon-machine. I had to change hostname in the VAMI console to use the fqdn (same as the proxy host/cert address). I had even tried adding some other locations such as /ui, /websso, but no matter what I would get redirected to the internal IP address somewhere between /ui and /websso (which would break completely externally and cause an incorrect redirect internally). Anyway, once the hostname was updated it was pretty smooth sailing from there. Thanks again to @binarymime !

<!-- gh-comment-id:890411569 --> @sysadmininator commented on GitHub (Jul 31, 2021): Can confirm that the configs from @binarymime do the trick. If anyone else continues to have issues with their setup, I will note that these settings didn't initially work for me. My vCenter appliance (v6.7) had been deployed with a static IP and the hostname was left at the default `photon-machine`. I had to change hostname in the VAMI console to use the fqdn (same as the proxy host/cert address). I had even tried adding some other locations such as `/ui`, `/websso`, but no matter what I would get redirected to the internal IP address somewhere between /ui and /websso (which would break completely externally and cause an incorrect redirect internally). Anyway, once the hostname was updated it was pretty smooth sailing from there. Thanks again to @binarymime !
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@Oninaig commented on GitHub (Mar 13, 2023):

I have the web console and vmrc working through a different nginx reverse proxy container/project (which I believe is a little more vanilla) using some config files I found on a vmware forum a while back. The important bits seem to be adding the below code to your nginx.conf file:

#vmrc passthru

stream {

        upstream bninetwo {
                server sub.yourdomain.com:902;
        }

        upstream bninethree {
                server sub.yourdomain.com:903;
        }

        #upstream bfourtwoseven {
        #       server [internal IP of your ESXi host]:427;
        #}

        server {
                listen 902;
                proxy_pass bninetwo;
        }

        server {
                listen 902 udp;
                proxy_pass bninetwo;
        }

        server {
                listen 903;
                proxy_pass bninethree;
        }
        #server {
        #       listen 427 udp;
        #       proxy_pass bfourtwoseven;
        #}
}

As you can see I have things for 427 commented out. I wish I could tell you why exactly. Perhaps I was never able to get it to work, or it's not important to my setup, or both.

A couple of things about my environment: 1) I'm connecting to a vCenter server, not an individual host, and 2) I installed my vCenter deployment to use an IP address and not an fqdn internally.

I've only recently started to poke at this project and move my sites over, so I'm not exactly sure where this custom config would go (in the UI, obviously it can go into the nginx.conf file... I'm just not sure if that messes with any automations/checks this project employs). I assumed it would fall under the Advanced > Custom Nginx Configuration section for your host. However in my quick testing, it looks like applying the snippet above causes a failure where the "'stream' directive is not allowed here". I'm sure there's a proper method of modifying the nginx.conf file within the confines of this project, but I haven't gone searching for that quite yet. Regardless, I hope the configs above help!

I know this is SUPER old but I am running into the same issue where I can view the web console just fine in ESXI and I have the exact config that you posted in my nginx.conf but if I try to run VMRC I get "could not negotiate SSL" and the VMRC logs contain:

2023-03-13T16:50:09.725Z| mks| W003: SSL: Unknown SSL Error
2023-03-13T16:50:09.725Z| mks| I005: SSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed
2023-03-13T16:50:09.725Z| mks| W003: SOCKET 2 (1756) Could not negotiate SSL
2023-03-13T16:50:09.725Z| mks| W003+ The remote host certificate has these problems:
2023-03-13T16:50:09.725Z| mks| W003+ 
2023-03-13T16:50:09.725Z| mks| W003+ * unable to get local issuer certificate
2023-03-13T16:50:09.725Z| mks| W003: SOCKET 2 (1756) Expected thumbprint doesn't match actual thumbprint.
2023-03-13T16:50:09.725Z| mks| W003: Expected thumbprint is: FA:D6:05:91:B8:C6:F5:98:9D:73:27:89:A9:0B:70:B3:FF:A3:BC:7B
2023-03-13T16:50:09.725Z| mks| W003+   Actual thumbprint is: A1:3B:BD:54:2C:9A:92:42:E3:CF:B1:5B:48:C7:D4:86:D4:9E:BC:B3
2023-03-13T16:50:09.725Z| mks| W003: SOCKET 2 (1756) Cannot verify target host.
2023-03-13T16:50:09.725Z| mks| W003: MVNCClient: received socket error 13: Connection error: could not negotiate SSL
2023-03-13T16:50:09.725Z| mks| I005: MVNCClient: Setting vncClient.mksConnectionError, previous error is 0, new error is 1
2023-03-13T16:50:09.725Z| mks| I005: MVNCClient: Destroying VNC Client socket.

Meanwhile the access error logs for the proxy don't report anything wrong other than some caching warnings:

2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/5/01/0000000015 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/6/01/0000000016 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/styles/main.css HTTP/2.0", upstream: "https://192.168.1.41:443/ui/styles/main.css", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/7/01/0000000017 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/es6-shim/es6-shim.min.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/es6-shim/es6-shim.min.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/8/01/0000000018 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/requirejs/require.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/requirejs/require.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/9/01/0000000019 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/scripts/main.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/scripts/main.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:49:23 [warn] 328#328: *8 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:49:23 [warn] 328#328: *8 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/requirejs/require.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/requirejs/require.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:49:23 [warn] 328#328: *8 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/3/00/0000000003 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/scripts/main.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/scripts/main.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:49:25 [warn] 328#328: *109 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/4/00/0000000004 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /sdk/vim.wsdl HTTP/2.0", upstream: "https://192.168.1.41:443/sdk/vim.wsdl", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:49:25 [warn] 328#328: *109 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/5/00/0000000005 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /sdk/vim-types.xsd HTTP/2.0", upstream: "https://192.168.1.41:443/sdk/vim-types.xsd", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:50:04 [warn] 327#327: *212 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/6/00/0000000006 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk/ HTTP/2.0", upstream: "https://192.168.1.41:443/sdk/", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/"
2023/03/13 16:50:09 [warn] 328#328: *305 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/7/00/0000000007 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io"
2023/03/13 16:50:09 [warn] 327#327: *311 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/8/00/0000000008 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io"
2023/03/13 16:50:09 [warn] 327#327: *310 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/9/00/0000000009 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io"
2023/03/13 16:50:09 [warn] 327#327: *310 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/0/01/0000000010 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io"

Are you still able to access your VMs via VMRC and if so did you have to import your letsencrypt cert that you can download from NRPM into the esxi web interface? I tried that as well and whenever I swapped the default certs for the ones provided by LE via NRPM I would be unable to access the web interface anymore.

<!-- gh-comment-id:1466523075 --> @Oninaig commented on GitHub (Mar 13, 2023): > I have the web console and vmrc working through a different nginx reverse proxy container/project (which I believe is a little more vanilla) using some config files I found on a vmware forum a while back. The important bits seem to be adding the below code to your nginx.conf file: > > ``` > #vmrc passthru > > stream { > > upstream bninetwo { > server sub.yourdomain.com:902; > } > > upstream bninethree { > server sub.yourdomain.com:903; > } > > #upstream bfourtwoseven { > # server [internal IP of your ESXi host]:427; > #} > > server { > listen 902; > proxy_pass bninetwo; > } > > server { > listen 902 udp; > proxy_pass bninetwo; > } > > server { > listen 903; > proxy_pass bninethree; > } > #server { > # listen 427 udp; > # proxy_pass bfourtwoseven; > #} > } > ``` > > As you can see I have things for 427 commented out. I wish I could tell you why exactly. Perhaps I was never able to get it to work, or it's not important to my setup, or both. > > A couple of things about my environment: 1) I'm connecting to a vCenter server, not an individual host, and 2) I installed my vCenter deployment to use an IP address and not an fqdn internally. > > I've only recently started to poke at this project and move my sites over, so I'm not exactly sure where this custom config would go (in the UI, obviously it can go into the nginx.conf file... I'm just not sure if that messes with any automations/checks this project employs). I assumed it would fall under the Advanced > Custom Nginx Configuration section for your host. However in my quick testing, it looks like applying the snippet above causes a failure where the "'stream' directive is not allowed here". I'm sure there's a proper method of modifying the nginx.conf file within the confines of this project, but I haven't gone searching for that quite yet. Regardless, I hope the configs above help! I know this is SUPER old but I am running into the same issue where I can view the web console just fine in ESXI and I have the exact config that you posted in my nginx.conf but if I try to run VMRC I get "could not negotiate SSL" and the VMRC logs contain: ``` 2023-03-13T16:50:09.725Z| mks| W003: SSL: Unknown SSL Error 2023-03-13T16:50:09.725Z| mks| I005: SSL Error: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed 2023-03-13T16:50:09.725Z| mks| W003: SOCKET 2 (1756) Could not negotiate SSL 2023-03-13T16:50:09.725Z| mks| W003+ The remote host certificate has these problems: 2023-03-13T16:50:09.725Z| mks| W003+ 2023-03-13T16:50:09.725Z| mks| W003+ * unable to get local issuer certificate 2023-03-13T16:50:09.725Z| mks| W003: SOCKET 2 (1756) Expected thumbprint doesn't match actual thumbprint. 2023-03-13T16:50:09.725Z| mks| W003: Expected thumbprint is: FA:D6:05:91:B8:C6:F5:98:9D:73:27:89:A9:0B:70:B3:FF:A3:BC:7B 2023-03-13T16:50:09.725Z| mks| W003+ Actual thumbprint is: A1:3B:BD:54:2C:9A:92:42:E3:CF:B1:5B:48:C7:D4:86:D4:9E:BC:B3 2023-03-13T16:50:09.725Z| mks| W003: SOCKET 2 (1756) Cannot verify target host. 2023-03-13T16:50:09.725Z| mks| W003: MVNCClient: received socket error 13: Connection error: could not negotiate SSL 2023-03-13T16:50:09.725Z| mks| I005: MVNCClient: Setting vncClient.mksConnectionError, previous error is 0, new error is 1 2023-03-13T16:50:09.725Z| mks| I005: MVNCClient: Destroying VNC Client socket. ``` Meanwhile the access error logs for the proxy don't report anything wrong other than some caching warnings: ``` 2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/5/01/0000000015 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/6/01/0000000016 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/styles/main.css HTTP/2.0", upstream: "https://192.168.1.41:443/ui/styles/main.css", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/7/01/0000000017 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/es6-shim/es6-shim.min.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/es6-shim/es6-shim.min.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/8/01/0000000018 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/requirejs/require.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/requirejs/require.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:46:55 [warn] 342#342: *50264 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/9/01/0000000019 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/scripts/main.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/scripts/main.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:49:23 [warn] 328#328: *8 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/1/00/0000000001 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/vui-bootstrap/css/vui-bootstrap.min.css", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:49:23 [warn] 328#328: *8 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/2/00/0000000002 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/bower_components/requirejs/require.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/bower_components/requirejs/require.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:49:23 [warn] 328#328: *8 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/3/00/0000000003 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /ui/scripts/main.js HTTP/2.0", upstream: "https://192.168.1.41:443/ui/scripts/main.js", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:49:25 [warn] 328#328: *109 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/4/00/0000000004 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /sdk/vim.wsdl HTTP/2.0", upstream: "https://192.168.1.41:443/sdk/vim.wsdl", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:49:25 [warn] 328#328: *109 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/5/00/0000000005 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "GET /sdk/vim-types.xsd HTTP/2.0", upstream: "https://192.168.1.41:443/sdk/vim-types.xsd", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:50:04 [warn] 327#327: *212 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/6/00/0000000006 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk/ HTTP/2.0", upstream: "https://192.168.1.41:443/sdk/", host: "esxi.mydomain.io", referrer: "https://esxi.mydomain.io/ui/" 2023/03/13 16:50:09 [warn] 328#328: *305 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/7/00/0000000007 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io" 2023/03/13 16:50:09 [warn] 327#327: *311 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/8/00/0000000008 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io" 2023/03/13 16:50:09 [warn] 327#327: *310 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/9/00/0000000009 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io" 2023/03/13 16:50:09 [warn] 327#327: *310 an upstream response is buffered to a temporary file /var/cache/nginx/proxy_temp/0/01/0000000010 while reading upstream, client: 192.168.1.96, server: esxi.mydomain.io, request: "POST /sdk HTTP/1.1", upstream: "https://192.168.1.41:443/sdk", host: "esxi.mydomain.io" ``` Are you still able to access your VMs via VMRC and if so did you have to import your letsencrypt cert that you can download *from* NRPM *into* the esxi web interface? I tried that as well and whenever I swapped the default certs for the ones provided by LE via NRPM I would be unable to access the web interface anymore.
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@sysadmininator commented on GitHub (Mar 14, 2023):

I'm sorry to say that I don't use this nginx/proxymgr for vmrc access anymore. Moved away from it about a year ago when my lab developed some other criteria that took me elsewhere.

I do remember parts of the setup though and am almost certain that I never had to copy any LE certs around. I also remember that the conf file didn't change and I took it out of commission right around vCenter 6.7 U2 or U3.

Wish I could be of more help! 🤞🏻 that @binarymime is still roaming the halls and might have something to add. Best of luck either way.

<!-- gh-comment-id:1467331035 --> @sysadmininator commented on GitHub (Mar 14, 2023): I'm sorry to say that I don't use this nginx/proxymgr for vmrc access anymore. Moved away from it about a year ago when my lab developed some other criteria that took me elsewhere. I do remember parts of the setup though and am almost certain that I never had to copy any LE certs around. I also remember that the conf file didn't change and I took it out of commission right around vCenter 6.7 U2 or U3. Wish I could be of more help! 🤞🏻 that @binarymime is still roaming the halls and might have something to add. Best of luck either way.
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@Oninaig commented on GitHub (Mar 14, 2023):

I'm sorry to say that I don't use this nginx/proxymgr for vmrc access anymore. Moved away from it about a year ago when my lab developed some other criteria that took me elsewhere.

I do remember parts of the setup though and am almost certain that I never had to copy any LE certs around. I also remember that the conf file didn't change and I took it out of commission right around vCenter 6.7 U2 or U3.

Wish I could be of more help! 🤞🏻 that @binarymime is still roaming the halls and might have something to add. Best of luck either way.

Thanks for the quick reply anyway, what are you using now? I also tried copying the LE certs from NPM to the ESXI host but that just caused the ESXI host to throw "connection refused" errors when I would try to connect afterwards.

<!-- gh-comment-id:1468091998 --> @Oninaig commented on GitHub (Mar 14, 2023): > I'm sorry to say that I don't use this nginx/proxymgr for vmrc access anymore. Moved away from it about a year ago when my lab developed some other criteria that took me elsewhere. > > I do remember parts of the setup though and am almost certain that I never had to copy any LE certs around. I also remember that the conf file didn't change and I took it out of commission right around vCenter 6.7 U2 or U3. > > Wish I could be of more help! 🤞🏻 that @binarymime is still roaming the halls and might have something to add. Best of luck either way. Thanks for the quick reply anyway, what are you using now? I also tried copying the LE certs from NPM to the ESXI host but that just caused the ESXI host to throw "connection refused" errors when I would try to connect afterwards.
kerem commented 2026-02-26 06:32:45 +03:00
Author
Owner
Copy link

@sysadmininator commented on GitHub (Mar 15, 2023):

Thanks for the quick reply anyway, what are you using now?

A tunneling/access solution from a company that rhymes with Schmoudflare ;). Which actually looks like it has challenges and limitations supporting vmrc as well but because I moved away from my vCenter server altogether I was able to let this one go at the same time.

I also tried copying the LE certs from NPM to the ESXI host but that just caused the ESXI host to throw "connection refused" errors when I would try to connect afterwards.

I noticed that you specified ‘ESXi host’ again in your follow up so I want to make sure I clarify on something else from above. I could be incredibly wrong here, but I have memory of this config not working with ESXi hosts directly. I want to say that the only time I had success with it was with a vCenter server instance (the photon based virtual appliance from VMware if that matters). I hope I’m misremembering this for the sake of your troubleshooting, but if you have a vCenter trial and a little bit of time to burn through it might be worth a spin. And many apologies in advance if that doesn’t pan out to be true.

Edit: I reviewed my comment history above and it seems to agree with my memory that I was running vCenter server at the time. I also want to say that at one point I could tell you why the config worked with vCenter and not a host directly (and that it had something to do with the way the two products serve up their pages/services) but it would honestly be shots in dark based on what is likely now old information anyway.

<!-- gh-comment-id:1469303947 --> @sysadmininator commented on GitHub (Mar 15, 2023): > Thanks for the quick reply anyway, what are you using now? A tunneling/access solution from a company that rhymes with Schmoudflare ;). Which actually looks like it has challenges and limitations supporting vmrc as well but because I moved away from my vCenter server altogether I was able to let this one go at the same time. > I also tried copying the LE certs from NPM to the ESXI host but that just caused the ESXI host to throw "connection refused" errors when I would try to connect afterwards. I noticed that you specified ‘ESXi host’ again in your follow up so I want to make sure I clarify on something else from above. I could be incredibly wrong here, but I have memory of this config not working with ESXi hosts directly. I want to say that the only time I had success with it was with a vCenter server instance (the photon based virtual appliance from VMware if that matters). I hope I’m misremembering this for the sake of your troubleshooting, but if you have a vCenter trial and a little bit of time to burn through it might be worth a spin. And many apologies in advance if that doesn’t pan out to be true. _Edit: I reviewed my comment history above and it seems to agree with my memory that I was running vCenter server at the time. I also want to say that at one point I could tell you why the config worked with vCenter and not a host directly (and that it had something to do with the way the two products serve up their pages/services) but it would honestly be shots in dark based on what is likely now old information anyway._
kerem commented 2026-02-26 06:32:46 +03:00
Author
Owner
Copy link

@Oninaig commented on GitHub (Mar 16, 2023):

Success! I finally figured out what the issue was. After banging my head against the wall because I could not find anyone out there who is trying to do this with ESXI 7.0 without VCenter, I started to dig into the innards of LetsEncrypt and Certbot and the various errors I was getting in my hostd log in ESXI.

It turns out that by default LetsEncrypt will generate certificates with a key type of ECDSA. If you modify your letsencrypt.ini file and change the type back to RSA (what it used to be a long time ago) and generate the cert yourself via the command line within the running NPM container and then copy those certs to your ESXI instance then the cert will work with ESXI and VMRC without issues.

I have not yet attempted this via NPM exclusively (changing the config to use RSA keys and then just using the reverse proxy to pass the SSL connection to ESXI/VMRC). Right now my setup is that every internal service I have running is DNS'd to NPM except for ESXI which has its own DNS entry pointing towards its actual IP address and domain name (which matches the cert).

Posting this here in case anyone else stumbles across this issue.

<!-- gh-comment-id:1471829549 --> @Oninaig commented on GitHub (Mar 16, 2023): Success! I finally figured out what the issue was. After banging my head against the wall because I could not find anyone out there who is trying to do this with ESXI 7.0 _without_ VCenter, I started to dig into the innards of LetsEncrypt and Certbot and the various errors I was getting in my hostd log in ESXI. It turns out that by default LetsEncrypt will generate certificates with a key type of ECDSA. If you modify your letsencrypt.ini file and change the type back to RSA (what it used to be a long time ago) and generate the cert yourself via the command line within the running NPM container and then copy those certs to your ESXI instance then the cert will work with ESXI _**and**_ VMRC without issues. I have not yet attempted this via NPM exclusively (changing the config to use RSA keys and then just using the reverse proxy to pass the SSL connection to ESXI/VMRC). Right now my setup is that every internal service I have running is DNS'd to NPM _**except**_ for ESXI which has its own DNS entry pointing towards its actual IP address and domain name (which matches the cert). Posting this here in case anyone else stumbles across this issue.
kerem commented 2026-02-26 06:32:46 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (Mar 28, 2024):

Issue is now considered stale. If you want to keep it open, please comment 👍

<!-- gh-comment-id:2024254417 --> @github-actions[bot] commented on GitHub (Mar 28, 2024): Issue is now considered stale. If you want to keep it open, please comment :+1:
kerem commented 2026-02-26 06:32:46 +03:00
Author
Owner
Copy link

@github-actions[bot] commented on GitHub (May 7, 2025):

Issue was closed due to inactivity.

<!-- gh-comment-id:2856819717 --> @github-actions[bot] commented on GitHub (May 7, 2025): Issue was closed due to inactivity.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
dependabot/npm_and_yarn/backend/liquidjs-10.25.7
dependabot/npm_and_yarn/frontend/prod-minor-updates-2a16bf3987
dependabot/npm_and_yarn/frontend/dev-patch-updates-754666cf41
dependabot/npm_and_yarn/backend/basic-ftp-5.3.0
dependabot/npm_and_yarn/test/follow-redirects-1.16.0
dependabot/npm_and_yarn/test/axios-1.15.0
dependabot/npm_and_yarn/frontend/lodash-4.18.1
dependabot/npm_and_yarn/backend/lodash-4.18.1
dependabot/npm_and_yarn/test/lodash-4.18.1
dependabot/npm_and_yarn/frontend/vite-7.3.2
dependabot/npm_and_yarn/backend/prod-minor-updates-5ec19a7f21
dependabot/npm_and_yarn/frontend/lodash-es-4.18.1
dependabot/npm_and_yarn/frontend/happy-dom-20.8.9
dependabot/npm_and_yarn/backend/path-to-regexp-8.4.0
dependabot/npm_and_yarn/frontend/picomatch-4.0.4
dependabot/npm_and_yarn/backend/picomatch-2.3.2
dependabot/npm_and_yarn/frontend/yaml-1.10.3
dependabot/npm_and_yarn/test/flatted-3.4.2
dependabot/npm_and_yarn/test/tar-7.5.11
dependabot/npm_and_yarn/frontend/immutable-5.1.5
master
dependabot/npm_and_yarn/test/glob-10.5.0
dependabot/npm_and_yarn/frontend/mdast-util-to-hast-13.2.1
dependabot/npm_and_yarn/test/form-data-4.0.4
v3-abandoned
bump-freedns
openidc
ssl-passthrough-hosts
static-content
v2.14.0
v2.13.7
v2.13.6
v2.13.5
v2.13.4
v2.13.3
v2.13.2
v2.13.1
v2.13.0
v2.12.6
v2.12.5
v2.12.4
v2.12.3
v2.12.2
v2.12.1
v2.12.0
v2.11.3
v2.11.2
v2.11.1
v2.11.0
v2.10.4
v2.10.3
v2.10.2
v2.10.1
v2.10.0
v2.9.22
v2.9.21
v2.9.20
v2.9.19
v2.9.18
v2.9.17
v2.9.16
v2.9.15
v2.9.14
v2.9.13
v2.9.12
v2.9.11
v2.9.10
v2.9.9
v2.9.8
v2.9.7
v2.9.6
v2.9.5
v2.9.4
v2.9.3
v2.9.2
v2.9.1
v2.9.0
v2.8.1
v2.8.0
v2.7.3
v2.7.2
v2.7.1
v2.7.0
v2.6.2
v2.6.1
v2.6.0
v2.5.0
v2.4.0
v2.3.1
v2.3.0
v2.2.4
v2.2.3
v2.2.2
v2.2.1
v2.2.0
v2.1.2
v2.1.1
v2.1.0
2.0.14
2.0.13
2.0.12
2.0.11
2.0.10
2.0.9
2.0.8
2.0.7
2.0.6
2.0.5
2.0.4
2.0.3
2.0.2
2.0.0
v2.0.0
1.1.2
1.1.1
1.0.1
Labels
Clear labels   
awaiting feedback

   
bug

   
cannot reproduce

   
dns provider request

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
good first issue

   
help wanted

   
invalid

   
need more info

   
no certbot plugin available

   
product-support

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
stale

   
troll

   
upstream issue

   
v2

   
v2

   
v2

   
v3

   
wontfix
No labels
awaiting feedback
bug
cannot reproduce
dns provider request
duplicate
enhancement
enhancement
enhancement
good first issue
help wanted
invalid
need more info
no certbot plugin available
product-support
pull-request
question
stale
troll
upstream issue
v2
v2
v2
v3
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/nginx-proxy-manager-NginxProxyManager#410
No description provided.