Tested only with iLO 4 (on proliant gen9 servers)
bmc.conf:
include /etc/nginx/bmc-nodes.conf;
# https://www.rfc-editor.org/rfc/rfc7230#section-6.1
# https://datatracker.ietf.org/doc/html/rfc6455#section-4.2.1
# For iLO Connection: Upgrade is case-sensitive...
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
# You need to listen on https port
# This will create mapping for to map name to IP adddress
# For ex:
# server1.bmc.example.com
# serverN.bmc.example.com
# etc...
server {
listen 443 ssl;
server_name ~(?.+)\.bmc\.example\.com;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_certificate /etc/nginx/tls/bmc.example.com.crt;
ssl_certificate_key /etc/nginx/tls/bmc.example.key;
proxy_http_version 1.1;
proxy_set_header Host $bmc_node;
# Set some message for unmapped hosts
#error_page 502 /bmc-missing.html;
# Set HTTP auth
#error_page 401 /bmc-auth.html;
#auth_basic "[BMC PROXY]";
#auth_basic_user_file /etc/nginx/bmc.passwd;
location / {
# Forece keep-alive to upstream...
proxy_set_header Authorization '';
proxy_set_header Connection '';
proxy_pass https://$bmc_node;
}
# WebSocket connection for HTML5 Console
location /wss/ircport {
proxy_set_header Authorization '';
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_read_timeout 1800;
proxy_pass https://$bmc_node;
}
# error page for 502
#location = /bmc-missing.html {
# auth_basic off;
# internal;
# root /var/www/bmc/;
#}
# error page for 401
#location = /bmc-auth.html {
# auth_basic off;
# internal;
# root /var/www/bmc/;
#}
}
bmc-nodes.conf
upstream server1 {
server 10.0.0.1:443;
keepalive 4;
}
upstream server2 {
server 10.0.0.2:443;
keepalive 4;
}
...
upstream serverN {
server 10.0.0.N:443;
keepalive 4;
}
Brak komentarzy:
Prześlij komentarz