vCenter 6.5 Web Client with UI Redirects


(Thizmo) #1

Dear all,

i am having again trouble with the vCenter VCSA 6.5.
I got a working set of a config file which does work. Yet not in the way i wanted it to.
This is my config so far.

 myproxy.my-url.com:443
    header / Strict-Transport-Security "max-age=31536000;"
    # This is for https://www.chromium.org/hsts

log {{ caddy_log_path }}/access.log
errors {{ caddy_log_path }}/error.log
    # For debugging (shows errors to the client directly)
    # errors visible

tls {
    load {{ caddy_ssl_certificates_path }}
}

proxy /vsphere-client https://vcsa.my-url.com/vsphere-client/?locale=en {
    transparent
    without /vsphere-client
}

proxy / https://vcsa.my-url.com/ui?locale=de {
    #transparent
    # does not work with transparent because of internal sso rewrites 
}

What i want is also a transparent proxy in front also for the UI part.
The vsphere-client (Old, Flash) works perfectly this way.

No customer is seeing the URL of the VCSA itself.

While with the UI, it does some nasty internal rewrites with /saml/websso/sso or /websso/SAML2/SSO.
When i use “without /ui” it ends up in an invinite loop.

With filter or rewrite i was not lucky. Yet i think it did something very wrong.
All the few examples on docs or github are not really helpfull in this case.

Maybe you (the community) has any help on that front?

What i need is a transparent proxy also for the UI, so that our customers won’t see the URL of the vcsa.
Which is now the case. The working directly on the vcsa with this config for the UI.

Thx.