iLO console IP address is 10.0.110.25.
Proxy server address is ilo.proxy.domain.com
stream {
server {
listen 17990;
proxy_pass 10.0.110.25:17990;
}
}
http {
map $http_referer $proxy_referer_addr {
"~/(?<addr>10\.0\.110\.[0-9]+)" $addr;
default "10.0.110.25";
}
server {
listen 80;
server_name ilo.proxy.domain.com;
resolver 10.0.0.1;
access_log /var/log/nginx/ilo.access_log combined;
error_log /var/log/nginx/ilo.error_log debug;
location / {
if ($proxy_referer_addr) {
rewrite ^(/.*) /$proxy_referer_addr$1 last;
}
return 443;
}
location ~ ^/(10\.0\.110\.[0-9]+) {
set $proxy_addr $1;
rewrite ^(/10\.0\.110\.[0-9]+)$ $1/ redirect;
rewrite ^/10\.0\.110\.[0-9]+(/.*) $1 break;
proxy_pass https://$proxy_addr;
# iLO console on BladeSystem c3000 is so old that SSLv3 and TLSv1 and even possible SSLv2 are required
proxy_ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
sub_filter_once off;
sub_filter_types text/css application/javascript application/x-javascript;
sub_filter '/json/login_session' '/$proxy_addr/json/login_session';
sub_filter '/120919-012505' '/$proxy_addr/120919-012505';
sub_filter '/standby.xml' '/$proxy_addr/standby.xml';
sub_filter '/bannerfile.txt' '/$proxy_addr/bannerfile.txt';
}
}
server {
listen 443 ssl http2;
server_name ilo.proxy.domain.com;
ssl_certificate /etc/pki/tls/certs/wildcard.proxy.domain.com.pem;
ssl_certificate_key /etc/pki/tls/private/wildcard.proxy.domain.com.key;
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA256:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/certs/f131ccf4.pem;
access_log /var/log/nginx/ilo.access_log combined;
error_log /var/log/nginx/ilo.error_log debug;
add_header "Strict-Transport-Security" "max-age=15768000";
location / {
if ($proxy_referer_addr) {
rewrite ^(/.*) /$proxy_referer_addr$1 last;
}
return 403;
}
location ~ ^/(10\.0\.110\.[0-9]+) {
set $proxy_addr $1;
rewrite ^(/10\.0\.110\.[0-9]+)$ $1/ redirect;
rewrite ^/10\.0\.110\.[0-9]+(/.*) $1 break;
proxy_pass https://$proxy_addr;
proxy_ssl_protocols SSLv2 SSLv3 TLSv1 TLSv1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
sub_filter_once off;
sub_filter_types text/css application/javascript application/x-javascript;
sub_filter '/json/login_session' '/$proxy_addr/json/login_session';
sub_filter '/120919-012505' '/$proxy_addr/120919-012505';
sub_filter '/standby.xml' '/$proxy_addr/standby.xml';
sub_filter '/bannerfile.txt' '/$proxy_addr/bannerfile.txt';
}
}
}
To access iLo type http://ilo.proxy.domain.com/10.0.110.25/ in your browser