BaseURL configuration for Reverse Proxy with NGINX or others #994

New issue

Closed

opened 2026-02-20 14:09:32 -05:00 by deekerman · 13 comments

deekerman commented 2026-02-20 14:09:32 -05:00

Owner

Copy link

Originally created by @MichaelWoodc on GitHub (Jan 22, 2025).

When I setup my network, I would like to have my pikvm accessible with a different base url or path so that I can have only one or two ports open to the outside world. (I've been fending off cyber threats). So, I need my pikvm accessible at myurl.com/pi_kvm through my reverse proxy. This will allow me to sunset RDP for remote management, where I've been peppered with thousands of failed login attempts lately.

In other services like Navidrome I can easily set up a base path, like this:

Describe the solution you'd like
I'd like to have a super easy place to setup a path for a reverse proxy like this

Describe alternatives you've considered
I've tried complicated reverse proxy setup, like this, but it didn't work. I got so close, but the post address for the login was incorrect and a few other things:

# PiKVM Proxy Configuration
location /pi_kvm/ {
    # Forward to PiKVM over HTTPS
    proxy_pass https://192.168.1.127/;  # Forward to PiKVM

    # Disable SSL verification for self-signed certificates
    proxy_ssl_verify off;

    #  (not sure this is right)
    proxy_set_header Host $host;  # Pass the original host
    proxy_set_header X-Real-IP $remote_addr;  # Preserve the client IP
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;  # Add any proxy IPs
    proxy_set_header X-Forwarded-Proto $scheme;  # Pass the protocol

    # WebSocket support
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_cache_bypass $http_upgrade;

    # Rewriting paths so PiKVM receives the right URLs and resources
    rewrite ^/pi_kvm(/.*)$ $1 break;

    # Ensure any redirects from PiKVM are handled correctly
    proxy_redirect / /pi_kvm/;

    # Handle the PiKVM static resources like CSS, JS, and images
    sub_filter_once off;  # Allow multiple replacements in a response
    sub_filter '/share/' '/pi_kvm/share/';  # Replace /share/ with /pi_kvm/share/
}

Additional context
The only thing I've been able to do is do a subdomain. This works great. I'd prefer to be able to implement it this other way, however.

Originally created by @MichaelWoodc on GitHub (Jan 22, 2025). When I setup my network, I would like to have my pikvm accessible with a different base url or path so that I can have only one or two ports open to the outside world. (I've been fending off cyber threats). So, I need my pikvm accessible at myurl.com/pi_kvm through my reverse proxy. This will allow me to sunset RDP for remote management, where I've been peppered with thousands of failed login attempts lately. In other services like Navidrome I can easily set up a base path, like this:  **Describe the solution you'd like** I'd like to have a super easy place to setup a path for a reverse proxy like this **Describe alternatives you've considered** I've tried complicated reverse proxy setup, like this, but it didn't work. I got so close, but the post address for the login was incorrect and a few other things: ``` # PiKVM Proxy Configuration location /pi_kvm/ { # Forward to PiKVM over HTTPS proxy_pass https://192.168.1.127/; # Forward to PiKVM # Disable SSL verification for self-signed certificates proxy_ssl_verify off; # (not sure this is right) proxy_set_header Host $host; # Pass the original host proxy_set_header X-Real-IP $remote_addr; # Preserve the client IP proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # Add any proxy IPs proxy_set_header X-Forwarded-Proto $scheme; # Pass the protocol # WebSocket support proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_cache_bypass $http_upgrade; # Rewriting paths so PiKVM receives the right URLs and resources rewrite ^/pi_kvm(/.*)$ $1 break; # Ensure any redirects from PiKVM are handled correctly proxy_redirect / /pi_kvm/; # Handle the PiKVM static resources like CSS, JS, and images sub_filter_once off; # Allow multiple replacements in a response sub_filter '/share/' '/pi_kvm/share/'; # Replace /share/ with /pi_kvm/share/ } ``` **Additional context** The only thing I've been able to do is do a subdomain. This works great. I'd prefer to be able to implement it this other way, however. 

deekerman 2026-02-20 14:09:32 -05:00

• closed this issue
• added the
  type:feature
  resolution:fixed
  labels

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@MichaelWoodc commented on GitHub (Jan 23, 2025):

I did some exploring today, it seems there might be an easy way. I went to the web terminal and did:
find / -name "nginx" 2>/dev/null

That returns everything having to do with nginx. I popped the most likely file into the editor

su - (take root)
rw (make fs rear write)
nano /etc/nginx/nginx.conf

I'm not entirely faililiar with nginx yet, but it seems this might be a place to edit the base URL. Some experimenting is necessary.

nginx.conf.txt

@MichaelWoodc commented on GitHub (Jan 23, 2025): I did some exploring today, it seems there might be an easy way. I went to the web terminal and did: `find` / -name "*nginx*" 2>/dev/null That returns everything having to do with nginx. I popped the most likely file into the editor ``` su - (take root) rw (make fs rear write) nano /etc/nginx/nginx.conf ``` I'm not entirely faililiar with nginx yet, but it seems this might be a place to edit the base URL. Some experimenting is necessary. [nginx.conf.txt](https://github.com/user-attachments/files/18526026/nginx.conf.txt)

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@MichaelWoodc commented on GitHub (Jan 23, 2025):

A little more digging and I have found a lot of files in: /etc/kvmd/nginx
that seem to have everything to do with it.

It looks like I could just add /pi_kvm everywhere there. Is that correct?

@MichaelWoodc commented on GitHub (Jan 23, 2025): A little more digging and I have found a lot of files in: /etc/kvmd/nginx that seem to have everything to do with it.  It looks like I could just add /pi_kvm everywhere there. Is that correct?

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Jan 27, 2025):

Don't do this, you can misconfigure something and pikvm will break. We will make specific fix for this problem.

@mdevaev commented on GitHub (Jan 27, 2025): Don't do this, you can misconfigure something and pikvm will break. We will make specific fix for this problem.

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@MichaelWoodc commented on GitHub (Jan 31, 2025):

Don't do this, you can misconfigure something and pikvm will break. We will make specific fix for this problem.

Please let me know if and how I can help out on this one! And thanks guys!

@MichaelWoodc commented on GitHub (Jan 31, 2025): > Don't do this, you can misconfigure something and pikvm will break. We will make specific fix for this problem. Please let me know if and how I can help out on this one! And thanks guys!

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Feb 1, 2025):

I'm working on it now.

@mdevaev commented on GitHub (Feb 1, 2025): I'm working on it now.

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Feb 2, 2025):

Okay, it's done. Please update OS. No additional settings are required for base url.

I also wrote a small guide for reverse proxying with two tested example configs: https://docs.pikvm.org/reverse_proxy/

@mdevaev commented on GitHub (Feb 2, 2025): Okay, it's done. Please update OS. No additional settings are required for base url. I also wrote a small guide for reverse proxying with two tested example configs: https://docs.pikvm.org/reverse_proxy/

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@MichaelWoodc commented on GitHub (Feb 3, 2025):

Thanks! I hit that button on the main page, hopefully it's enough to get a coffee where you're at. Saved me a lot of work!

@MichaelWoodc commented on GitHub (Feb 3, 2025): Thanks! I hit that button on the main page, hopefully it's enough to get a coffee where you're at. Saved me a lot of work!

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Feb 4, 2025):

Merci👌

@mdevaev commented on GitHub (Feb 4, 2025): Merci👌

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@fallenleavesgocrunch commented on GitHub (Feb 9, 2025):

This hasn't worked for me. When I go to /pikvm/ it redirects back to /login with the handle_path directive in caddy. I know this was closed only last week so I hope it's still fresh off the rack and there's something I can do to debug what's going wrong....

I have cache disabled and preserve logs enabled in Chrome and I get the following actions:

GET https://mydomain/pikvm/
302 Found
   Location: /login
   Server: caddy
   Server: nginx
GET https://mydomain/login
404 Not Found

caddy:

https://mydomain {
handle_path /pikvm/* {
    reverse_proxy https://pikvm.local {
        transport http {
            tls_insecure_skip_verify  # Same behaviour as Nginx
        }
        header_up Host {upstream_hostport}
    }
}
}

pikvm:
kvmd 4.52-1
kvmd-fan 0.32-1
kvmd-platform-v4mini-hdmi-rpi4 4.52-1
kvmd-webterm 0.50-1

@fallenleavesgocrunch commented on GitHub (Feb 9, 2025): This hasn't worked for me. When I go to /pikvm/ it redirects back to /login with the handle_path directive in caddy. I know this was closed only last week so I hope it's still fresh off the rack and there's something I can do to debug what's going wrong.... I have cache disabled and preserve logs enabled in Chrome and I get the following actions: ``` GET https://mydomain/pikvm/ 302 Found Location: /login Server: caddy Server: nginx GET https://mydomain/login 404 Not Found ``` caddy: ``` https://mydomain { handle_path /pikvm/* { reverse_proxy https://pikvm.local { transport http { tls_insecure_skip_verify # Same behaviour as Nginx } header_up Host {upstream_hostport} } } } ``` pikvm: kvmd 4.52-1 kvmd-fan 0.32-1 kvmd-platform-v4mini-hdmi-rpi4 4.52-1 kvmd-webterm 0.50-1

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Feb 10, 2025):

Yes, it seems I missed it with Caddy. PiKVM has a login redirect location in the internal nginx:

location @login {
    return 302 /login;
}

To handle it in the proxy Nginx I used this:

proxy_redirect ~^(/.*)$ /pikvm$1;

We need something similar on Caddy. Do you know about it? I don't have much Caddy experience.

In the meantime, I will try to find a way to change this redirect by making it relative on the PiKVM side.

@mdevaev commented on GitHub (Feb 10, 2025): Yes, it seems I missed it with Caddy. PiKVM has a login redirect location in the internal nginx: ```nginx location @login { return 302 /login; } ``` To handle it in the proxy Nginx I used this: ```nginx proxy_redirect ~^(/.*)$ /pikvm$1; ``` We need something similar on Caddy. Do you know about it? I don't have much Caddy experience. In the meantime, I will try to find a way to change this redirect by making it relative on the PiKVM side.

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Feb 10, 2025):

@fallenleavesgocrunch I found a solution. You need to add header_down instruction:

https://mydomain {
handle_path /pikvm/* {
    reverse_proxy https://pikvm.local {
        transport http {
            tls_insecure_skip_verify  # Same behaviour as Nginx
        }
        header_up Host {upstream_hostport}
        header_down Location "^(/.*)$" "/pikvm$1"
    }
}

I've tested it and updated documentation.

@mdevaev commented on GitHub (Feb 10, 2025): @fallenleavesgocrunch I found a solution. You need to add `header_down` instruction: ```nginx https://mydomain { handle_path /pikvm/* { reverse_proxy https://pikvm.local { transport http { tls_insecure_skip_verify # Same behaviour as Nginx } header_up Host {upstream_hostport} header_down Location "^(/.*)$" "/pikvm$1" } } ``` I've tested it and updated documentation.

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@fallenleavesgocrunch commented on GitHub (Feb 10, 2025):

Wow that was fast! Thank you :)

@fallenleavesgocrunch commented on GitHub (Feb 10, 2025): Wow that was fast! Thank you :)

deekerman commented 2026-02-20 14:09:35 -05:00

Author

Owner

Copy link

@mdevaev commented on GitHub (Feb 10, 2025):

Ur welcome 👌

@mdevaev commented on GitHub (Feb 10, 2025): Ur welcome 👌

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

gh-pages

No results found.

Labels

Clear labels   

component:documentation

  

help wanted

  

resolution:delayed

  

resolution:duplicate

  

resolution:fixed

  

resolution:invalid

  

resolution:rejected

  

resolution:wontfix

  

success story

  

type:bug

  

type:bug

  

type:feature

  

type:question

  

type:question

No labels

component:documentation

help wanted

resolution:delayed

resolution:duplicate

resolution:fixed

resolution:invalid

resolution:rejected

resolution:wontfix

success story

type:bug

type:bug

type:feature

type:question

type:question

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/pikvm-pikvm#994

No description provided.