thong838
December 10, 2025, 4:28am
1
Dear Everyone,
Im using OpenNebula version 7.
If I access https://0.0.0.0:2616 . I can upload the image
If I use nginx with subdomain. I can’t upload the image “Error Upload“
cat /etc/nginx/conf.d/opennebula-ssl.conf
# /etc/nginx/conf.d/opennebula-ssl.conf
# NOTE: This file is expected to be included inside the http {} context.
# map for connection upgrade handling (for websockets)
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream fire-edge {
server 127.0.0.1:2616;
}
# HTTP -> HTTPS redirect and ACME challenge handling
server {
listen 80;
listen [::]:80;
server_name one-new.tma.com.vn;
# Allow Let's Encrypt ACME-challenge
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
try_files $uri =404;
}
# Redirect everything else to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS server: TLS termination + reverse proxy to FireEdge (port 2616)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name one-new.tma.com.vn;
# Certificates (Let's Encrypt default paths). Replace if using other certs.
ssl_certificate /etc/nginx/cert/tma.com.vn.crt;
ssl_certificate_key /etc/nginx/cert/tma.com.vn.key;
# TLS policy
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers off;
location /fireedge {
proxy_pass http://fire-edge/fireedge;
proxy_redirect off;
log_not_found off;
proxy_buffering off;
proxy_cache_bypass $http_upgrade;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-FOR $proxy_add_x_forwarded_for;
access_log off;
}
################################################################
# OPTION A - proxy preserving original path (recommended)
# Access UI at: https://one-new.tma.com.vn/fireedge/sunstone
################################################################
location / {
proxy_pass http://127.0.0.1:2616;
proxy_set_header Host $host;
}
################################################################
# OPTION B - map root "/" to FireEdge Sunstone (optional)
# Uncomment if you want https://one-new.tma.com.vn/ to go directly to Sunstone
################################################################
#location = / {
# return 302 /fireedge/sunstone;
#}
#
#location /fireedge/ {
# proxy_pass http://127.0.0.1:2616/fireedge/;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
#}
# Health/status endpoint (optional)
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
}
Hello,
Did you check the one log file /var/log/one/oned.log and fireedge(/var/log/one/fireedge.log and /var/log/one/fireedge.error) for further details regarding the error?
Additionally, you should also check the Nginx logs. How big is the image file? As direct upload works, is it possible that nginx is cutting the image import (see client_max_body_size )?
Best Regards,
1 Like
thong838
December 11, 2025, 3:41am
3
Thanks for your reply!
I fixed with this config:
# /etc/nginx/conf.d/opennebula-ssl.conf
# NOTE: This file is expected to be included inside the http {} context.
# map for connection upgrade handling (for websockets)
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# upstream to FireEdge (FireEdge listens on 127.0.0.1:2616)
upstream fire-edge {
server 127.0.0.1:2616;
keepalive 16;
}
# HTTP -> HTTPS redirect and ACME challenge handling
server {
listen 80;
listen [::]:80;
server_name one-new.tma.com.vn;
# Allow Let's Encrypt ACME-challenge
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
try_files $uri =404;
}
# Redirect everything else to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
# HTTPS server: TLS termination + reverse proxy to FireEdge (port 2616)
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name one-new.tma.com.vn;
# Certificates (Let's Encrypt default paths). Replace if using other certs.
ssl_certificate /etc/nginx/cert/tma.com.vn.crt;
ssl_certificate_key /etc/nginx/cert/tma.com.vn.key;
# TLS policy
ssl_protocols TLSv1.2 TLSv1.3;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_prefer_server_ciphers off;
# General client/body limits & buffers
# 0 means unlimited (use with care). You can set a concrete size like 1G if preferred.
client_max_body_size 0;
client_body_timeout 300s;
client_header_timeout 300s;
large_client_header_buffers 4 16k;
########################################################
# Location /fireedge -> proxy to backend path /fireedge
# Exposed as: https://one-new.tma.com.vn/fireedge/...
########################################################
location /fireedge/ {
proxy_pass http://fire-edge/fireedge/;
proxy_redirect off;
# Preserve HTTP/1.1 for chunked/websocket/keepalive
proxy_http_version 1.1;
# Forward necessary headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# Websocket / upgrade handling
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# IMPORTANT for upload streaming
proxy_buffering off;
proxy_request_buffering off;
proxy_cache_bypass $http_upgrade;
# Increase timeouts for large uploads
proxy_read_timeout 360s;
proxy_send_timeout 360s;
send_timeout 360s;
# Optional: adjust buffering sizes (backend may require)
# proxy_busy_buffers_size 64k;
# proxy_temp_file_write_size 64k;
access_log off;
error_log /var/log/nginx/opennebula-fireedge-error.log warn;
}
################################################################
# OPTION A - proxy preserving original path (recommended)
# Access UI at: https://one-new.tma.com.vn/fireedge/sunstone
################################################################
location / {
proxy_pass http://fire-edge;
proxy_redirect off;
proxy_http_version 1.1;
# Forward headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
# Websocket / upgrade handling
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
# Streaming / upload settings
proxy_buffering off;
proxy_request_buffering off;
proxy_cache_bypass $http_upgrade;
# Timeouts for uploads
proxy_read_timeout 360s;
proxy_send_timeout 360s;
send_timeout 360s;
access_log off;
error_log /var/log/nginx/opennebula-root-error.log warn;
}
################################################################
# OPTION B (commented) - map root "/" to FireEdge Sunstone (optional)
# If you prefer root to redirect to /fireedge/sunstone, uncomment below
################################################################
# location = / {
# return 302 /fireedge/sunstone;
# }
#
# location /fireedge/ {
# proxy_pass http://127.0.0.1:2616/fireedge/;
# proxy_http_version 1.1;
# proxy_set_header Host $host;
# }
# Health/status endpoint (optional)
location /nginx_status {
stub_status on;
allow 127.0.0.1;
deny all;
}
# Optional: serve static acme-challenge files if needed under HTTPS as well
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt;
try_files $uri =404;
}
}
system
December 13, 2025, 3:42am
4
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.