I have a Minikube cluster on my server. I want to expose the Kubernetes resource API. Which is not directly possible, because the Minikube IP is 192.168.49.2 which is only accessible on the server. Therefore I use nginx to serve it on k8s.mydomain.com.

server {
    server_name k8s.mydomain.com;
    auth_basic "Administrator’s Area";
    auth_basic_user_file /etc/nginx/.htpasswd;
    location / {
        proxy_pass https://192.168.49.2:8443;
        proxy_ssl_certificate /home/admin/.minikube/profiles/minikube/client.crt;
        proxy_ssl_certificate_key /home/admin/.minikube/profiles/minikube/client.key;
        proxy_set_header X-Real-IP $remote_addr;
    }
    location "/*" {
        proxy_pass https://192.168.49.2:8443;
        proxy_ssl_certificate /home/admin/.minikube/profiles/minikube/client.crt;
        proxy_ssl_certificate_key /home/admin/.minikube/profiles/minikube/client.key;
        proxy_set_header X-Real-IP $remote_addr;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/k8s.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/k8s.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = k8s.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name k8s.mydomain.com;


    listen 80;
    return 404; # managed by Certbot

}

This Nginx config works for most things like e.g. k get pods or k apply -f deployment.yaml. (on the server and on another device)

But for things which are watching it doesn’t work.
For example k logs -f podname or k get -w pods. To be more specific. If I execute k logs -f podname on another device it shows the past logs (just like without the -f), but it doesn’t show new logs (which are for sure generated).

How should my nginx config look like to make the watch-operations possible on other devices which are calling k8s.mydomain.com.

I could use commands to serve the kube-api to an local, from outside accessible, port, but I want an automated way which doesn’t require some commands (even after restart).

My kube-config looks like this. This works currently for the non-watch-operation. Can you please share also the kube-config if somethings needs to be changed there.

apiVersion: v1
clusters:
- cluster:
    extensions:
    - extension:
        last-update: Thu, 22 Jun 2023 19:21:36 CEST
        provider: minikube.sigs.k8s.io
        version: v1.30.1
      name: cluster_info
    server: https://k8s.mydomain.com
  name: minikube
contexts:
- context:
    cluster: minikube
    extensions:
    - extension:
        last-update: Thu, 22 Jun 2023 19:21:36 CEST
        provider: minikube.sigs.k8s.io
        version: v1.30.1
      name: context_info
    namespace: default
    user: minikube
  name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
  user:
    password: ${KUBE_PWD}
    username: minikube