auto-generate firewall rule options

[pve-docs.git] / pmxcfs.adoc

diff --git a/pmxcfs.adoc b/pmxcfs.adoc
index cc574abe210b0f8e249078af394c51b3983977b5..9d88763b5bb96b4535be98aa41f9a068e78f7354 100644 (file)
--- a/pmxcfs.adoc
+++ b/pmxcfs.adoc
@@ -16,7 +16,7 @@ Advantages
 
 * seamless replication of all configuration to all nodes in real time
 * provides strong consistency checks to avoid duplicate VM IDs
-* read-only when a node looses quorum
+* read-only when a node loses quorum
 * automatic updates of the corosync cluster configuration to all nodes
 * includes a distributed locking mechanism
 
@@ -77,10 +77,14 @@ Files
 |user.cfg      |{pve} access control configuration (users/groups/...)
 |domains.cfg   |{pve} Authentication domains 
 |authkey.pub   | public key used by ticket system
+|pve-root-ca.pem | public certificate of cluster CA
 |priv/shadow.cfg  | shadow password file
 |priv/authkey.key | private key used by ticket system
-|nodes/<NAME>/pve-ssl.pem                 | public ssl key for web server
-|nodes/<NAME>/priv/pve-ssl.key            | private ssl key
+|priv/pve-root-ca.key | private key of cluster CA
+|nodes/<NAME>/pve-ssl.pem                 | public ssl certificate for web server (signed by cluster CA)
+|nodes/<NAME>/pve-ssl.key            | private ssl key for pve-ssl.pem
+|nodes/<NAME>/pveproxy-ssl.pem       | public ssl certificate (chain) for web server (optional override for pve-ssl.pem)
+|nodes/<NAME>/pveproxy-ssl.key       | private ssl key for pveproxy-ssl.pem (optional)
 |nodes/<NAME>/qemu-server/<VMID>.conf    | VM configuration data for KVM VMs
 |nodes/<NAME>/lxc/<VMID>.conf         | VM configuration data for LXC containers
 |firewall/cluster.fw | Firewall config applied to all nodes