ifdef::manvolnum[]
-PVE({manvolnum})
-================
-include::attributes.txt[]
+pveproxy(8)
+===========
+:pve-toplevel:
NAME
----
endif::manvolnum[]
ifndef::manvolnum[]
-{pve} API Proxy Daemon
-======================
-include::attributes.txt[]
+pveproxy - Proxmox VE API Proxy Daemon
+======================================
endif::manvolnum[]
This daemon exposes the whole {pve} API on TCP port 8006 using
NOTE: DH parameters are only used if a cipher suite utilizing the DH key
exchange algorithm is negotiated.
-
Alternative HTTPS certificate
-----------------------------
-By default, pveproxy uses the certificate `/etc/pve/local/pve-ssl.pem`
-(and private key `/etc/pve/local/pve-ssl.key`) for HTTPS connections.
-This certificate is signed by the cluster CA certificate, and therefor
-not trusted by browsers and operating systems by default.
-
-In order to use a different certificate and private key for HTTPS,
-store the server certificate and any needed intermediate / CA
-certificates in PEM format in the file `/etc/pve/local/pveproxy-ssl.pem`
-and the associated private key in PEM format without a password in the
-file `/etc/pve/local/pveproxy-ssl.key`.
-
-WARNING: Do not replace the automatically generated node certificate
-files in `/etc/pve/local/pve-ssl.pem` and `etc/pve/local/pve-ssl.key` or
-the cluster CA files in `/etc/pve/pve-root-ca.pem` and
-`/etc/pve/priv/pve-root-ca.key`.
+You can change the certificate used to an external one or to one obtained via
+ACME.
+
+pveproxy uses `/etc/pve/local/pveproxy-ssl.pem` and
+`/etc/pve/local/pveproxy-ssl.key`, if present, and falls back to
+`/etc/pve/local/pve-ssl.pem` and `/etc/pve/local/pve-ssl.key`.
+The private key may not use a passphrase.
+
+See the Host System Administration chapter of the documentation for details.
ifdef::manvolnum[]
include::pve-copyright.adoc[]
projects / pve-docs.git / blobdiff