X-Git-Url: https://git.proxmox.com/?p=pve-docs.git;a=blobdiff_plain;f=pveproxy.adoc;h=fbb739483b425ea368f28b0f6e3d4c1c6235bb84;hp=10368e1f26f8198793d099ef2a4a656880365076;hb=508a8bd7f8b8925766b3a074241fde09c8fb35d8;hpb=49a5e11cd14742d8ad28116fab7fce9fc85321bd diff --git a/pveproxy.adoc b/pveproxy.adoc index 10368e1..fbb7394 100644 --- a/pveproxy.adoc +++ b/pveproxy.adoc @@ -1,7 +1,7 @@ ifdef::manvolnum[] -PVE({manvolnum}) -================ -include::attributes.txt[] +pveproxy(8) +=========== +:pve-toplevel: NAME ---- @@ -19,9 +19,8 @@ DESCRIPTION endif::manvolnum[] ifndef::manvolnum[] -{pve} API Proxy Daemon -====================== -include::attributes.txt[] +pveproxy - Proxmox VE API Proxy Daemon +====================================== endif::manvolnum[] This daemon exposes the whole {pve} API on TCP port 8006 using @@ -86,25 +85,18 @@ used. NOTE: DH parameters are only used if a cipher suite utilizing the DH key exchange algorithm is negotiated. - Alternative HTTPS certificate ----------------------------- -By default, pveproxy uses the certificate `/etc/pve/local/pve-ssl.pem` -(and private key `/etc/pve/local/pve-ssl.key`) for HTTPS connections. -This certificate is signed by the cluster CA certificate, and therefor -not trusted by browsers and operating systems by default. - -In order to use a different certificate and private key for HTTPS, -store the server certificate and any needed intermediate / CA -certificates in PEM format in the file `/etc/pve/local/pveproxy-ssl.pem` -and the associated private key in PEM format without a password in the -file `/etc/pve/local/pveproxy-ssl.key`. - -WARNING: Do not replace the automatically generated node certificate -files in `/etc/pve/local/pve-ssl.pem` and `etc/pve/local/pve-ssl.key` or -the cluster CA files in `/etc/pve/pve-root-ca.pem` and -`/etc/pve/priv/pve-root-ca.key`. +You can change the certificate used to an external one or to one obtained via +ACME. + +pveproxy uses `/etc/pve/local/pveproxy-ssl.pem` and +`/etc/pve/local/pveproxy-ssl.key`, if present, and falls back to +`/etc/pve/local/pve-ssl.pem` and `/etc/pve/local/pve-ssl.key`. +The private key may not use a passphrase. + +See the Host System Administration chapter of the documentation for details. ifdef::manvolnum[] include::pve-copyright.adoc[]