From fa25e615f387fdda8983778e89518f3c77e1bcd6 Mon Sep 17 00:00:00 2001
From: Stoiko Ivanov <s.ivanov@proxmox.com>
Date: Fri, 23 Apr 2021 17:58:14 +0200
Subject: [PATCH] pveproxy: document LISTEN_IP setting

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 pveproxy.adoc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/pveproxy.adoc b/pveproxy.adoc
index d50d04a..0ea5658 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -59,6 +59,24 @@ The default policy is `allow`.
 |===========================================================
 
 
+Listening IP
+------------
+
+By setting `LISTEN_IP` in `/etc/default/pveproxy` you can control to which IP
+address the daemon binds. The IP address needs to be configured on the system.
+
+This can be used to listen only to an internal interface and thus have less
+exposure to the public internet:
+
+ LISTEN_IP="192.0.2.1"
+
+Similarly you can also set a n IPv6 address:
+
+ LISTEN_IP="2001:db8:85a3::1"
+
+WARNING: The nodes in a cluster need access to pveproxy for communictation.
+It is not recommended to set `LISTEN_IP` on clustered systems.
+
 SSL Cipher Suite
 ----------------
 
-- 
2.39.2