if the files pveproxy-ssl.pem and pveproxy-ssl.key are
available for a node (i.e., in /etc/pve/<node>/), they will
be used as TLS certificate and private key for the web
interface and API of this node.
Note: the Spice and non-websocket VNC connections are still
using the self-signed certificate and key in pve-ssl.pem
and pve-ssl.key.
} else {
$self->{server_config}->{ssl}->{dh} = 'skip2048';
}
+
+ if (-f '/etc/pve/local/pveproxy-ssl.pem' && -f '/etc/pve/local/pveproxy-ssl.key') {
+ $self->{server_config}->{ssl}->{cert_file} = '/etc/pve/local/pveproxy-ssl.pem';
+ $self->{server_config}->{ssl}->{key_file} = '/etc/pve/local/pveproxy-ssl.key';
+ syslog('info', 'Using \'/etc/pve/local/pveproxy-ssl.pem\' as certificate for the web interface.');
+ }
}
sub run {