Difference between revisions of "PVE Tips"
Line 17: | Line 17: | ||
'''Step 3:''' Enjoy browsing to the Web UI of your server without being bitched at by your browser. | '''Step 3:''' Enjoy browsing to the Web UI of your server without being bitched at by your browser. | ||
This will also work just fine with machine-specific certs. You'll need to adjust the filenames of your '''crt''' & '''key''' files. | |||
(these instructions are currently based on a non-clustered server...) | (these instructions are currently based on a non-clustered server...) |
Revision as of 14:16, 23 December 2023
Manually installing REAL certs
I keep copies of my certs on a local webserver that acts as a proxy to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them. Also, I'm using wildcard certs, which simplifies life.
Step 1: Log into the servers shell as root. (either through the Web UI or SSH)
Step 2: Follow along with this list of commands (adjusting appropriately...)
cd /etc/pve/nodes/
cd NODENAME
cp pveproxy-ssl.key pveproxy-ssl.key.BAK
cp pveproxy-ssl.pem pveproxy-ssl.pem.BAK
scp USER@WEBSERVER:/etc/apache2/certs/fullchain_YOURDOMAIN.TLD.crt pveproxy-ssl.pem
scp USER@WEBSERVER:/etc/apache2/certs/YOURDOMAIN.TLD.key pveproxy-ssl.key
systemctl restart pveproxy
Note: "/etc/apache2/certs" must be readable by USER & USER must also have SSH access to WEBSERVER
Step 3: Enjoy browsing to the Web UI of your server without being bitched at by your browser.
This will also work just fine with machine-specific certs. You'll need to adjust the filenames of your crt & key files.
(these instructions are currently based on a non-clustered server...)