Difference between revisions of "PVE Tips"

From Da Nerd Mage Wiki
Jump to navigation Jump to search
(Created page with "= Manually installing REAL certs = I keep copies of my certs on a local webserver that acts as a proxy to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them.  Also, I'm using wildcard certs, which simplifies life. Step 1: Log into the shell as root.")
 
Line 1: Line 1:
= Manually installing REAL certs =
= Manually installing REAL certs =


I keep copies of my certs on a local webserver that acts as a proxy to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them.  Also, I'm using wildcard certs, which simplifies life.


'''Step 1:''' Log into the shell as root.


I keep copies of my certs on a local webserver that acts as a proxy to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them.  Also, I'm using wildcard certs, which simplifies life.
'''Step 2:''' Follow along with this list of commands (adjusting appropriately...)
 


* <code>cd /etc/pve/nodes/</code>
* <code>cd '''NODENAME'''</code>
* <code>cp pveproxy-ssl.key pveproxy-ssl.key.BAK</code>
* <code>cp pveproxy-ssl.pem pveproxy-ssl.pem.BAK</code>
* <code>scp '''USER@WEBSERVER''':/etc/apache2/certs/fullchain_'''YOURDOMAIN.TLD'''.crt pveproxy-ssl.pem</code>
* <code>scp '''USER@WEBSERVER''':/etc/apache2/certs/'''YOURDOMAIN.TLD'''.key pveproxy-ssl.key</code>
* <code>systemctl restart pveproxy</code>
'''Step 3:''' Enjoy browsing to the Web UI of your server without being bitched at by your browser.


Step 1: Log into the shell as root.
(these instructions are currently based on a non-clustered server...)

Revision as of 14:08, 23 December 2023

Manually installing REAL certs

I keep copies of my certs on a local webserver that acts as a proxy to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them.  Also, I'm using wildcard certs, which simplifies life.

Step 1: Log into the shell as root.

Step 2: Follow along with this list of commands (adjusting appropriately...)

  • cd /etc/pve/nodes/
  • cd NODENAME
  • cp pveproxy-ssl.key pveproxy-ssl.key.BAK
  • cp pveproxy-ssl.pem pveproxy-ssl.pem.BAK
  • scp USER@WEBSERVER:/etc/apache2/certs/fullchain_YOURDOMAIN.TLD.crt pveproxy-ssl.pem
  • scp USER@WEBSERVER:/etc/apache2/certs/YOURDOMAIN.TLD.key pveproxy-ssl.key
  • systemctl restart pveproxy

Step 3: Enjoy browsing to the Web UI of your server without being bitched at by your browser.

(these instructions are currently based on a non-clustered server...)