Difference between revisions of "PVE Tips"
Jump to navigation
Jump to search
| Line 1: | Line 1: | ||
= Manually installing REAL certs = | = Manually installing REAL certs = | ||
I keep copies of my certs on a local webserver that acts as a proxy to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them. Also, I'm using wildcard certs, which simplifies life. | I keep copies of my certs on a local [[Building Web Servers{{!}}webserver]] that acts as a [[Proxy Server Notes{{!}}proxy]] to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them. Also, I'm using wildcard certs, which simplifies life. | ||
'''Step 1:''' Log into the shell as root. | '''Step 1:''' Log into the servers shell as root. (either through the Web UI or SSH) | ||
'''Step 2:''' Follow along with this list of commands (adjusting appropriately...) | '''Step 2:''' Follow along with this list of commands (adjusting appropriately...) | ||
| Line 14: | Line 14: | ||
* <code>scp '''USER@WEBSERVER''':/etc/apache2/certs/'''YOURDOMAIN.TLD'''.key pveproxy-ssl.key</code> | * <code>scp '''USER@WEBSERVER''':/etc/apache2/certs/'''YOURDOMAIN.TLD'''.key pveproxy-ssl.key</code> | ||
* <code>systemctl restart pveproxy</code> | * <code>systemctl restart pveproxy</code> | ||
Note: "/etc/apache2/certs" must be readable by '''USER''' & '''USER''' must also have SSH access to '''WEBSERVER''' | |||
'''Step 3:''' Enjoy browsing to the Web UI of your server without being bitched at by your browser. | '''Step 3:''' Enjoy browsing to the Web UI of your server without being bitched at by your browser. | ||
(these instructions are currently based on a non-clustered server...) | (these instructions are currently based on a non-clustered server...) | ||
Revision as of 15:14, 23 December 2023
Manually installing REAL certs
I keep copies of my certs on a local webserver that acts as a proxy to feed HTTPS connections to various local servers. This makes it fairly trivial to pull certs to various machines that need them. Also, I'm using wildcard certs, which simplifies life.
Step 1: Log into the servers shell as root. (either through the Web UI or SSH)
Step 2: Follow along with this list of commands (adjusting appropriately...)
cd /etc/pve/nodes/cd NODENAMEcp pveproxy-ssl.key pveproxy-ssl.key.BAKcp pveproxy-ssl.pem pveproxy-ssl.pem.BAKscp USER@WEBSERVER:/etc/apache2/certs/fullchain_YOURDOMAIN.TLD.crt pveproxy-ssl.pemscp USER@WEBSERVER:/etc/apache2/certs/YOURDOMAIN.TLD.key pveproxy-ssl.keysystemctl restart pveproxy
Note: "/etc/apache2/certs" must be readable by USER & USER must also have SSH access to WEBSERVER
Step 3: Enjoy browsing to the Web UI of your server without being bitched at by your browser.
(these instructions are currently based on a non-clustered server...)