I just set up nginx as a reverse proxy for pveproxy on all my cluster hosts, added this to /etc/default/pveproxy
10.10.60.0/24 is the management vlan, all proxmox hosts have an entry in /etc/pve/corosync.conf with a 10.10.60 ip, all hosts have an entry in /etc/hosts with their 10.10.10.60 ip.
And now I notice I can't connect to 2 hosts, bert and ernie, because all other hosts try to connect to them over their public IP of 10.10.10.10 and 10.10.10.18 respectively. Using tcpdump and looking in their /var/log/pveproxy/access.log confirms my assessment:
So my question is: where does pveproxy get their IP-addresses from, and how can I safely change it, so they will start using their 10.10.60 IP-addresses?
Code:
ALLOW_FROM=127.0.0.1,10.10.60.0/24
DENY_FROM=all
POLICY=allow10.10.60.0/24 is the management vlan, all proxmox hosts have an entry in /etc/pve/corosync.conf with a 10.10.60 ip, all hosts have an entry in /etc/hosts with their 10.10.10.60 ip.
Code:
<SNIPPET>
node {
name: batman
nodeid: 1
quorum_votes: 1
ring0_addr: 10.10.60.9
}
node {
name: bert
nodeid: 8
quorum_votes: 1
ring0_addr: 10.10.60.10
}
node {
name: ernie
nodeid: 3
quorum_votes: 1
ring0_addr: 10.10.60.18
}And now I notice I can't connect to 2 hosts, bert and ernie, because all other hosts try to connect to them over their public IP of 10.10.10.10 and 10.10.10.18 respectively. Using tcpdump and looking in their /var/log/pveproxy/access.log confirms my assessment:
Code:
10.10.10.45 - - [07/11/2020:14:03:24 +0100] "-" 403 -
10.10.10.47 - - [07/11/2020:14:03:26 +0100] "-" 403 -
10.10.10.45 - - [07/11/2020:14:03:26 +0100] "-" 403 -
10.10.10.47 - - [07/11/2020:14:03:27 +0100] "-" 403 -So my question is: where does pveproxy get their IP-addresses from, and how can I safely change it, so they will start using their 10.10.60 IP-addresses?
