[SOLVED] Disabling ssl on latest proxmox ve

T

Temtaime

Active Member
Jan 17, 2017
28
3
43
30
Hello !
I tried to search and all the guides about how it have to be done seemed outdated.
Newer proxmox builds have other options regarding ssl.
I know what i am doing and i want to permanently disable ssl on web admin page, because:
  • My installation already behind external firewall
  • I want to use external proxy with cofingured ssl sertificates
  • I don't want to create (self signed) sertificates for the pveproxy and update / maintain them
So please, how ssl can be disabled on pveproxy ?
Kind regards.
 
  • Like
Reactions: Karmylr
Temtaime said:
Hello !
I tried to search and all the guides about how it have to be done seemed outdated.
Newer proxmox builds have other options regarding ssl.
I know what i am doing and i want to permanently disable ssl on web admin page, because:
  • My installation already behind external firewall
Click to expand...

that is not really relevant, traffic should still be encrypted.

  • I want to use external proxy with cofingured ssl sertificates
Click to expand...

nothing stops you from doing that?

  • I don't want to create (self signed) sertificates for the pveproxy and update / maintain them
Click to expand...

PVE does it for you, no need to do anything manual (especially if you have a proxy in front anyway?).

So please, how ssl can be disabled on pveproxy ?
Click to expand...

it's not possible.
 
Why it was possible time ago and is not possible now ?
I just want to disable it understanding all the risks.
 
Temtaime said:
Why it was possible time ago and is not possible now ?
I just want to disable it understanding all the risks.
Click to expand...

Proxmox VE is optimized for best security, so we do not implement http anymore.
 
Just a thought.
One option to achieve this is to use nginx as reverse proxy and serve http from nginx.
This also gives you an option to use fail-over solution when one node is not available you still connect to web ui by name, and reverse proxy takes data from second or third node.
And you can set to ignore ssl errors from downstream, therefore you can use self signed ssl certs.
Also you can use nginx to serve SSL, and in that case you always can connect to webui that has correct certificate regardless to what backend proxmox instance nginx proxy connects.

Since i have not tested this, there might be a problem with sessions (you'll have to log in again) where connection is made to second proxmox instance, and then, in the middle of session, first node becomes available.

Code: 
upstream proxmox {
    server 10.0.0.1:8006;
    server 10.0.0.2:8006 backup;
    server 10.0.0.3:8006  backup;
}

...

location / {
    proxy_pass https://proxmox;
    proxy_ssl_verify off;
    proxy_next_upstream error http_502;
}
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back