Just want to find out how I can do this. My Nginx reverse proxy is already doing TLS for me with multiple domains.
Just want to find out how I can do this. My Nginx reverse proxy is already doing TLS for me with multiple domains.
Is spirit right that reverse-proxying will break websockets for the console?not possible. PVE uses TLS (with certificate pinning) for intra-cluster request proxying as well, and this is not optional/configurable.
edit: also, there should be no harm except for a slight overhead if you reverse-proxy to a (cluster of) TLS enabled host(s)? it's not like you are sending gigabytes of data to/from the PVE host via the API or web interface, and you are probably also not having thousands of concurrent sessions either.. and IMHO intra-datacenter traffic should be encrypted as much as possible as well, just like "public" traffic - you never know who might listen in on your supposedly "private" traffic
Is spirit right that reverse-proxying will break websockets for the console?
Is this a different or additional process? I know next to nothing about how websockets work.No, you just need to reverse-proxy websockets too :-D
Hi,Just want to find out how I can do this. My Nginx reverse proxy is already doing TLS for me with multiple domains.
Hi,hey guys! anyone who can describe how you did this with haproxy?
frontend pve_frontend
bind *:8006
mode tcp
option httpclose
option tcplog
reqadd X-Forwarded-Proto:\ https
default_backend pve-server
timeout client 65000
frontend http_frontend
bind *:80
mode http
option httplog
acl acl_pve hdr(host) -i pve.domain.org
acl acl_pve hdr(host) -i pve-a.domain.org
acl acl_pve hdr(host) -i pve-b.domain.org
acl acl_pve hdr(host) -i pve-c.domain.org
acl acl_letsencrypt url_beg /.well-known/acme-challenge/
use_backend pve-http if acl_pve
use_backend web-srv-http if acl_letsencrypt !acl_pve
backend pve-http
mode http
server pve 192.168.200.11:8080
backend pve-a-http
mode http
server pve-a 192.168.200.11:80
backend pve-b-http
mode http
server pve-b 192.168.200.12:80
backend pve-c-http
mode http
server pve-c 192.168.200.13:80
backend pve-server
mode tcp
balance roundrobin
timeout server 65000
stick-table type ip size 200k expire 60m
stick on src
server pve-a 192.168.200.11:8006
server pve-b 192.168.200.12:8006
server pve-c 192.168.200.13:8006