howto:vps:proxmox-ve:security
Toto je starší verze dokumentu!
Zabezpečení Proxmox VE
Reverzní proxy před pveproxy
Návod volně založen na http://the-bleeding-edge.info/blog/?p=24
- /etc/default/pveproxy
ALLOW_FROM="127.0.0.1" DENY_FROM="all" POLICY="allow"
/etc/init.d/pveproxy restart
apt install nginx-light
- /etc/nginx/sites-available/proxmox
## Momentalne koliduje s letsencryptem, tak to je zakazany nez to bude mozny nakombinovat #server { # listen 80; # server_name _; # return 302 https://$hostname$request_uri; # #} server { listen 443 ssl; #choose your port or just use 443 server_name _; #place your domain or ip here if needed #root /usr/share/nginx/www; ssl_certificate /etc/letsencrypt/live/pve1.spoje.net/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/pve1.spoje.net/privkey.pem; proxy_redirect off; auth_basic "SPOJE.NET VPS"; auth_basic_user_file /etc/nginx/.htpasswd; #proxy_ssl_verify off; #default location ~ ^.+websocket$ { proxy_pass https://127.0.0.1:8006; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location / { proxy_pass https://127.0.0.1:8006; } }
username=virtual; echo "${username}:`openssl passwd -apr1`" >> /etc/nginx/.htpasswd
/etc/init.d/nginx restart
howto/vps/proxmox-ve/security.1500398885.txt.gz · Poslední úprava: 2017/07/18 19:28 autor: harvie