proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-10-04 19:31:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pveproxy: add some explicit references

Browse Source 
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
This commit is contained in:
Thomas Lamprecht 2023-03-13 10:43:20 +01:00
parent 95117b6cdf
commit 203262f4f5
1 changed files with 16 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
pveproxy.adoc
View File

@ -23,20 +23,20 @@ pveproxy - Proxmox VE API Proxy Daemon
====================================== ======================================
endif::manvolnum[] endif::manvolnum[]
This daemon exposes the whole {pve} API on TCP port 8006 using This daemon exposes the whole {pve} API on TCP port 8006 using HTTPS. It runs
HTTPS. It runs as user `www-data` and has very limited permissions. as user `www-data` and has very limited permissions. Operation requiring more
Operation requiring more permissions are forwarded to the local permissions are forwarded to the local `pvedaemon`.
`pvedaemon`.
Requests targeted for other nodes are automatically forwarded to those Requests targeted for other nodes are automatically forwarded to those nodes.
nodes. This means that you can manage your whole cluster by connecting This means that you can manage your whole cluster by connecting to a single
to a single {pve} node. {pve} node.
[[pveproxy_host_acls]]
Host based Access Control Host based Access Control
------------------------- -------------------------
It is possible to configure ``apache2''-like access control It is possible to configure ``apache2''-like access control lists. Values are
lists. Values are read from file `/etc/default/pveproxy`. For example: read from file `/etc/default/pveproxy`. For example:
---- ----
ALLOW_FROM="10.0.0.1-10.0.0.5,192.168.0.0/22" ALLOW_FROM="10.0.0.1-10.0.0.5,192.168.0.0/22"
@ -59,9 +59,9 @@ The default policy is `allow`.
| Match Both Allow & Deny | deny | allow | Match Both Allow & Deny | deny | allow
|=========================================================== |===========================================================
[[pveproxy_listening_address]]
Listening IP Listening IP Address
------------ --------------------
By default the `pveproxy` and `spiceproxy` daemons listen on the wildcard By default the `pveproxy` and `spiceproxy` daemons listen on the wildcard
address and accept connections from both IPv4 and IPv6 clients. address and accept connections from both IPv4 and IPv6 clients.
@ -167,6 +167,7 @@ used.
NOTE: DH parameters are only used if a cipher suite utilizing the DH key NOTE: DH parameters are only used if a cipher suite utilizing the DH key
exchange algorithm is negotiated. exchange algorithm is negotiated.
[[pveproxy_custom_tls_cert]]
Alternative HTTPS certificate Alternative HTTPS certificate
----------------------------- -----------------------------
@ -188,8 +189,9 @@ NOTE: The included ACME integration does not honor this setting.
See the Host System Administration chapter of the documentation for details. See the Host System Administration chapter of the documentation for details.
COMPRESSION [[pveproxy_response_compression]]
----------- Response Compression
--------------------
By default `pveproxy` uses gzip HTTP-level compression for compressible By default `pveproxy` uses gzip HTTP-level compression for compressible
content, if the client supports it. This can disabled in `/etc/default/pveproxy` content, if the client supports it. This can disabled in `/etc/default/pveproxy`