proxmox-mirrors/pve-docs
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-docs synced 2025-06-12 21:46:07 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

pveproxy.adoc: add docs from current man page

Browse Source
This commit is contained in:
Dietmar Maurer 2016-04-10 10:47:52 +02:00
parent 96f2beeb13
commit eb64142936
1 changed files with 56 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
pveproxy.adoc
View File

@ -20,7 +20,7 @@ endif::manvolnum[]
ifndef::manvolnum[]
{pve} API Proxy Daemon
================
======================
include::attributes.txt[]
endif::manvolnum[]
@ -29,10 +29,63 @@ HTTPS. It runs as user 'www-data' and has very limited permissions.
Operation requiring more permissions are forwarded to the local
'pvedaemon'.
Request targeted for other nodes are automatically forwarded to that
node. This means that you can manage your whole cluster by connecting
Requests targeted for other nodes are automatically forwarded to those
nodes. This means that you can manage your whole cluster by connecting
to a single {pve} node.
Host based Access Control
-------------------------
It is possible to configure "apache2" like access control
lists. Values are read from file '/etc/default/pveproxy'. For example:
----
ALLOW_FROM="10.0.0.1-10.0.0.5,192.168.0.0/22"
DENY_FROM="all"
POLICY="allow"
----
IP addresses can be specified using any syntax understood by `Net::IP`. The
name 'all' is an alias for '0/0'.
The default policy is 'allow'.
[width="100%",options="header"]
|===========================================================
| Match | POLICY=deny | POLICY=allow
| Match Allow only | allow | allow
| Match Deny only | deny | deny
| No match | deny | allow
| Match Both Allow & Deny | deny | allow
|===========================================================
SSL Cipher Suite
----------------
You can define the cipher list in '/etc/default/pveproxy', for example
CIPHERS="HIGH:MEDIUM:!aNULL:!MD5"
Above is the default. See the ciphers(1) man page from the openssl
package for a list of all available options.
Diffie-Hellman Parameters
-------------------------
You can define the used Diffie-Hellman parameters in
'/etc/default/pveproxy' by setting `DHPARAMS` to the path of a file
containing DH parameters in PEM format, for example
DHPARAMS="/path/to/dhparams.pem"
If this option is not set, the built-in 'skip2048' parameters will be
used.
NOTE: DH parameters are only used if a cipher suite utilizing the DH key
exchange algorithm is negotiated.
ifdef::manvolnum[]
include::pve-copyright.adoc[]