220 字
1 分钟
PVE 忽略 SSL 证书验证
原因
Proxmox VE (PVE) 默认使用自签名证书,这在生产环境中可能会导致 SSL 证书验证失败。为了避免这种情况,可以在反向代理服务器(如 Nginx 或 Caddy)中配置忽略 SSL 证书验证。
Nginx
server { listen 443 ssl; server_name pve.yourdomain.com;
# 你的域名证书 ssl_certificate /path/to/your/cert.pem; ssl_certificate_key /path/to/your/key.pem;
location / { proxy_pass https://192.168.1.100:8006;
# 关键配置:忽略上游证书验证 proxy_ssl_verify off; proxy_ssl_session_reuse off;
# 标准反向代理配置 proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持(PVE 控制台需要) proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade";
# 超时设置 proxy_connect_timeout 60s; proxy_send_timeout 60s; proxy_read_timeout 60s; }}Caddy
pve.yourdomain.com { reverse_proxy https://pve-server-ip:8006 { transport http { tls_insecure_skip_verify } }}或者更安全的访问控制
pve.yourdomain.com { reverse_proxy https://192.168.1.100:8006 { transport http { tls_insecure_skip_verify # 限制访问来源 } } # 添加访问控制 @internal { remote_ip 192.168.0.0/16 10.0.0.0/8 } handle @internal { reverse_proxy https://192.168.1.100:8006 { transport http { tls_insecure_skip_verify } } } respond 403} PVE 忽略 SSL 证书验证
https://blog.lpkt.cn/posts/pve-ignore-ssl-cert/