220 字
1 分钟
PVE 忽略 SSL 证书验证
原因
Proxmox VE (PVE) 默认使用自签名证书,这在生产环境中可能会导致 SSL 证书验证失败。为了避免这种情况,可以在反向代理服务器(如 Nginx 或 Caddy)中配置忽略 SSL 证书验证。
Nginx
server {
listen 443 ssl;
server_name pve.yourdomain.com;
# 你的域名证书
ssl_certificate /path/to/your/cert.pem;
ssl_certificate_key /path/to/your/key.pem;
location / {
proxy_pass https://192.168.1.100:8006;
# 关键配置:忽略上游证书验证
proxy_ssl_verify off;
proxy_ssl_session_reuse off;
# 标准反向代理配置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# WebSocket 支持(PVE 控制台需要)
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# 超时设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
}Caddy
pve.yourdomain.com {
reverse_proxy https://pve-server-ip:8006 {
transport http {
tls_insecure_skip_verify
}
}
}或者更安全的访问控制
pve.yourdomain.com {
reverse_proxy https://192.168.1.100:8006 {
transport http {
tls_insecure_skip_verify
# 限制访问来源
}
}
# 添加访问控制
@internal {
remote_ip 192.168.0.0/16 10.0.0.0/8
}
handle @internal {
reverse_proxy https://192.168.1.100:8006 {
transport http {
tls_insecure_skip_verify
}
}
}
respond 403
} PVE 忽略 SSL 证书验证
https://blog.lpkt.cn/posts/pve-ignore-ssl-cert/