Differences

This shows you the differences between two versions of the page.

--- pikvm:https_certificates_for_services_on_other_machines [2025/02/15 22:16] – created admin
+++ pikvm:https_certificates_for_services_on_other_machines [2025/02/16 00:51] (current) – admin
@@ Line 11: / Line 11: @@
 # or
 kvmd-certbot certonly_webroot --agree-tos -n --email simar@gmx.net --expand -d pikvm.machine-deck.jeffries-tube.at,opensky.machine-deck.jeffries-tube.at
+```
+## Configure the virtual host
+For example for `opensky`, create a directory `/usr/share/kvmd/extras/opensky` and then create with nano: `nano /usr/share/kvmd/extras/opensky/nginx.ctx-http.conf`:
+```
+server {
+  server_name opensky.machine-deck.jeffries-tube.at;
+  listen [::1]:443 ssl proxy_protocol;
+  http2 on;
+  include /etc/kvmd/nginx/ssl.conf;
+  location / {
+        proxy_redirect off;
+        proxy_set_header host opensky.machine-deck.jeffries-tube.at;
+        proxy_set_header x-real-ip $remote_addr;
+        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
+        proxy_set_header x-forwarded-proto https;
+        proxy_set_header front-end-https on;
+        client_max_body_size 20m;
+        proxy_pass http://192.168.1.150:30027;
+        }
+  location /.well-known/carddav {
+      return 301 $scheme://$host/remote.php/dav;
+  }
+  location /.well-known/caldav {
+      return 301 $scheme://$host/remote.php/dav;
+  }
+  location ^~ /.well-known {
+      return 301 $scheme://$host/index.php$uri;
+  }
+}
+```
+## Service configurations
+### nextcloud
+Edit the `config.php` for example in the container nextcloud is running in:
+```php
+  [...],
+  'trusted_domains' =>
+  array (
+=> '127.0.0.1',
+=> 'localhost',
+=> 'nextcloud',
+=> 'opensky.machine-deck.jeffries-tube.at',
+  ),
+  'overwriteprotocol' => 'https',
+  'trusted_proxies' => ['192.168.1.235'],
+  'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'X_REAL_IP', 'FRONT_END_HTTPS', 'X_FORWARDED_PROTO'],
 ```