# HTTPS certificates for services on other machines For example we want to termninate https connections for nextcloud running on TrueNAS on the PiKVM. ## Create or expand the certbot setup See [the PiKVM docs](https://docs.pikvm.org/letsencrypt/): ```sh kvmd-certbot certonly_webroot --agree-tos -n --email simar@gmx.net -d pikvm.machine-deck.jeffries-tube.at,opensky.machine-deck.jeffries-tube.at # or kvmd-certbot certonly_webroot --agree-tos -n --email simar@gmx.net --expand -d pikvm.machine-deck.jeffries-tube.at,opensky.machine-deck.jeffries-tube.at ``` ## Configure the virtual host For example for `opensky`, create a directory `/usr/share/kvmd/extras/opensky` and then create with nano: `nano /usr/share/kvmd/extras/opensky/nginx.ctx-http.conf`: ``` server { server_name opensky.machine-deck.jeffries-tube.at; listen [::1]:443 ssl proxy_protocol; http2 on; include /etc/kvmd/nginx/ssl.conf; location / { proxy_redirect off; proxy_set_header host opensky.machine-deck.jeffries-tube.at; proxy_set_header x-real-ip $remote_addr; proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for; proxy_set_header x-forwarded-proto https; proxy_set_header front-end-https on; client_max_body_size 20m; proxy_pass http://192.168.1.150:30027; } location /.well-known/carddav { return 301 $scheme://$host/remote.php/dav; } location /.well-known/caldav { return 301 $scheme://$host/remote.php/dav; } location ^~ /.well-known { return 301 $scheme://$host/index.php$uri; } } ``` ## Service configurations ### nextcloud Edit the `config.php` for example in the container nextcloud is running in: ```php [...], 'trusted_domains' => array ( 0 => '127.0.0.1', 1 => 'localhost', 2 => 'nextcloud', 3 => 'opensky.machine-deck.jeffries-tube.at', ), 'overwriteprotocol' => 'https', 'trusted_proxies' => ['192.168.1.235'], 'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'X_REAL_IP', 'FRONT_END_HTTPS', 'X_FORWARDED_PROTO'], ```