pikvm:https_certificates_for_services_on_other_machines
Table of Contents
HTTPS certificates for services on other machines
For example we want to termninate https connections for nextcloud running on TrueNAS on the PiKVM.
Create or expand the certbot setup
See the PiKVM docs:
kvmd-certbot certonly_webroot --agree-tos -n --email simar@gmx.net -d pikvm.machine-deck.jeffries-tube.at,opensky.machine-deck.jeffries-tube.at # or kvmd-certbot certonly_webroot --agree-tos -n --email simar@gmx.net --expand -d pikvm.machine-deck.jeffries-tube.at,opensky.machine-deck.jeffries-tube.at
Configure the virtual host
For example for opensky, create a directory /usr/share/kvmd/extras/opensky and then create with nano: nano /usr/share/kvmd/extras/opensky/nginx.ctx-http.conf:
server {
server_name opensky.machine-deck.jeffries-tube.at;
listen [::1]:443 ssl proxy_protocol;
http2 on;
include /etc/kvmd/nginx/ssl.conf;
location / {
proxy_redirect off;
proxy_set_header host opensky.machine-deck.jeffries-tube.at;
proxy_set_header x-real-ip $remote_addr;
proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
proxy_set_header x-forwarded-proto https;
proxy_set_header front-end-https on;
client_max_body_size 20m;
proxy_pass http://192.168.1.150:30027;
}
location /.well-known/carddav {
return 301 $scheme://$host/remote.php/dav;
}
location /.well-known/caldav {
return 301 $scheme://$host/remote.php/dav;
}
location ^~ /.well-known {
return 301 $scheme://$host/index.php$uri;
}
}
Service configurations
nextcloud
Edit the config.php for example in the container nextcloud is running in:
[...], 'trusted_domains' => array ( 0 => '127.0.0.1', 1 => 'localhost', 2 => 'nextcloud', 3 => 'opensky.machine-deck.jeffries-tube.at', ), 'overwriteprotocol' => 'https', 'trusted_proxies' => ['192.168.1.235'], 'forwarded_for_headers' => ['HTTP_X_FORWARDED', 'X_REAL_IP', 'FRONT_END_HTTPS', 'X_FORWARDED_PROTO'],
pikvm/https_certificates_for_services_on_other_machines.txt · Last modified: by admin