[pve-devel] [PATCH docs] pveproxy: document LISTEN_IP setting

Stoiko Ivanov s.ivanov at proxmox.com
Fri Apr 23 17:58:14 CEST 2021


Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 pveproxy.adoc | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/pveproxy.adoc b/pveproxy.adoc
index d50d04a..0ea5658 100644
--- a/pveproxy.adoc
+++ b/pveproxy.adoc
@@ -59,6 +59,24 @@ The default policy is `allow`.
 |===========================================================
 
 
+Listening IP
+------------
+
+By setting `LISTEN_IP` in `/etc/default/pveproxy` you can control to which IP
+address the daemon binds. The IP address needs to be configured on the system.
+
+This can be used to listen only to an internal interface and thus have less
+exposure to the public internet:
+
+ LISTEN_IP="192.0.2.1"
+
+Similarly you can also set a n IPv6 address:
+
+ LISTEN_IP="2001:db8:85a3::1"
+
+WARNING: The nodes in a cluster need access to pveproxy for communictation.
+It is not recommended to set `LISTEN_IP` on clustered systems.
+
 SSL Cipher Suite
 ----------------
 
-- 
2.20.1





More information about the pve-devel mailing list