请教PVE的8006端口怎么可以改成443

afkoolzxxx

防火墙玩不转。。玛德。转发后要么两个都能访问，要么两个都不能访问。
chatgpt给我写了七八个规则都不行。。
老哥防火墙转发解决了给我说一下。。
原理就是1端口转发2端口（内部），然后屏蔽2端口的外部访问。或者使用Nginx代理，比较复杂

Web Interface Via Nginx Proxy
https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy

1. apt install nginx
   
2. rm /etc/nginx/conf.d/default
   
3. rm /etc/nginx/sites-enabled/default
   
4. nano /etc/nginx/conf.d/proxmox.conf
   

复制代码

1. upstream proxmox {
   
2. server "YOUR.FQDN.HOSTNAME.HERE";
   
3. }
   
4. 
   
5. server {
   
6. listen 80 default_server;
   
7. rewrite ^(.*) https://$host$1 permanent;
   
8. }
   
9. 
   
10. server {
    
11. listen 443;
    
12. server_name _;
    
13. ssl on;
    
14. ssl_certificate /etc/pve/local/pve-ssl.pem;
    
15. ssl_certificate_key /etc/pve/local/pve-ssl.key;
    
16. proxy_redirect off;
    
17. location / {
    
18. proxy_http_version 1.1;
    
19. proxy_set_header Upgrade $http_upgrade;
    
20. proxy_set_header Connection "upgrade";
    
21. proxy_pass https://localhost:8006;
    
22. proxy_buffering off;
    
23. client_max_body_size 0;
    
24. proxy_connect_timeout3600s;
    
25. proxy_read_timeout3600s;
    
26. proxy_send_timeout3600s;
    
27. send_timeout3600s;
    
28. }
    
29. }

复制代码

1. systemctl restart nginx

复制代码

After nginx service restarts you should be able to reach the web interface

https://your.fqdn.goes.here

https://your.ip.address.goes.here


ensure that nginx gets only started after the certificates are available

1. systemctl edit nginx.service

复制代码

1. [Unit]
   
2. Requires=pve-cluster.service
   
3. After=pve-cluster.service

复制代码

and save + exit.

Enjoy the web interface on HTTPS port 443

airinf

这样转发后小鸡就不能链接ssl了