generate a PKI and trust the Root CA in your browser (using XCA ?)
I used the CN as proxmox.domain.net, and then SAN to every proxmox$i.domain.net to use the same certificate for every node and the Virtual Server IP of the Load balancer (here the Fortigate)
export the certificate chain without the CA(.crt) and the key (.pem)
then copy on every node :
for i in {1..n}; \
do \
scp proxmox.domain.net.crt proxmox5:/etc/pve/nodes/proxmox$i/pve-ssl.pem; \
scp proxmox.domain.net.pem proxmox5:/etc/pve/nodes/proxmox$i/pve-ssl.key; \
ssh proxmox$i systemctl restart pveproxy;\
done
Then I use the Fortigate to load balance :
https://docs.fortinet.com/document/fortigate/6.2.3/cookbook/713497/virtual-server
Aucun commentaire:
Enregistrer un commentaire