{"id":28586248,"url":"https://github.com/patbec/ansible-proxmox-https","last_synced_at":"2026-04-28T01:33:12.136Z","repository":{"id":297656077,"uuid":"997465498","full_name":"patbec/ansible-proxmox-https","owner":"patbec","description":"This allows you to access Proxmox VE via the port 443.","archived":false,"fork":false,"pushed_at":"2025-06-24T16:03:56.000Z","size":6,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2026-04-01T13:40:42.303Z","etag":null,"topics":["ansible","https","nginx","proxmox"],"latest_commit_sha":null,"homepage":"","language":"YAML","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/patbec.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-06-06T15:15:03.000Z","updated_at":"2025-06-24T16:03:59.000Z","dependencies_parsed_at":"2025-06-06T17:39:23.899Z","dependency_job_id":null,"html_url":"https://github.com/patbec/ansible-proxmox-https","commit_stats":null,"previous_names":["patbec/ansible-proxmox-https"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/patbec/ansible-proxmox-https","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patbec%2Fansible-proxmox-https","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patbec%2Fansible-proxmox-https/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patbec%2Fansible-proxmox-https/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patbec%2Fansible-proxmox-https/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/patbec","download_url":"https://codeload.github.com/patbec/ansible-proxmox-https/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/patbec%2Fansible-proxmox-https/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32362781,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-27T20:07:02.737Z","status":"ssl_error","status_checked_at":"2026-04-27T20:07:00.910Z","response_time":128,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ansible","https","nginx","proxmox"],"created_at":"2025-06-11T07:00:36.026Z","updated_at":"2026-04-28T01:33:12.120Z","avatar_url":"https://github.com/patbec.png","language":"YAML","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Ansible Proxmox\n\nThis allows you to access \u003cb\u003eProxmox VE\u003c/b\u003e via the port 443. There is an issue in the [official documentation](https://pve.proxmox.com/wiki/Web_Interface_Via_Nginx_Proxy) (as of 2025), the NGINX web server is not reloaded if the certificate has been updated by Promxox.\n\n## Webserver\n\nProxmox provides access to the API and web interface via port `8006`. To offer access via the standard HTTPS port, NGINX is installed in the light version.\n\nNGINX requires a valid certificate, this can be configured via the interface under [ACME](https://pve.proxmox.com/wiki/Certificate_Management). After the correct setup, Proxmox will manage the certificate and renew it automatically. NGINX will use this certificate and **automatically reload it after a renewal by Proxmox**. See the next step for technical details.\n\n## How it works\n\nConfigure on the Proxmox an **ACME** first, so the certificate `/etc/pve/local/pveproxy-ssl.pem` is created.\n\n- If the certificate is renewed by Proxmox, the web server is **automatically reloaded**. This is made possible with the systemd option [`ReloadPropagatedFrom`](https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#PropagatesReloadTo=).\n\n- If no ACME has been set up, the service is **ignored when booting**. This is controlled by the [`ConditionPathExists`](https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#AssertArchitecture=) option. If the service has been ignored, it remains deactivated until Proxmox is restarted.\u003cbr\u003eThere is a check in the Ansible playbook if ACME has been set up, without a valid configuration the execution of the playbook will be **aborted at the beginning**.\n\n- If an existing ACME configuration is deleted in the Proxmox interface, the old certificate files remain available. The NGINX web server remains active and will respond with an expired certificate.\n\nThese options are stored in the NGINX extended service file under `/etc/systemd/system/nginx.service.d/override.conf`:\n```ini\n# {{ ansible_managed }}\n\n[Unit]\n# The path /etc/pve/local is only available after this service.\nRequires=pve-cluster.service\nAfter=pve-cluster.service\n\n# The web server requires an existing certificate. The service is only\n# activated if an automatic certificate management environment (ACME)\n# has been set up in Promxox.\nConditionPathExists=/etc/pve/local/pveproxy-ssl.pem\nConditionPathExists=/etc/pve/local/pveproxy-ssl.key\n\n# When systemd reload the unit listed here, the action is\n# propagated to this unit. This occurs when the certificate is updated.\nReloadPropagatedFrom=pveproxy.service\n```\n\n\u003e You can edit this file directly for test purposes using the command `sudo systemctl edit nginx`.\n\n## Versions\n\nThe following versions were tested:\n\n✅ Proxmox VE 7.4-xx\n\n\u003e This project should not be used on production servers without testing.","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatbec%2Fansible-proxmox-https","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpatbec%2Fansible-proxmox-https","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpatbec%2Fansible-proxmox-https/lists"}