-
Notifications
You must be signed in to change notification settings - Fork 2
Client Configuration
This guide covers how to configure the PVE4J client for different environments and security requirements.
The simplest way to create a client with an API token:
import fr.freshperf.pve4j.Proxmox;
Proxmox proxmox = Proxmox.create(
"pve.example.com", // Proxmox host
8006, // API port
"root@pam!mytoken=secret" // API token
);This uses the default secure configuration with full SSL/TLS verification.
For username/password authentication:
import fr.freshperf.pve4j.Proxmox;
import fr.freshperf.pve4j.throwable.ProxmoxAPIError;
try {
// With default PAM realm
Proxmox proxmox = Proxmox.createWithPassword(
"pve.example.com",
8006,
"root",
"your-password"
);
// With custom realm
Proxmox proxmox = Proxmox.createWithPassword(
"pve.example.com",
8006,
"admin",
"password",
"ldap", // realm
SecurityConfig.secure()
);
} catch (ProxmoxAPIError | InterruptedException e) {
System.err.println("Authentication failed: " + e.getMessage());
}The createWithPassword() method authenticates with Proxmox and stores the session ticket for subsequent requests.
PVE4J provides flexible security configuration through the SecurityConfig class.
The default configuration is secure and suitable for production:
Proxmox proxmox = Proxmox.create("pve.example.com", 8006, "token");
// Equivalent to:
Proxmox proxmox = Proxmox.create("pve.example.com", 8006, "token", SecurityConfig.secure());This configuration:
- Validates SSL certificates
- Verifies hostname matches certificate
- Rejects self-signed certificates
For development environments with self-signed certificates:
import fr.freshperf.pve4j.SecurityConfig;
Proxmox proxmox = Proxmox.create(
"192.168.1.100",
8006,
"root@pam!mytoken=secret",
SecurityConfig.insecure()
);This configuration:
- Accepts any SSL certificate (including self-signed)
- Skips hostname verification
- Should NOT be used in production
For fine-grained control, use the builder pattern:
SecurityConfig customConfig = SecurityConfig.builder()
.disableSslVerification() // Accept any certificate
.enableHostnameVerification() // But still verify hostname
.build();
Proxmox proxmox = Proxmox.create("pve.example.com", 8006, "token", customConfig);Or inversely:
SecurityConfig customConfig = SecurityConfig.builder()
.enableSslVerification() // Verify certificates
.disableHostnameVerification() // But skip hostname check
.build();Proxmox API tokens follow this format:
USER@REALM!TOKENID=SECRET
Where:
-
USER- Username (e.g.,root) -
REALM- Authentication realm (e.g.,pam,pve) -
TOKENID- Token identifier -
SECRET- Token secret (UUID)
// Root user with PAM authentication
String token = "root@pam!myapp=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx";
// Custom user with PVE authentication
String token = "admin@pve!automation=yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy";The Proxmox host can be:
- Fully qualified domain name:
pve.example.com - Hostname:
proxmox01 - IP address:
192.168.1.100
Common ports:
-
8006- Default Proxmox web interface port (HTTPS) -
443- Alternative HTTPS port if configured
PVE4J always uses HTTPS. The protocol is automatically added to the host.
public class ProxmoxConfig {
public static Proxmox createProductionClient() {
return Proxmox.create(
System.getenv("PROXMOX_HOST"),
Integer.parseInt(System.getenv("PROXMOX_PORT")),
System.getenv("PROXMOX_TOKEN"),
SecurityConfig.secure()
);
}
}Use environment variables for sensitive configuration:
export PROXMOX_HOST=pve.example.com
export PROXMOX_PORT=8006
export PROXMOX_TOKEN=root@pam!mytoken=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxpublic class ProxmoxConfig {
public static Proxmox createDevClient() {
return Proxmox.create(
"localhost",
8006,
"root@pam!dev=dev-token",
SecurityConfig.insecure()
);
}
}For integration tests:
import org.junit.jupiter.api.BeforeAll;
public class ProxmoxIntegrationTest {
private static Proxmox proxmox;
@BeforeAll
public static void setup() {
String host = System.getProperty("test.proxmox.host", "localhost");
int port = Integer.parseInt(System.getProperty("test.proxmox.port", "8006"));
String token = System.getProperty("test.proxmox.token");
proxmox = Proxmox.create(host, port, token, SecurityConfig.insecure());
}
}Run tests with:
./gradlew test -Dtest.proxmox.host=192.168.1.100 \
-Dtest.proxmox.port=8006 \
-Dtest.proxmox.token="root@pam!test=secret"PVE4J uses Java's built-in HttpClient under the hood. The client is automatically configured with:
- Connection timeout: Default system timeout
- Request timeout: No timeout (long-running tasks are supported)
- SSL context: Based on
SecurityConfig
The Proxmox client can be reused across multiple requests. Create one instance and share it:
public class ProxmoxManager {
private static final Proxmox INSTANCE = Proxmox.create(
System.getenv("PROXMOX_HOST"),
Integer.parseInt(System.getenv("PROXMOX_PORT")),
System.getenv("PROXMOX_TOKEN")
);
public static Proxmox getInstance() {
return INSTANCE;
}
}When you're done using PVE4J, shut down global resources (thread pools for async task management):
Proxmox.shutdownGlobalResources();Symptom: SSLHandshakeException or certificate validation errors
Solutions:
- Ensure you're using a valid SSL certificate in production
- For self-signed certificates, use
SecurityConfig.insecure()(development only) - Import the self-signed certificate into Java's trust store
Symptom: Hostname verification errors
Solutions:
- Ensure your certificate includes the correct hostname/IP
- Use the hostname that matches the certificate
- Temporarily disable hostname verification for testing (not recommended for production)
Symptom: Connection takes too long or times out
Solutions:
- Verify network connectivity to Proxmox host
- Check firewall rules
- Ensure Proxmox API is running (port 8006 accessible)
- Authentication - Detailed authentication guide
- Request API - Understanding the request API
- Getting Started - Basic usage examples
Getting Started
Core Concepts
Resource Management
Infrastructure
Security
Community