Configuration Files¶
All Proxmox Backup Server configuration files reside in the directory
/etc/proxmox-backup/.
acl.cfg¶
File Format¶
This file contains the access control list for the Proxmox Backup Server API.
Each line starts with acl:, followed by 4 additional values
separated by colon.
- propagate:
Propagate permissions down the hierarchy
- path:
The object path
- User/Token:
List of users and tokens
- Role:
List of assigned roles
Here is an example list:
acl:1:/:root@pam!test:Admin
acl:1:/datastore/store1:user1@pbs:DatastoreAdmin
You can use the proxmox-backup-manager acl command to manipulate
this file.
Roles¶
The following roles exist:
datastore.cfg¶
File Format¶
This file contains a list of datastore configuration sections. Each
section starts with the header datastore: <name>, followed by the
datastore configuration options.
datastore: <name1>
path <path1>
<option1> <value1>
...
datastore: <name2>
path <path2>
...
You can use the proxmox-backup-manager datastore command to manipulate
this file.
Options¶
domains.cfg¶
File Format¶
This file contains the list authentication realms.
Each user configuration section starts with the header <realm-type>: <name>,
followed by the realm's configuration options.
For LDAP realms, the LDAP bind password is stored in ldap_passwords.json.
openid: master
client-id pbs
comment
issuer-url http://192.168.0.10:8080/realms/master
username-claim username
ldap: ldap-server
base-dn OU=People,DC=ldap-server,DC=example,DC=com
mode ldaps
server1 192.168.0.10
sync-attributes email=mail
sync-defaults-options enable-new=0,remove-vanished=acl;entry
user-attr uid
user-classes inetorgperson,posixaccount,person,user
You can use the proxmox-backup-manager openid, proxmox-backup-manager
ldap and proxmox-backup-manager ad commands to manipulate this file.
Options¶
media-pool.cfg¶
File Format¶
Each entry starts with the header pool: <name>, followed by the
media pool configuration options.
pool: company1
allocation always
retention overwrite
pool: ...
You can use the proxmox-tape pool command to manipulate this file.
Options¶
node.cfg¶
Options¶
The file contains these options:
- acme:
The ACME account to use on this node.
- acmedomain0:
ACME domain.
- acmedomain1:
ACME domain.
- acmedomain2:
ACME domain.
- acmedomain3:
ACME domain.
- acmedomain4:
ACME domain.
- http-proxy:
Set proxy for apt and subscription checks.
- email-from:
Fallback email from which notifications will be sent.
- ciphers-tls-1.3:
List of TLS ciphers for TLS 1.3 that will be used by the proxy. Colon-separated and in descending priority (https://docs.openssl.org/master/man1/openssl-ciphers/). (Proxy has to be restarted for changes to take effect.)
- ciphers-tls-1.2:
List of TLS ciphers for TLS <= 1.2 that will be used by the proxy. Colon-separated and in descending priority (https://docs.openssl.org/master/man1/openssl-ciphers/). (Proxy has to be restarted for changes to take effect.)
- default-lang:
Default language used in the GUI.
- description:
Node description.
- task-log-max-days:
Maximum days to keep task logs.
For example:
acme: local
acmedomain0: first.domain.com
acmedomain1: second.domain.com
acmedomain2: third.domain.com
acmedomain3: fourth.domain.com
acmedomain4: fifth.domain.com
http-proxy: internal.proxy.com
email-from: proxmox@mail.com
ciphers-tls-1.3: TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_8_SHA256:TLS_CHACHA20_POLY1305_SHA256
ciphers-tls-1.2: RSA_WITH_AES_128_CCM:DHE_RSA_WITH_AES_128_CCM
default-lang: en
description: Primary PBS instance
task-log-max-days: 30
You can use the proxmox-backup-manager node command to manipulate
this file.
notifications.cfg¶
File Format¶
This file contains configuration for notification targets and notification matchers.
Options¶
notifications-priv.cfg¶
File Format¶
This file contains protected credentials for notification targets.
Options¶
tape.cfg¶
File Format¶
Each LTO drive configuration section starts with the header lto: <name>,
followed by the drive configuration options.
Tape changer configurations start with the header changer: <name>,
followed by the changer configuration options.
lto: hh8
changer sl3
path /dev/tape/by-id/scsi-10WT065325-nst
changer: sl3
export-slots 14,15,16
path /dev/tape/by-id/scsi-CJ0JBE0059
You can use the proxmox-tape drive and proxmox-tape changer
commands to manipulate this file.
Note
The virtual: drive type is experimental and should only be used
for debugging.
Options¶
tape-job.cfg¶
File Format¶
Each entry starts with the header backup: <name>, followed by the
job configuration options.
backup: job1
drive hh8
pool p4
store store3
schedule daily
backup: ...
You can use the proxmox-tape backup-job command to manipulate
this file.
Options¶
user.cfg¶
File Format¶
This file contains the list of API users and API tokens.
Each user configuration section starts with the header user: <name>,
followed by the user configuration options.
API token configuration starts with the header token:
<userid!token_name>, followed by the token configuration. The data
used to authenticate tokens is stored in a separate file
(token.shadow).
user: root@pam
comment Superuser
email test@example.local
...
token: root@pam!token1
comment API test token
enable true
expire 0
user: ...
You can use the proxmox-backup-manager user command to manipulate
this file.
Options¶
remote.cfg¶
File Format¶
This file contains information used to access remote servers.
Each entry starts with the header remote: <name>, followed by the
remote configuration options.
remote: server1
host server1.local
auth-id sync@pbs
...
remote: ...
You can use the proxmox-backup-manager remote command to manipulate
this file.
Options¶
sync.cfg¶
File Format¶
Each entry starts with the header sync: <name>, followed by the
job configuration options.
sync: job1
store store1
remote-store store1
remote lina
sync: ...
You can use the proxmox-backup-manager sync-job command to manipulate
this file.
Options¶
verification.cfg¶
File Format¶
Each entry starts with the header verification: <name>, followed by the
job configuration options.
verification: verify-store2
ignore-verified true
outdated-after 7
schedule daily
store store2
verification: ...
You can use the proxmox-backup-manager verify-job command to manipulate
this file.