vyos-1x.git/data/templates/https, branch 1.4.0

vyos-1x.git/data/templates/https, branch 1.4.0 VyOS command definitions, scripts, and utilities (mirror of https://github.com/marekm72/vyos-1x.git) https://git.amelek.net/marekm72/vyos-1x.git/atom?h=1.4.0 2024-03-07T21:03:56+00:00 http-api: T6107: add an option to increase the request body size limit 2024-03-07T21:03:56+00:00 Daniil Baturin daniil@baturin.org 2024-03-07T20:04:56+00:00 urn:sha1:00352f4edadfa536b35112c1d2d2cdf72ffb4cd6 (cherry picked from commit 4792d39bb84991768404f69ff807e43a9979a79e) https: T5902: remove virtual-host configuration 2024-01-10T07:11:39+00:00 Christian Breunig christian@breunig.cc 2024-01-06T09:55:42+00:00 urn:sha1:34eadcf2f74ae57342997bed77ce64bddd34219b We have not seen the adoption of the https virtual-host CLI option. What it did? * Create multiple webservers each listening on a different IP/port (but in the same VRF) * All webservers shared one common document root * All webservers shared the same SSL certificates * All webservers could have had individual allow-client configurations * API could be enabled for a particular virtual-host but was always enabled on the default host This configuration tried to provide a full webserver via the CLI but VyOS is a router and the Webserver is there for an API or to serve files for a local-ui. Changes Remove support for virtual-hosts as it's an incomplete and thus mostly useless "thing". Migrate all allow-client statements to one top-level allow statement. (cherry picked from commit d0d3071e99eb65edb888c26ef2fdc9e038438887) https: T5886: migrate https certbot to new "pki certificate" CLI tree 2024-01-08T20:11:13+00:00 Christian Breunig christian@breunig.cc 2024-01-05T21:35:59+00:00 urn:sha1:1b85e7a9442aa71e2137df44747bd184c4a8b6de (cherry picked from commit 9ab6665c80c30bf446d94620fc9d85b052d48072) T5474: establish common file name pattern for XML conf mode commands 2024-01-01T08:25:32+00:00 Christian Breunig christian@breunig.cc 2023-12-30T22:25:20+00:00 urn:sha1:c9eaafd9f808aba8d29be73054e11d37577e539a We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465) T5767: HTTPS API add reboot and poweroff endpoints 2023-11-21T20:23:14+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-11-21T10:17:53+00:00 urn:sha1:cc4773e23ae9688920a567ba940b88efddbc8d78 Add ability to reboot and poweroff the system via API curl -k --location --request POST 'https://vyos/reboot' \ --form data='{"op": "reboot", "path": ["now"]}' \ --form key='apikey' curl -k --location --request POST 'https://vyos/poweroff' \ --form data='{"op": "poweroff", "path": ["now"]}' \ --form key='apikey' (cherry picked from commit 36f3c329c2df0e78f2f5da933d9729a872fb2a11) http: T5762: api: make API socket backend communication the one and only default 2023-11-20T18:22:08+00:00 Christian Breunig christian@breunig.cc 2023-11-20T09:13:21+00:00 urn:sha1:3280a153713decf28eb5c564573028df19a4e1b1 Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy. (cherry picked from commit f5e43b1361fb59a9c260739bdb28729d5119507c) http-api: T2612: reload server within configsession for api self-config 2023-10-10T18:12:07+00:00 John Estabrook jestabro@vyos.io 2023-10-07T03:27:19+00:00 urn:sha1:9c7a4b43278e2da0c423089100fb0878239e0aa6 (cherry picked from commit 93d2ea7d635c7aa5acf3000654393ea48b7c6405) http-api: T5126: allow restricting client IP address 2023-03-31T17:14:56+00:00 John Estabrook jestabro@vyos.io 2023-03-30T00:48:52+00:00 urn:sha1:11b1d043310833447ddeea3b68fba2a1d1f5799d Merge pull request #1848 from sever-sever/T5029 2023-02-24T16:37:57+00:00 Christian Breunig christian@breunig.cc 2023-02-24T16:37:57+00:00 urn:sha1:73ceaaafa9e7f14c25ccafe0789ba89933ab7b14 T5029: Change nginx default root directory T5029: Change nginx default root directory 2023-02-24T15:38:24+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-02-24T15:04:38+00:00 urn:sha1:d3fa059264bff04c5ea8ee3e03dab4d5cdf6e83d