diff options
author | John Estabrook <jestabro@vyos.io> | 2021-12-10 14:41:23 -0600 |
---|---|---|
committer | John Estabrook <jestabro@vyos.io> | 2021-12-14 09:53:35 -0600 |
commit | 1b0007a01fd541b5f31ed94518e786a998bd6f43 (patch) | |
tree | 6e65e64f79a6f97fc1ca3667f468ba129ac0154b | |
parent | ce2b74fbcd5718a88bcaa26e1aa2b31549fcc5bb (diff) | |
download | vyos-1x-1b0007a01fd541b5f31ed94518e786a998bd6f43.tar.gz vyos-1x-1b0007a01fd541b5f31ed94518e786a998bd6f43.zip |
http-api: T4071: allow API to bind to unix domain socket
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
-rw-r--r-- | data/templates/https/nginx.default.tmpl | 4 | ||||
-rw-r--r-- | interface-definitions/https.xml.in | 6 | ||||
-rw-r--r-- | python/vyos/defaults.py | 5 | ||||
-rwxr-xr-x | src/conf_mode/http-api.py | 11 | ||||
-rwxr-xr-x | src/conf_mode/https.py | 2 | ||||
-rwxr-xr-x | src/services/vyos-http-api-server | 14 |
6 files changed, 31 insertions, 11 deletions
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl index d25e5193a..968ba806c 100644 --- a/data/templates/https/nginx.default.tmpl +++ b/data/templates/https/nginx.default.tmpl @@ -43,7 +43,11 @@ server { # proxy settings for HTTP API, if enabled; 503, if not location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) { {% if server.api %} +{% if server.api.socket %} + proxy_pass http://unix:/run/api.sock; +{% else %} proxy_pass http://localhost:{{ server.api.port }}; +{% endif %} proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_read_timeout 600; diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index 6490099fd..58cb70cd7 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -101,6 +101,12 @@ <hidden/> </properties> </leafNode> + <leafNode name="socket"> + <properties> + <help>Run server on Unix domain socket</help> + <valueless/> + </properties> + </leafNode> </children> </node> <node name="api-restrict"> diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index 7e62d2b13..9bdb65012 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -46,8 +46,9 @@ https_data = { api_data = { 'listen_address' : '127.0.0.1', 'port' : '8080', - 'strict' : 'false', - 'debug' : 'false', + 'socket' : False, + 'strict' : False, + 'debug' : False, 'api_keys' : [ {"id": "testapp", "key": "qwerty"} ] } diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py index 4bfcbeb47..cd0191599 100755 --- a/src/conf_mode/http-api.py +++ b/src/conf_mode/http-api.py @@ -31,7 +31,7 @@ from vyos.util import call from vyos import airbag airbag.enable() -config_file = '/etc/vyos/http-api.conf' +api_conf_file = '/etc/vyos/http-api.conf' vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode'] @@ -55,10 +55,13 @@ def get_config(config=None): conf.set_level('service https api') if conf.exists('strict'): - http_api['strict'] = 'true' + http_api['strict'] = True if conf.exists('debug'): - http_api['debug'] = 'true' + http_api['debug'] = True + + if conf.exists('socket'): + http_api['socket'] = True if conf.exists('port'): port = conf.return_value('port') @@ -88,7 +91,7 @@ def generate(http_api): if not os.path.exists('/etc/vyos'): os.mkdir('/etc/vyos') - with open(config_file, 'w') as f: + with open(api_conf_file, 'w') as f: json.dump(http_api, f, indent=2) return None diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index 05f245509..96c50b4b5 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -123,6 +123,8 @@ def get_config(config=None): vhosts = https_dict.get('api-restrict', {}).get('virtual-host', []) if vhosts: api_data['vhost'] = vhosts[:] + if 'socket' in list(api_settings): + api_data['socket'] = True if api_data: vhost_list = api_data.get('vhost', []) diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server index aa7ac6708..f79058683 100755 --- a/src/services/vyos-http-api-server +++ b/src/services/vyos-http-api-server @@ -640,15 +640,19 @@ if __name__ == '__main__': app.state.vyos_session = config_session app.state.vyos_keys = server_config['api_keys'] - app.state.vyos_debug = bool(server_config['debug'] == 'true') - app.state.vyos_strict = bool(server_config['strict'] == 'true') + app.state.vyos_debug = server_config['debug'] + app.state.vyos_strict = server_config['strict'] api.graphql.state.settings['app'] = app try: - uvicorn.run(app, host=server_config["listen_address"], - port=int(server_config["port"]), - proxy_headers=True) + if not server_config['socket']: + uvicorn.run(app, host=server_config["listen_address"], + port=int(server_config["port"]), + proxy_headers=True) + else: + uvicorn.run(app, uds="/run/api.sock", + proxy_headers=True) except OSError as err: logger.critical(f"OSError {err}") sys.exit(1) |