summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2021-12-10 14:41:23 -0600
committerJohn Estabrook <jestabro@vyos.io>2021-12-14 09:53:35 -0600
commit1b0007a01fd541b5f31ed94518e786a998bd6f43 (patch)
tree6e65e64f79a6f97fc1ca3667f468ba129ac0154b
parentce2b74fbcd5718a88bcaa26e1aa2b31549fcc5bb (diff)
downloadvyos-1x-1b0007a01fd541b5f31ed94518e786a998bd6f43.tar.gz
vyos-1x-1b0007a01fd541b5f31ed94518e786a998bd6f43.zip
http-api: T4071: allow API to bind to unix domain socket
(cherry picked from commit 0e3c35e6517f5cfebb4206c735a2ea976a7fd383)
-rw-r--r--data/templates/https/nginx.default.tmpl4
-rw-r--r--interface-definitions/https.xml.in6
-rw-r--r--python/vyos/defaults.py5
-rwxr-xr-xsrc/conf_mode/http-api.py11
-rwxr-xr-xsrc/conf_mode/https.py2
-rwxr-xr-xsrc/services/vyos-http-api-server14
6 files changed, 31 insertions, 11 deletions
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index d25e5193a..968ba806c 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -43,7 +43,11 @@ server {
# proxy settings for HTTP API, if enabled; 503, if not
location ~ /(retrieve|configure|config-file|image|generate|show|docs|openapi.json|redoc|graphql) {
{% if server.api %}
+{% if server.api.socket %}
+ proxy_pass http://unix:/run/api.sock;
+{% else %}
proxy_pass http://localhost:{{ server.api.port }};
+{% endif %}
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 600;
diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in
index 6490099fd..58cb70cd7 100644
--- a/interface-definitions/https.xml.in
+++ b/interface-definitions/https.xml.in
@@ -101,6 +101,12 @@
<hidden/>
</properties>
</leafNode>
+ <leafNode name="socket">
+ <properties>
+ <help>Run server on Unix domain socket</help>
+ <valueless/>
+ </properties>
+ </leafNode>
</children>
</node>
<node name="api-restrict">
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index 7e62d2b13..9bdb65012 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -46,8 +46,9 @@ https_data = {
api_data = {
'listen_address' : '127.0.0.1',
'port' : '8080',
- 'strict' : 'false',
- 'debug' : 'false',
+ 'socket' : False,
+ 'strict' : False,
+ 'debug' : False,
'api_keys' : [ {"id": "testapp", "key": "qwerty"} ]
}
diff --git a/src/conf_mode/http-api.py b/src/conf_mode/http-api.py
index 4bfcbeb47..cd0191599 100755
--- a/src/conf_mode/http-api.py
+++ b/src/conf_mode/http-api.py
@@ -31,7 +31,7 @@ from vyos.util import call
from vyos import airbag
airbag.enable()
-config_file = '/etc/vyos/http-api.conf'
+api_conf_file = '/etc/vyos/http-api.conf'
vyos_conf_scripts_dir=vyos.defaults.directories['conf_mode']
@@ -55,10 +55,13 @@ def get_config(config=None):
conf.set_level('service https api')
if conf.exists('strict'):
- http_api['strict'] = 'true'
+ http_api['strict'] = True
if conf.exists('debug'):
- http_api['debug'] = 'true'
+ http_api['debug'] = True
+
+ if conf.exists('socket'):
+ http_api['socket'] = True
if conf.exists('port'):
port = conf.return_value('port')
@@ -88,7 +91,7 @@ def generate(http_api):
if not os.path.exists('/etc/vyos'):
os.mkdir('/etc/vyos')
- with open(config_file, 'w') as f:
+ with open(api_conf_file, 'w') as f:
json.dump(http_api, f, indent=2)
return None
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 05f245509..96c50b4b5 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -123,6 +123,8 @@ def get_config(config=None):
vhosts = https_dict.get('api-restrict', {}).get('virtual-host', [])
if vhosts:
api_data['vhost'] = vhosts[:]
+ if 'socket' in list(api_settings):
+ api_data['socket'] = True
if api_data:
vhost_list = api_data.get('vhost', [])
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index aa7ac6708..f79058683 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -640,15 +640,19 @@ if __name__ == '__main__':
app.state.vyos_session = config_session
app.state.vyos_keys = server_config['api_keys']
- app.state.vyos_debug = bool(server_config['debug'] == 'true')
- app.state.vyos_strict = bool(server_config['strict'] == 'true')
+ app.state.vyos_debug = server_config['debug']
+ app.state.vyos_strict = server_config['strict']
api.graphql.state.settings['app'] = app
try:
- uvicorn.run(app, host=server_config["listen_address"],
- port=int(server_config["port"]),
- proxy_headers=True)
+ if not server_config['socket']:
+ uvicorn.run(app, host=server_config["listen_address"],
+ port=int(server_config["port"]),
+ proxy_headers=True)
+ else:
+ uvicorn.run(app, uds="/run/api.sock",
+ proxy_headers=True)
except OSError as err:
logger.critical(f"OSError {err}")
sys.exit(1)