summaryrefslogtreecommitdiff
path: root/src/conf_mode/https.py
diff options
context:
space:
mode:
Diffstat (limited to 'src/conf_mode/https.py')
-rwxr-xr-xsrc/conf_mode/https.py27
1 files changed, 16 insertions, 11 deletions
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index dae51dd7d..289eacf69 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -21,6 +21,7 @@ import os
import jinja2
+import vyos.defaults
from vyos.config import Config
from vyos import ConfigError
@@ -45,20 +46,28 @@ server {
#
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
+
+{% if vyos_cert %}
+ include {{ vyos_cert.conf }};
+{% else %}
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
include snippets/snakeoil.conf;
+{% endif %}
{% for l_addr in listen_address %}
server_name {{ l_addr }};
{% endfor %}
- location / {
+ # proxy settings for HTTP API, if enabled; 503, if not
+ location ~ /(retrieve|configure) {
{% if api %}
proxy_pass http://localhost:{{ api.port }};
proxy_buffering off;
+{% else %}
+ return 503;
{% endif %}
}
@@ -72,16 +81,8 @@ server {
}
"""
-default_config_data = {
- 'listen_address' : [ '127.0.0.1' ]
-}
-
-default_api_config_data = {
- 'port' : '8080',
-}
-
def get_config():
- https = default_config_data
+ https = vyos.defaults.https_data
conf = Config()
if not conf.exists('service https'):
return None
@@ -92,8 +93,12 @@ def get_config():
addrs = conf.return_values('listen-address')
https['listen_address'] = addrs[:]
+ if conf.exists('certificates'):
+ if conf.exists('certificates system-generated-certificate'):
+ https['vyos_cert'] = vyos.defaults.vyos_cert_data
+
if conf.exists('api'):
- https['api'] = default_api_config_data
+ https['api'] = vyos.defaults.api_data
if conf.exists('api port'):
port = conf.return_value('api port')