Age | Commit message (Collapse) | Author | |
---|---|---|---|
2023-11-23 | https api: T5772: check if keys are configured | Daniil Baturin | |
unless PAM auth is enabled for GraphQL (cherry picked from commit 8c450ea7f538beb0b2cd21d35c05d18db49a1802) | |||
2023-11-22 | http: T5762: rename "virtual-host listen-port" -> "virtual-host port" | Christian Breunig | |
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components. (cherry picked from commit 0e885f1bf01424130b6876e769cc42612b19351b) | |||
2023-11-20 | http: T5762: api: make API socket backend communication the one and only default | Christian Breunig | |
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy. (cherry picked from commit f5e43b1361fb59a9c260739bdb28729d5119507c) | |||
2023-07-15 | T5195: vyos.util -> vyos.utils package refactoring part #2 | Christian Breunig | |
2023-07-14 | T5195: vyos.util -> vyos.utils package refactoring (#2093) | Christian Breunig | |
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io | |||
2023-03-31 | http-api: T5126: allow restricting client IP address | John Estabrook | |
2023-01-14 | systemd: T2185: always place generated override files in /run | Christian Breunig | |
This prevents any stale override files when the system is beeing rebooted, but the actual configuration was not saved. /run is a tmpfs and thus always fresh after boot. | |||
2022-08-23 | https: T4597: Verify bind port before apply HTTPS API service | Viacheslav Hletenko | |
If Nginx address/port is already binded to another service (for exampmle openconnect default port 443) https api cannot start and we don't see any error in the output. Add this check before applying service/commit | |||
2022-05-01 | http: api: T4353: fix Jinja2 linting errors | Christian Poessinger | |
2021-12-25 | https: T1443: remove duplicate CLI definition | Christian Poessinger | |
2021-12-13 | http-api: T4071: allow API to bind to unix domain socket | John Estabrook | |
2021-12-06 | https: T4055: add vrf support | Christian Poessinger | |
2021-12-06 | https: pki: T3642: remove debug print() | Christian Poessinger | |
Remove superfluous print() statement added in commit 0852c588d55 ("https: pki: T3642: embed CA certificate into chain if specified"). | |||
2021-10-29 | https: pki: T3642: embed CA certificate into chain if specified | Christian Poessinger | |
2021-07-22 | pki: https: T3642: Migrate HTTPS to use PKI configuration | sarthurdev | |
2020-11-27 | vyos.template: T2720: always enable Jinja2 trim_blocks feature | Christian Poessinger | |
2020-08-31 | T2636: remove workarounds for get_config_dict() | Christian Poessinger | |
Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on multi node by default") is implemented the workarounds can be removed. | |||
2020-08-31 | configd: T2582: add scripts to include list for daemon | John Estabrook | |
2020-08-26 | https: T2830: update to use get_config_dict | John Estabrook | |
2020-08-19 | https: T2815: adjust for change in certbot config directory | John Estabrook | |
2020-05-29 | airbag: T2088: explicit enabling of the feature | Thomas Mangin | |
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing) | |||
2020-05-19 | util: T2467: add systemctl to autosudo | Thomas Mangin | |
2020-04-12 | template: T2230: use render to generate templates | Thomas Mangin | |
convert all call to jinja to use template.render | |||
2020-04-09 | util: T2226: os.system was wrongly converted to run | Thomas Mangin | |
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code. | |||
2020-04-07 | http api: T2160: Fix error message when api proxy restricted. | John Estabrook | |
2020-04-07 | http api: T2160: move 'api virtual-host' to 'api-restrict virtual-host' | John Estabrook | |
Restriction of api proxy should be owned by https.py, not http-api.py. | |||
2020-04-06 | util: T2226: covert most calls from os.system to util | Thomas Mangin | |
As little change a possible but the function call The behaviour should be totally unchanged. | |||
2020-04-05 | https: T2230: move inlined templates to dedicated files | Christian Poessinger | |
2020-03-30 | http api: T2160: allow restricting HTTP API to specific servers | John Estabrook | |
By default, the HTTP API will be proxied by any nginx virtual server. Allow specifying a subset of servers to act as proxy. | |||
2020-03-24 | service https: T2157: Organize server block directives as 'virtual host' | John Estabrook | |
2020-03-11 | http api: T2096: Added show and generate | Matthias Fetzer | |
2020-02-25 | [service https] T1443: set default HTTPS listen port | John Estabrook | |
2020-02-21 | [service https] T1443: bug: set HTTPS listen port for listen-address '*' | John Estabrook | |
2020-02-10 | service https: T1585: add missing check in verify() | John Estabrook | |
2020-02-05 | service https: T1585: add support for letsencrypt certificates | John Estabrook | |
2019-11-14 | [service https] T1443: add setting of HTTPS listen port | John Estabrook | |
2019-10-23 | [service https] T1443: organize internal data by server block | John Estabrook | |
2019-10-23 | [HTTP API] Add endpoints for config file and image management. | Daniil Baturin | |
2019-09-04 | [service https] T1443: rename "server-names" option to "server-name". | Daniil Baturin | |
2019-09-04 | [service https] T1443: correct the listen-address option in the script. | Daniil Baturin | |
2019-08-27 | [service https] T1443: Correct the use of listen/server_name directives | John Estabrook | |
2019-08-14 | [service https] T1443: add self-signed TLS certificate | John Estabrook | |
2019-08-14 | [service https] T1443: move https and api default data to vyos.defaults | John Estabrook | |
2019-08-07 | [service https] T1443: reset defaults on 'delete service https api' | John Estabrook | |
2019-07-01 | [service https] T1443: add service https and service https api | John Estabrook | |