<?xml version="1.0"?> <interfaceDefinition> <node name="service"> <children> <node name="https" owner="${vyos_conf_scripts_dir}/https.py"> <properties> <help>HTTPS configuration</help> <priority>1001</priority> </properties> <children> <tagNode name="virtual-host"> <properties> <help>Identifier for virtual host</help> <constraint> <regex>[a-zA-Z0-9-_.:]{1,255}</regex> </constraint> <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage> </properties> <children> <leafNode name="listen-address"> <properties> <help>Address to listen for HTTPS requests</help> <completionHelp> <script>${vyos_completion_dir}/list_local_ips.sh --both</script> </completionHelp> <valueHelp> <format>ipv4</format> <description>HTTPS IPv4 address</description> </valueHelp> <valueHelp> <format>ipv6</format> <description>HTTPS IPv6 address</description> </valueHelp> <valueHelp> <format>'*'</format> <description>any</description> </valueHelp> <constraint> <validator name="ipv4-address"/> <validator name="ipv6-address"/> <regex>\*</regex> </constraint> </properties> </leafNode> <leafNode name='listen-port'> <properties> <help>Port to listen for HTTPS requests; default 443</help> <valueHelp> <format>u32:1-65535</format> <description>Numeric IP port</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 1-65535"/> </constraint> </properties> </leafNode> <leafNode name="server-name"> <properties> <help>Server names: exact, wildcard, or regex</help> <multi/> </properties> </leafNode> #include <include/allow-client.xml.i> </children> </tagNode> <node name="api" owner="${vyos_conf_scripts_dir}/http-api.py"> <properties> <help>VyOS HTTP API configuration</help> <priority>1002</priority> </properties> <children> #include <include/port-number.xml.i> <node name="keys"> <properties> <help>HTTP API keys</help> </properties> <children> <tagNode name="id"> <properties> <help>HTTP API id</help> </properties> <children> <leafNode name="key"> <properties> <help>HTTP API plaintext key</help> </properties> </leafNode> </children> </tagNode> </children> </node> <leafNode name="strict"> <properties> <help>Enforce strict path checking</help> <valueless/> </properties> </leafNode> <leafNode name="debug"> <properties> <help>Debug</help> <valueless/> <hidden/> </properties> </leafNode> <leafNode name="socket"> <properties> <help>Run server on Unix domain socket</help> <valueless/> </properties> </leafNode> <node name="graphql"> <properties> <help>GraphQL support</help> </properties> <children> <leafNode name="introspection"> <properties> <help>Schema introspection</help> <valueless/> </properties> </leafNode> <node name="authentication"> <properties> <help>GraphQL authentication</help> </properties> <children> <leafNode name="type"> <properties> <help>Authentication type</help> <completionHelp> <list>key token</list> </completionHelp> <valueHelp> <format>key</format> <description>Use API keys</description> </valueHelp> <valueHelp> <format>token</format> <description>Use JWT token</description> </valueHelp> <constraint> <regex>(key|token)</regex> </constraint> </properties> <defaultValue>key</defaultValue> </leafNode> <leafNode name="expiration"> <properties> <help>Token time to expire in seconds</help> <valueHelp> <format>u32:60-31536000</format> <description>Token lifetime in seconds</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 60-31536000"/> </constraint> </properties> <defaultValue>3600</defaultValue> </leafNode> <leafNode name="secret-length"> <properties> <help>Length of shared secret in bytes</help> <valueHelp> <format>u32:16-65535</format> <description>Byte length of generated shared secret</description> </valueHelp> <constraint> <validator name="numeric" argument="--range 16-65535"/> </constraint> </properties> <defaultValue>32</defaultValue> </leafNode> </children> </node> </children> </node> <node name="cors"> <properties> <help>Set CORS options</help> </properties> <children> <leafNode name="allow-origin"> <properties> <help>Allow resource request from origin</help> <multi/> </properties> </leafNode> </children> </node> </children> </node> <node name="api-restrict"> <properties> <help>Restrict api proxy to subset of virtual hosts</help> </properties> <children> <leafNode name="virtual-host"> <properties> <help>Restrict proxy to virtual host(s)</help> <multi/> </properties> </leafNode> </children> </node> <node name="certificates"> <properties> <help>TLS certificates</help> </properties> <children> #include <include/pki/ca-certificate.xml.i> #include <include/pki/certificate.xml.i> <node name="certbot" owner="${vyos_conf_scripts_dir}/le_cert.py"> <properties> <help>Request or apply a letsencrypt certificate for domain-name</help> </properties> <children> <leafNode name="domain-name"> <properties> <help>Domain name(s) for which to obtain certificate</help> <multi/> </properties> </leafNode> <leafNode name="email"> <properties> <help>Email address to associate with certificate</help> </properties> </leafNode> </children> </node> </children> </node> #include <include/interface/vrf.xml.i> </children> </node> </children> </node> </interfaceDefinition>