diff options
author | John Estabrook <jestabro@vyos.io> | 2020-03-30 14:12:24 -0500 |
---|---|---|
committer | John Estabrook <jestabro@vyos.io> | 2020-03-30 14:12:24 -0500 |
commit | 14cf1f452da7b1958415b1bc2beaad43316bb729 (patch) | |
tree | 72602ebc668809307ff9e33f1e97c8dd44733bd3 /docs | |
parent | 39a3c0555e15c0f127b5906b4dd51e52006f8811 (diff) | |
download | vyos-documentation-14cf1f452da7b1958415b1bc2beaad43316bb729.tar.gz vyos-documentation-14cf1f452da7b1958415b1bc2beaad43316bb729.zip |
http api: T2160: update docs regarding restricting HTTP API proxy
Diffstat (limited to 'docs')
-rw-r--r-- | docs/appendix/http-api.rst | 23 |
1 files changed, 21 insertions, 2 deletions
diff --git a/docs/appendix/http-api.rst b/docs/appendix/http-api.rst index fbf17c5a..731ca072 100644 --- a/docs/appendix/http-api.rst +++ b/docs/appendix/http-api.rst @@ -13,9 +13,28 @@ VyOS HTTP API can be enabled through the ``set service https api`` command. set service https api debug set service https api keys id MY-HTTP-API-ID key MY-HTTP-API-PLAINTEXT-KEY - set service https listen-address 192.168.122.127 -The local API process listens on localhost:8080, and nginx exposes it on 192.168.122.127:443 in this example. +The local API process listens on localhost:8080, and nginx exposes it on all +virtual servers, by default. For the purpose of illustration below, we will +assume nginx is running at https://192.168.122.127. + +One can limit proxying to specific listen addresses/ports/server-names by +defining a ``service https virtual-host <id>``, and setting ``service https +api virtual-host <id>``. + +.. code-block:: none + + set service https virtual-host example listen-address 192.168.122.127 + set service https virtual-host example listen-port 44302 + set service https virtual-host example server-name example.net + + set service https api virtual-host example + +In this example, nginx will proxy only those requests to +192.168.122.127:44302 or example.net:44302 (assuming the DNS record is +viable). Omitting any of listen-address, listen-port, or server-name, will +leave appropriate defaults in the nginx directive. Multiple instances of +``service https api virtual-host`` may be set. Operational requests -------------------- |