summaryrefslogtreecommitdiff
path: root/docs
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2020-03-30 14:12:24 -0500
committerJohn Estabrook <jestabro@vyos.io>2020-03-30 14:12:24 -0500
commit14cf1f452da7b1958415b1bc2beaad43316bb729 (patch)
tree72602ebc668809307ff9e33f1e97c8dd44733bd3 /docs
parent39a3c0555e15c0f127b5906b4dd51e52006f8811 (diff)
downloadvyos-documentation-14cf1f452da7b1958415b1bc2beaad43316bb729.tar.gz
vyos-documentation-14cf1f452da7b1958415b1bc2beaad43316bb729.zip
http api: T2160: update docs regarding restricting HTTP API proxy
Diffstat (limited to 'docs')
-rw-r--r--docs/appendix/http-api.rst23
1 files changed, 21 insertions, 2 deletions
diff --git a/docs/appendix/http-api.rst b/docs/appendix/http-api.rst
index fbf17c5a..731ca072 100644
--- a/docs/appendix/http-api.rst
+++ b/docs/appendix/http-api.rst
@@ -13,9 +13,28 @@ VyOS HTTP API can be enabled through the ``set service https api`` command.
set service https api debug
set service https api keys id MY-HTTP-API-ID key MY-HTTP-API-PLAINTEXT-KEY
- set service https listen-address 192.168.122.127
-The local API process listens on localhost:8080, and nginx exposes it on 192.168.122.127:443 in this example.
+The local API process listens on localhost:8080, and nginx exposes it on all
+virtual servers, by default. For the purpose of illustration below, we will
+assume nginx is running at https://192.168.122.127.
+
+One can limit proxying to specific listen addresses/ports/server-names by
+defining a ``service https virtual-host <id>``, and setting ``service https
+api virtual-host <id>``.
+
+.. code-block:: none
+
+ set service https virtual-host example listen-address 192.168.122.127
+ set service https virtual-host example listen-port 44302
+ set service https virtual-host example server-name example.net
+
+ set service https api virtual-host example
+
+In this example, nginx will proxy only those requests to
+192.168.122.127:44302 or example.net:44302 (assuming the DNS record is
+viable). Omitting any of listen-address, listen-port, or server-name, will
+leave appropriate defaults in the nginx directive. Multiple instances of
+``service https api virtual-host`` may be set.
Operational requests
--------------------