VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=current 2025-07-02T17:48:17+00:00 2025-07-02T17:48:17+00:00 Abhishek Safui abhishek.safui@cdot.in 2025-07-02T17:48:17+00:00 urn:sha1:4374a27342e58fea1ac5928805e688d6d127fd04 Matched the out iface name in wan load balancer default SNAT rule so that SNAT is performed to load balanced packets only 2025-05-05T17:50:20+00:00 Christian Breunig christian@breunig.cc 2025-05-05T15:20:44+00:00 urn:sha1:f40cf6064a02fbb6baae924e94b9183d6bd87474 When instructing certbot to listen on a given address, check if the address is free to use. Also take this into account when spawning certbot behind HAProxy. If the address is not (yet) bound - the request must be done in standalone mode and not via the reverse-proxy. 2025-05-04T21:38:29+00:00 Christian Breunig christian@breunig.cc 2025-05-04T09:35:33+00:00 urn:sha1:59957ad694043f41a7b1e9ee740b19c87f297867 Always enable the ACL entry to reverse-proxy requests to the path "/.well-known/acme-challenge/" when "redirect-http-to-https" is configured for a given HAProxy frontend service. This is an intentional design decision to simplify the implementation and reduce overall code complexity. It poses no risk: a missing path returns a 404, and an unavailable backend yields an error 503. This approach avoids a chicken-and-egg problem where certbot might try to request a certificate via reverse-proxy before the proxy config is actually generated and active. By always routing through HAProxy, we also eliminate downtime as port 80 does not need to be freed for certbot's standalone mode. 2025-04-28T20:10:08+00:00 Christian Breunig christian@breunig.cc 2025-04-28T20:08:46+00:00 urn:sha1:f8b0d74eecabdd16cb0cd6239c8095ed6d2321e3 Automatically render HaProxy rules to reverse-proxy ACME challanges when the requested certificate was issued using ACME. 2025-04-28T20:10:08+00:00 Christian Breunig christian@breunig.cc 2025-04-22T14:37:22+00:00 urn:sha1:d4206a0885c080ef2e4b19ff33a30abc8b479dad If redirect-http-to-https is set we will render a discrete onfiguration in HAproxy to properly claim port 80 in the system to detect if a service is alreadey using the port or not. 2025-02-24T10:28:33+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2025-02-22T15:44:34+00:00 urn:sha1:fe20eae99ebdb7781f74ada3a7c13a848ea75bcc Add the ability to configurate default timeout and frontend client timeout ``` set load-balancing haproxy service web timeout client '600' set load-balancing haproxy timeout check '4' set load-balancing haproxy timeout client '600' set load-balancing haproxy timeout connect '12' set load-balancing haproxy timeout server '120' ``` 2025-02-19T19:00:30+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2025-02-19T19:00:30+00:00 urn:sha1:2250f15e2353d4a47fff45408f33a11f7a8db95f 2025-02-13T22:30:24+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2022-10-12T15:08:02+00:00 urn:sha1:a03174843512340f2f970fd6c3fe189b7bba92d6 2025-01-27T20:57:27+00:00 Alex W embezzle.dev@proton.me 2025-01-27T20:57:27+00:00 urn:sha1:85be7579f4e93f9da06b5e8775b5296be953d422 2024-10-09T13:55:15+00:00 sarthurdev 965089+sarthurdev@users.noreply.github.com 2024-10-09T12:55:11+00:00 urn:sha1:90a4827284acd3cb072cdfeef323c522802c6449