summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJohn Estabrook <jestabro@vyos.io>2020-04-06 14:02:06 -0500
committerJohn Estabrook <jestabro@vyos.io>2020-04-07 21:55:13 -0500
commit0587839ebead40290c97aeb713e8b47148e146c4 (patch)
tree91b8ebc4caf679b5173c60fe1620c503def1132e
parentf8fafbb05a79b50cddf870617c8796bce521ce21 (diff)
downloadvyos-1x-0587839ebead40290c97aeb713e8b47148e146c4.tar.gz
vyos-1x-0587839ebead40290c97aeb713e8b47148e146c4.zip
http api: T2160: Fix error message when api proxy restricted.
-rw-r--r--data/templates/https/nginx.default.tmpl7
-rwxr-xr-xsrc/conf_mode/https.py6
2 files changed, 12 insertions, 1 deletions
diff --git a/data/templates/https/nginx.default.tmpl b/data/templates/https/nginx.default.tmpl
index b6d3aaf83..33f7b2820 100644
--- a/data/templates/https/nginx.default.tmpl
+++ b/data/templates/https/nginx.default.tmpl
@@ -51,10 +51,17 @@ server {
error_page 501 502 503 =200 @50*_json;
+{% if api_somewhere %}
+ location @50*_json {
+ default_type application/json;
+ return 200 '{"error": "service https api unavailable at this proxy address: set service https api-restrict virtual-host"}';
+ }
+{% else %}
location @50*_json {
default_type application/json;
return 200 '{"error": "Start service in configuration mode: set service https api"}';
}
+{% endif %}
}
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 90e34cedd..777792229 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -88,8 +88,10 @@ def get_config():
# certbot organizes certificates by first domain
sb['certbot_dir'] = certbot_domains[0]
+ api_somewhere = False
api_data = {}
if conf.exists('api'):
+ api_somewhere = True
api_data = vyos.defaults.api_data
if conf.exists('api port'):
port = conf.return_value('api port')
@@ -110,7 +112,9 @@ def get_config():
if block['id'] in vhost_list:
block['api'] = api_data
- https = {'server_block_list' : server_block_list, 'certbot': certbot}
+ https = {'server_block_list' : server_block_list,
+ 'api_somewhere': api_somewhere,
+ 'certbot': certbot}
return https
def verify(https):