Merge pull request #2781 from vyos/mergify/bp/sagitta/pr-2773

https: T5902: remove virtual-host configuration (backport #2773)

3 files changed, 43 insertions, 65 deletions

diff --git a/interface-definitions/include/pki/dh-params.xml.i b/interface-definitions/include/pki/dh-params.xml.i
new file mode 100644
index 000000000..a422df832
--- /dev/null
+++ b/interface-definitions/include/pki/dh-params.xml.i
@@ -0,0 +1,10 @@
+<!-- include start from pki/certificate-multi.xml.i -->
+<leafNode name="dh-params">
+  <properties>
+    <help>Diffie Hellman parameters (server only)</help>
+    <completionHelp>
+      <path>pki dh</path>
+    </completionHelp>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/interface-definitions/interfaces_openvpn.xml.in b/interface-definitions/interfaces_openvpn.xml.in
index dadf5cb48..f7e8f8b9f 100644
--- a/interface-definitions/interfaces_openvpn.xml.in
+++ b/interface-definitions/interfaces_openvpn.xml.in
@@ -736,14 +736,7 @@
               </leafNode>
               #include <include/pki/certificate.xml.i>
               #include <include/pki/ca-certificate-multi.xml.i>
-              <leafNode name="dh-params">
-                <properties>
-                  <help>Diffie Hellman parameters (server only)</help>
-                  <completionHelp>
-                    <path>pki dh</path>
-                  </completionHelp>
-                </properties>
-              </leafNode>
+              #include <include/pki/dh-params.xml.i>
               <leafNode name="crypt-key">
                 <properties>
                   <help>Static key to use to authenticate control channel</help>
diff --git a/interface-definitions/service_https.xml.in b/interface-definitions/service_https.xml.in
index 57f36a982..b60c7ff2e 100644
--- a/interface-definitions/service_https.xml.in
+++ b/interface-definitions/service_https.xml.in
@@ -8,52 +8,6 @@
           <priority>1001</priority>
         </properties>
         <children>
-          <tagNode name="virtual-host">
-            <properties>
-              <help>Identifier for virtual host</help>
-              <constraint>
-                <regex>[a-zA-Z0-9-_.:]{1,255}</regex>
-              </constraint>
-              <constraintErrorMessage>illegal characters in identifier or identifier longer than 255 characters</constraintErrorMessage>
-            </properties>
-            <children>
-              <leafNode name="listen-address">
-                <properties>
-                  <help>Address to listen for HTTPS requests</help>
-                  <completionHelp>
-                    <script>${vyos_completion_dir}/list_local_ips.sh --both</script>
-                  </completionHelp>
-                  <valueHelp>
-                    <format>ipv4</format>
-                   <description>HTTPS IPv4 address</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>ipv6</format>
-                    <description>HTTPS IPv6 address</description>
-                  </valueHelp>
-                  <valueHelp>
-                    <format>'*'</format>
-                    <description>any</description>
-                  </valueHelp>
-                  <constraint>
-                    <validator name="ip-address"/>
-                    <regex>\*</regex>
-                  </constraint>
-                </properties>
-              </leafNode>
-              #include <include/port-number.xml.i>
-              <leafNode name='port'>
-                <defaultValue>443</defaultValue>
-              </leafNode>
-              <leafNode name="server-name">
-                <properties>
-                  <help>Server names: exact, wildcard, or regex</help>
-                  <multi/>
-                </properties>
-              </leafNode>
-              #include <include/allow-client.xml.i>
-            </children>
-          </tagNode>
           <node name="api">
             <properties>
               <help>VyOS HTTP API configuration</help>
@@ -172,19 +126,18 @@
               </node>
             </children>
           </node>
-          <node name="api-restrict">
+          #include <include/allow-client.xml.i>
+          <leafNode name="enable-http-redirect">
             <properties>
-              <help>Restrict api proxy to subset of virtual hosts</help>
+              <help>Enable HTTP to HTTPS redirect</help>
+              <valueless/>
             </properties>
-            <children>
-              <leafNode name="virtual-host">
-                <properties>
-                  <help>Restrict proxy to virtual host(s)</help>
-                  <multi/>
-                </properties>
-              </leafNode>
-            </children>
-          </node>
+          </leafNode>
+          #include <include/listen-address.xml.i>
+          #include <include/port-number.xml.i>
+          <leafNode name='port'>
+            <defaultValue>443</defaultValue>
+          </leafNode>
           <node name="certificates">
             <properties>
               <help>TLS certificates</help>
@@ -192,8 +145,30 @@
             <children>
               #include <include/pki/ca-certificate.xml.i>
               #include <include/pki/certificate.xml.i>
+              #include <include/pki/dh-params.xml.i>
             </children>
           </node>
+          <leafNode name="tls-version">
+            <properties>
+              <help>Specify available TLS version(s)</help>
+              <completionHelp>
+                <list>1.2 1.3</list>
+              </completionHelp>
+              <valueHelp>
+                <format>1.2</format>
+                <description>TLSv1.2</description>
+              </valueHelp>
+              <valueHelp>
+                <format>1.3</format>
+                <description>TLSv1.3</description>
+              </valueHelp>
+              <constraint>
+                <regex>(1.2|1.3)</regex>
+              </constraint>
+              <multi/>
+            </properties>
+            <defaultValue>1.2 1.3</defaultValue>
+          </leafNode>
           #include <include/interface/vrf.xml.i>
         </children>
       </node>