diff options
| author | Christian Breunig <christian@breunig.cc> | 2025-04-28 22:06:40 +0200 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2025-04-28 22:10:08 +0200 |
| commit | b93427874a0e502f83c3cc450663e079af214ea9 (patch) | |
| tree | 6de0866fa14d42fe4d0c2b97761abc21697e9540 /python | |
| parent | b433f9d48141496926f9499808cb57067352e432 (diff) | |
| download | vyos-1x-b93427874a0e502f83c3cc450663e079af214ea9.tar.gz vyos-1x-b93427874a0e502f83c3cc450663e079af214ea9.zip | |
pki: T7122: place certbot behind reverse-proxy if cert used by haproxy
If we detect that an ACME issued certificate is consumed by haproxy service,
we will move the certbot webserver to localhost and a highport, to proxy the
request via haproxy which is already using port 80.
Diffstat (limited to 'python')
| -rw-r--r-- | python/vyos/defaults.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py index 7efccded6..1e6be6241 100644 --- a/python/vyos/defaults.py +++ b/python/vyos/defaults.py @@ -47,6 +47,10 @@ systemd_services = { 'snmpd' : 'snmpd.service', } +internal_ports = { + 'certbot_haproxy' : 65080, # Certbot running behing haproxy +} + config_status = '/tmp/vyos-config-status' api_config_state = '/run/http-api-state' frr_debug_enable = '/tmp/vyos.frr.debug' |