Merge pull request #103 from jestabro/service-https

[service https] T1443: add self-signed TLS certificate

1 files changed, 12 insertions, 10 deletions

diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index e1e81eef1..289eacf69 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -21,6 +21,7 @@ import os
 
 import jinja2
 
+import vyos.defaults
 from vyos.config import Config
 from vyos import ConfigError
 
@@ -45,11 +46,16 @@ server {
         #
         listen 443 ssl default_server;
         listen [::]:443 ssl default_server;
+
+{% if vyos_cert %}
+        include {{ vyos_cert.conf }};
+{% else %}
         #
         # Self signed certs generated by the ssl-cert package
         # Don't use them in a production server!
         #
         include snippets/snakeoil.conf;
+{% endif %}
 
 {% for l_addr in listen_address %}
         server_name {{ l_addr }};
@@ -75,16 +81,8 @@ server {
 }
 """
 
-default_config_data = {
-    'listen_address' : [ '127.0.0.1' ]
-}
-
-default_api_config_data = {
-    'port' : '8080',
-}
-
 def get_config():
-    https = default_config_data
+    https = vyos.defaults.https_data
     conf = Config()
     if not conf.exists('service https'):
         return None
@@ -95,8 +93,12 @@ def get_config():
         addrs = conf.return_values('listen-address')
         https['listen_address'] = addrs[:]
 
+    if conf.exists('certificates'):
+        if conf.exists('certificates system-generated-certificate'):
+            https['vyos_cert'] = vyos.defaults.vyos_cert_data
+
     if conf.exists('api'):
-        https['api'] = default_api_config_data
+        https['api'] = vyos.defaults.api_data
 
     if conf.exists('api port'):
         port = conf.return_value('api port')