diff options
-rw-r--r-- | interface-definitions/https.xml.in | 6 | ||||
-rwxr-xr-x | src/conf_mode/https.py | 18 |
2 files changed, 22 insertions, 2 deletions
diff --git a/interface-definitions/https.xml.in b/interface-definitions/https.xml.in index 1d986b2b4..49bd25b82 100644 --- a/interface-definitions/https.xml.in +++ b/interface-definitions/https.xml.in @@ -111,6 +111,12 @@ <hidden/> </properties> </leafNode> + <leafNode name="virtual-host"> + <properties> + <help>Restrict proxy to virtual host(s)</help> + <multi/> + </properties> + </leafNode> </children> </node> <node name="certificates"> diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py index a0fe9cf2f..889b62cf4 100755 --- a/src/conf_mode/https.py +++ b/src/conf_mode/https.py @@ -96,6 +96,7 @@ server { """ default_server_block = { + 'id' : '', 'address' : '*', 'port' : '443', 'name' : ['_'], @@ -117,6 +118,7 @@ def get_config(): else: for vhost in conf.list_nodes('virtual-host'): server_block = deepcopy(default_server_block) + server_block['id'] = vhost if conf.exists(f'virtual-host {vhost} listen-address'): addr = conf.return_value(f'virtual-host {vhost} listen-address') server_block['address'] = addr @@ -156,9 +158,21 @@ def get_config(): if conf.exists('api port'): port = conf.return_value('api port') api_data['port'] = port + if conf.exists('api virtual-host'): + vhosts = conf.return_values('api virtual-host') + api_data['vhost'] = vhosts[:] + if api_data: - for block in server_block_list: - block['api'] = api_data + # we do not want to include 'vhost' key as part of + # vyos.defaults.api_data, so check for key existence + vhost_list = api_data.get('vhost') + if vhost_list is None: + for block in server_block_list: + block['api'] = api_data + else: + for block in server_block_list: + if block['id'] in vhost_list: + block['api'] = api_data https = {'server_block_list' : server_block_list, 'certbot': certbot} return https |