summaryrefslogtreecommitdiff
path: root/src/conf_mode/https.py
AgeCommit message (Collapse)Author
2023-12-31T5474: establish common file name pattern for XML conf mode commandsChristian Breunig
We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in
2023-12-20https api: T5844: issue a warning about the classic API unavailabilityDaniil Baturin
when no API keys are set
2023-11-26http-api: T5782: use single config-mode script for https and http-apiJohn Estabrook
2023-11-22http-api: T5768: remove auxiliary http-api.confJohn Estabrook
2023-11-22Merge pull request #2522 from dmbaturin/require-api-keysChristian Breunig
https api: T5772: check if keys are configured unless PAM auth is enabled for GraphQL
2023-11-22https api: T5772: check if keys are configuredDaniil Baturin
unless PAM auth is enabled for GraphQL
2023-11-21http: T5762: rename "virtual-host listen-port" -> "virtual-host port"Christian Breunig
This complements commit f5e43b136 ("http: T5762: api: make API socket backend communication the one and only default") so we have a consistent port CLI node across VyOS components.
2023-11-20http: T5762: api: make API socket backend communication the one and only defaultChristian Breunig
Why: Smoketests fail as they can not establish IPv6 connection to uvicorn backend server. https://github.com/vyos/vyos-1x/pull/2481 added a bunch of new smoketests. While debugging those failing, it was uncovered, that uvicorn only listens on IPv4 connections vyos@vyos# netstat -tulnp | grep 8080 (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) tcp 0 0 127.0.0.1:8080 0.0.0.0:* LISTEN - As the CLI already has an option to move the API communication from an IP to a UNIX domain socket, the best idea is to make this the default way of communication, as we never directly talk to the API server but rather use the NGINX reverse proxy.
2023-07-15T5195: vyos.util -> vyos.utils package refactoring part #2Christian Breunig
2023-07-14T5195: vyos.util -> vyos.utils package refactoring (#2093)Christian Breunig
* T5195: move run, cmd, call, rc_cmd helper to vyos.utils.process * T5195: use read_file and write_file implementation from vyos.utils.file Changed code automatically using: find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import read_file$/from vyos.utils.file import read_file/g' {} + find . -type f -not -path '*/\.*' -exec sed -i 's/^from vyos.util import write_file$/from vyos.utils.file import write_file/g' {} + * T5195: move chmod* helpers to vyos.utils.permission * T5195: use colon_separated_to_dict from vyos.utils.dict * T5195: move is_systemd_service_* to vyos.utils.process * T5195: fix boot issues with missing imports * T5195: move dict_search_* helpers to vyos.utils.dict * T5195: move network helpers to vyos.utils.network * T5195: move commit_* helpers to vyos.utils.commit * T5195: move user I/O helpers to vyos.utils.io
2023-03-31http-api: T5126: allow restricting client IP addressJohn Estabrook
2023-01-14systemd: T2185: always place generated override files in /runChristian Breunig
This prevents any stale override files when the system is beeing rebooted, but the actual configuration was not saved. /run is a tmpfs and thus always fresh after boot.
2022-08-23https: T4597: Verify bind port before apply HTTPS API serviceViacheslav Hletenko
If Nginx address/port is already binded to another service (for exampmle openconnect default port 443) https api cannot start and we don't see any error in the output. Add this check before applying service/commit
2022-05-01http: api: T4353: fix Jinja2 linting errorsChristian Poessinger
2021-12-25https: T1443: remove duplicate CLI definitionChristian Poessinger
2021-12-13http-api: T4071: allow API to bind to unix domain socketJohn Estabrook
2021-12-06https: T4055: add vrf supportChristian Poessinger
2021-12-06https: pki: T3642: remove debug print()Christian Poessinger
Remove superfluous print() statement added in commit 0852c588d55 ("https: pki: T3642: embed CA certificate into chain if specified").
2021-10-29https: pki: T3642: embed CA certificate into chain if specifiedChristian Poessinger
2021-07-22pki: https: T3642: Migrate HTTPS to use PKI configurationsarthurdev
2020-11-27vyos.template: T2720: always enable Jinja2 trim_blocks featureChristian Poessinger
2020-08-31T2636: remove workarounds for get_config_dict()Christian Poessinger
Now that b40c52682a256 ("config: T2636: get_config_dict() returns a list on multi node by default") is implemented the workarounds can be removed.
2020-08-31configd: T2582: add scripts to include list for daemonJohn Estabrook
2020-08-26https: T2830: update to use get_config_dictJohn Estabrook
2020-08-19https: T2815: adjust for change in certbot config directoryJohn Estabrook
2020-05-29airbag: T2088: explicit enabling of the featureThomas Mangin
airbag must now be explicitly installed. the patch also allow to fully disables the installation of the logging code at setup (and not just installing and doing nothing)
2020-05-19util: T2467: add systemctl to autosudoThomas Mangin
2020-04-12template: T2230: use render to generate templatesThomas Mangin
convert all call to jinja to use template.render
2020-04-09util: T2226: os.system was wrongly converted to runThomas Mangin
os.system does print the ouput of the command, run() does not. A new function called call() does the printing and return the error code.
2020-04-07http api: T2160: Fix error message when api proxy restricted.John Estabrook
2020-04-07http api: T2160: move 'api virtual-host' to 'api-restrict virtual-host'John Estabrook
Restriction of api proxy should be owned by https.py, not http-api.py.
2020-04-06util: T2226: covert most calls from os.system to utilThomas Mangin
As little change a possible but the function call The behaviour should be totally unchanged.
2020-04-05https: T2230: move inlined templates to dedicated filesChristian Poessinger
2020-03-30http api: T2160: allow restricting HTTP API to specific serversJohn Estabrook
By default, the HTTP API will be proxied by any nginx virtual server. Allow specifying a subset of servers to act as proxy.
2020-03-24service https: T2157: Organize server block directives as 'virtual host'John Estabrook
2020-03-11http api: T2096: Added show and generateMatthias Fetzer
2020-02-25[service https] T1443: set default HTTPS listen portJohn Estabrook
2020-02-21[service https] T1443: bug: set HTTPS listen port for listen-address '*'John Estabrook
2020-02-10service https: T1585: add missing check in verify()John Estabrook
2020-02-05service https: T1585: add support for letsencrypt certificatesJohn Estabrook
2019-11-14[service https] T1443: add setting of HTTPS listen portJohn Estabrook
2019-10-23[service https] T1443: organize internal data by server blockJohn Estabrook
2019-10-23[HTTP API] Add endpoints for config file and image management.Daniil Baturin
2019-09-04[service https] T1443: rename "server-names" option to "server-name".Daniil Baturin
2019-09-04[service https] T1443: correct the listen-address option in the script.Daniil Baturin
2019-08-27[service https] T1443: Correct the use of listen/server_name directivesJohn Estabrook
2019-08-14[service https] T1443: add self-signed TLS certificateJohn Estabrook
2019-08-14[service https] T1443: move https and api default data to vyos.defaultsJohn Estabrook
2019-08-07[service https] T1443: reset defaults on 'delete service https api'John Estabrook
2019-07-01[service https] T1443: add service https and service https apiJohn Estabrook