From b93427874a0e502f83c3cc450663e079af214ea9 Mon Sep 17 00:00:00 2001
From: Christian Breunig <christian@breunig.cc>
Date: Mon, 28 Apr 2025 22:06:40 +0200
Subject: pki: T7122: place certbot behind reverse-proxy if cert used by
 haproxy

If we detect that an ACME issued certificate is consumed by haproxy service,
we will move the certbot webserver to localhost and a highport, to proxy the
request via haproxy which is already using port 80.
---
 python/vyos/defaults.py | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'python')

diff --git a/python/vyos/defaults.py b/python/vyos/defaults.py
index 7efccded6..1e6be6241 100644
--- a/python/vyos/defaults.py
+++ b/python/vyos/defaults.py
@@ -47,6 +47,10 @@ systemd_services = {
     'snmpd' : 'snmpd.service',
 }
 
+internal_ports = {
+    'certbot_haproxy' : 65080, # Certbot running behing haproxy
+}
+
 config_status = '/tmp/vyos-config-status'
 api_config_state = '/run/http-api-state'
 frr_debug_enable = '/tmp/vyos.frr.debug'
-- 
cgit v1.2.3