diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-10 17:19:31 +0300 |
|---|---|---|
| committer | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-10 17:19:31 +0300 |
| commit | 3fd1787d50dda76619647dd95ea6e1d421204734 (patch) | |
| tree | 3e4f5341e2b4c5618ba1fa6b52a5cda63c4c1c29 /docs/_rst_legacy/configuration/service/rst-https.rst | |
| parent | d7e63e1923814a791dadf93453e8c090d26ca896 (diff) | |
| download | vyos-documentation-3fd1787d50dda76619647dd95ea6e1d421204734.tar.gz vyos-documentation-3fd1787d50dda76619647dd95ea6e1d421204734.zip | |
chore: remove RST swap mechanism, archive rst-*.rst under docs/_rst_legacy/
The swap mechanism (RST-as-fallback for migrated MD pages) is dormant —
docs/_rst_overrides.txt has been empty since the MyST flip trio
(#1899/#1900/#1901) landed in May 2026. The mechanism's surface area
(scripts/swap_sources.py, its 245-line test, RTD pre/post hooks,
Makefile glue, conf.py dynamic loader) is dead weight, and the
rst-*.rst shadows scattered across the source tree cause Context7's
parser to misclassify the project as RST.
Changes:
- Move 253 rst-*.rst shadow files into docs/_rst_legacy/ preserving
subdirectory structure. They remain in the repo for reference; Sphinx
excludes the folder via exclude_patterns; Context7 excludes it via
excludeFolders.
- Strip swap_sources.py invocation from docs/Makefile (swap/restore
targets, : swap deps, trap chains).
- Strip jobs: pre_build/post_build block from .readthedocs.yml.
- Strip rst-*.rst exclude entry and the _md_exclude.txt loader from
docs/conf.py; replace with a single _rst_legacy exclude.
- Delete scripts/swap_sources.py, tests/test_swap_sources.py,
docs/_rst_overrides.txt.
- Update context7.json: add docs/_rst_legacy to excludeFolders;
fix stale "Branch current tracks…" rule to "Branch rolling tracks…"
(default branch was renamed 2026-05-10).
- Update AGENTS.md: drop the "RST override mechanism" section and the
test-runner snippet for the deleted test; describe _rst_legacy as
archive only.
Verified: sphinx-build -b html with --keep-going produces identical
warning set (68 unique), identical sitemap entry count (257), identical
llms.txt entry count (22), zero rst-* URLs in any artifact.
🤖 Generated by [robots](https://vyos.io)
Diffstat (limited to 'docs/_rst_legacy/configuration/service/rst-https.rst')
| -rw-r--r-- | docs/_rst_legacy/configuration/service/rst-https.rst | 124 |
1 files changed, 124 insertions, 0 deletions
diff --git a/docs/_rst_legacy/configuration/service/rst-https.rst b/docs/_rst_legacy/configuration/service/rst-https.rst new file mode 100644 index 00000000..e72e8e8b --- /dev/null +++ b/docs/_rst_legacy/configuration/service/rst-https.rst @@ -0,0 +1,124 @@ +.. _http-api: + +######## +HTTP API +######## + +VyOS provide an HTTP API. You can use it to execute op-mode commands, +update VyOS, set or delete config. + +Please take a look at the :ref:`vyosapi` page for an detailed how-to. + +************* +Configuration +************* + +.. cfgcmd:: set service https allow-client address <address> + + Only allow certain IP addresses or prefixes to access the https + webserver. + +.. cfgcmd:: set service https certificates ca-certificate <name> + + Use CA certificate from PKI subsystem + +.. cfgcmd:: set service https certificates certificate <name> + + Use certificate from PKI subsystem + +.. cfgcmd:: set service https certificates dh-params <name> + + Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. + Must be at least 2048 bits in length. + +.. cfgcmd:: set service https listen-address <address> + + Webserver should only listen on specified IP address + +.. cfgcmd:: set service https port <number> + + Webserver should listen on specified port. + + Default: 443 + +.. cfgcmd:: set service https enable-http-redirect + + Enable automatic redirect from http to https. + +.. cfgcmd:: set service https tls-version <1.2 | 1.3> + + Select TLS version used. + + This defaults to both 1.2 and 1.3. + +.. cfgcmd:: set service https vrf <name> + + Start Webserver in given VRF. + +.. cfgcmd:: set service https request-body-size-limit <size> + + Set the maximum request body size in megabytes. Default is 1MB. + +API +=== + +.. cfgcmd:: set service https api keys id <name> key <apikey> + + Set a named api key. Every key has the same, full permissions + on the system. + +REST +==== + +.. cfgcmd:: set service https api rest + + Enable REST API + +.. cfgcmd:: set service https api rest debug + + To enable debug messages. Available via :opcmd:`show log` or + :opcmd:`monitor log` + +.. cfgcmd:: set service https api rest strict + + Enforce strict path checking. + +GraphQL +======= + +.. cfgcmd:: set service https api graphql introspection + + Enable GraphQL Schema introspection. + +.. note:: Do not leave introspection enabled in production, it is a security risk. + +.. cfgcmd:: set service https api graphql authentication type <key | token> + + Set the authentication type for GraphQL, default option is key. Available options are: + + * ``key`` use API keys configured in ``service https api keys`` + + * ``token`` use JWT tokens. + +.. cfgcmd:: set service https api graphql authentication expiration + + Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. + +.. cfgcmd:: set service https api graphql authentication secret-length + + Set the byte length of the JWT secret. Default is 32. + +.. cfgcmd:: set service https api graphql cors allow-origin <origin> + + Allow cross-origin requests from `<origin>`. + +********************* +Example Configuration +********************* + +Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint. + +.. code-block:: none + + set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY + set service https api rest |
