summaryrefslogtreecommitdiff
path: root/docs/_rst_legacy/configuration/service/rst-https.rst
diff options
context:
space:
mode:
authorYuriy Andamasov <yuriy@vyos.io>2026-05-10 17:19:31 +0300
committerYuriy Andamasov <yuriy@vyos.io>2026-05-10 17:19:31 +0300
commit3fd1787d50dda76619647dd95ea6e1d421204734 (patch)
tree3e4f5341e2b4c5618ba1fa6b52a5cda63c4c1c29 /docs/_rst_legacy/configuration/service/rst-https.rst
parentd7e63e1923814a791dadf93453e8c090d26ca896 (diff)
downloadvyos-documentation-3fd1787d50dda76619647dd95ea6e1d421204734.tar.gz
vyos-documentation-3fd1787d50dda76619647dd95ea6e1d421204734.zip
chore: remove RST swap mechanism, archive rst-*.rst under docs/_rst_legacy/
The swap mechanism (RST-as-fallback for migrated MD pages) is dormant — docs/_rst_overrides.txt has been empty since the MyST flip trio (#1899/#1900/#1901) landed in May 2026. The mechanism's surface area (scripts/swap_sources.py, its 245-line test, RTD pre/post hooks, Makefile glue, conf.py dynamic loader) is dead weight, and the rst-*.rst shadows scattered across the source tree cause Context7's parser to misclassify the project as RST. Changes: - Move 253 rst-*.rst shadow files into docs/_rst_legacy/ preserving subdirectory structure. They remain in the repo for reference; Sphinx excludes the folder via exclude_patterns; Context7 excludes it via excludeFolders. - Strip swap_sources.py invocation from docs/Makefile (swap/restore targets, : swap deps, trap chains). - Strip jobs: pre_build/post_build block from .readthedocs.yml. - Strip rst-*.rst exclude entry and the _md_exclude.txt loader from docs/conf.py; replace with a single _rst_legacy exclude. - Delete scripts/swap_sources.py, tests/test_swap_sources.py, docs/_rst_overrides.txt. - Update context7.json: add docs/_rst_legacy to excludeFolders; fix stale "Branch current tracks…" rule to "Branch rolling tracks…" (default branch was renamed 2026-05-10). - Update AGENTS.md: drop the "RST override mechanism" section and the test-runner snippet for the deleted test; describe _rst_legacy as archive only. Verified: sphinx-build -b html with --keep-going produces identical warning set (68 unique), identical sitemap entry count (257), identical llms.txt entry count (22), zero rst-* URLs in any artifact. 🤖 Generated by [robots](https://vyos.io)
Diffstat (limited to 'docs/_rst_legacy/configuration/service/rst-https.rst')
-rw-r--r--docs/_rst_legacy/configuration/service/rst-https.rst124
1 files changed, 124 insertions, 0 deletions
diff --git a/docs/_rst_legacy/configuration/service/rst-https.rst b/docs/_rst_legacy/configuration/service/rst-https.rst
new file mode 100644
index 00000000..e72e8e8b
--- /dev/null
+++ b/docs/_rst_legacy/configuration/service/rst-https.rst
@@ -0,0 +1,124 @@
+.. _http-api:
+
+########
+HTTP API
+########
+
+VyOS provide an HTTP API. You can use it to execute op-mode commands,
+update VyOS, set or delete config.
+
+Please take a look at the :ref:`vyosapi` page for an detailed how-to.
+
+*************
+Configuration
+*************
+
+.. cfgcmd:: set service https allow-client address <address>
+
+ Only allow certain IP addresses or prefixes to access the https
+ webserver.
+
+.. cfgcmd:: set service https certificates ca-certificate <name>
+
+ Use CA certificate from PKI subsystem
+
+.. cfgcmd:: set service https certificates certificate <name>
+
+ Use certificate from PKI subsystem
+
+.. cfgcmd:: set service https certificates dh-params <name>
+
+ Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem.
+ Must be at least 2048 bits in length.
+
+.. cfgcmd:: set service https listen-address <address>
+
+ Webserver should only listen on specified IP address
+
+.. cfgcmd:: set service https port <number>
+
+ Webserver should listen on specified port.
+
+ Default: 443
+
+.. cfgcmd:: set service https enable-http-redirect
+
+ Enable automatic redirect from http to https.
+
+.. cfgcmd:: set service https tls-version <1.2 | 1.3>
+
+ Select TLS version used.
+
+ This defaults to both 1.2 and 1.3.
+
+.. cfgcmd:: set service https vrf <name>
+
+ Start Webserver in given VRF.
+
+.. cfgcmd:: set service https request-body-size-limit <size>
+
+ Set the maximum request body size in megabytes. Default is 1MB.
+
+API
+===
+
+.. cfgcmd:: set service https api keys id <name> key <apikey>
+
+ Set a named api key. Every key has the same, full permissions
+ on the system.
+
+REST
+====
+
+.. cfgcmd:: set service https api rest
+
+ Enable REST API
+
+.. cfgcmd:: set service https api rest debug
+
+ To enable debug messages. Available via :opcmd:`show log` or
+ :opcmd:`monitor log`
+
+.. cfgcmd:: set service https api rest strict
+
+ Enforce strict path checking.
+
+GraphQL
+=======
+
+.. cfgcmd:: set service https api graphql introspection
+
+ Enable GraphQL Schema introspection.
+
+.. note:: Do not leave introspection enabled in production, it is a security risk.
+
+.. cfgcmd:: set service https api graphql authentication type <key | token>
+
+ Set the authentication type for GraphQL, default option is key. Available options are:
+
+ * ``key`` use API keys configured in ``service https api keys``
+
+ * ``token`` use JWT tokens.
+
+.. cfgcmd:: set service https api graphql authentication expiration
+
+ Set the lifetime for JWT tokens in seconds. Default is 3600 seconds.
+
+.. cfgcmd:: set service https api graphql authentication secret-length
+
+ Set the byte length of the JWT secret. Default is 32.
+
+.. cfgcmd:: set service https api graphql cors allow-origin <origin>
+
+ Allow cross-origin requests from `<origin>`.
+
+*********************
+Example Configuration
+*********************
+
+Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint.
+
+.. code-block:: none
+
+ set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
+ set service https api rest