diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-06 20:42:32 +0300 |
|---|---|---|
| committer | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-06 20:42:32 +0300 |
| commit | 5d6fa52b8985f8068314aba26878a1d7d5cb84e5 (patch) | |
| tree | 99359ff282846e26b5c5fa2b9b176b35b172809f /docs/configuration/service/https.rst | |
| parent | 631e454d674ad5111d2b56a6964ead461894a1f6 (diff) | |
| download | vyos-documentation-5d6fa52b8985f8068314aba26878a1d7d5cb84e5.tar.gz vyos-documentation-5d6fa52b8985f8068314aba26878a1d7d5cb84e5.zip | |
feat: flip swap mechanism — MD as primary, RST as override (Phase 1)
This is the first of three phases inverting the per-page swap mechanism
so MD becomes the canonical primary and RST becomes the rare override.
Phase 1 — file renames + conf.py exclude_patterns flip only:
- Rename docs/**/md-<stem>.md to docs/**/<stem>.md (drop md- prefix)
for all 254 stems previously listed in docs/_swap.txt
- Rename docs/**/<stem>.rst to docs/**/rst-<stem>.rst (add rst- prefix)
for the same 254 stems
- Repurpose docs/_swap.txt as docs/_rst_overrides.txt; initially empty
comment-only since no pages need the RST fallback right now
- conf.py exclude_patterns flipped: rst-*.rst is now excluded by default
instead of md-*.md
- conf.py runtime-artifact references updated to _rst_override_state.json
and _md_exclude.txt (Phase 2 will rewrite swap_sources.py to produce
these names; for now no swap script runs because overrides list is empty)
Phase 2 (next commit on this branch) will rewrite scripts/swap_sources.py
with inverted rename direction, delete scripts/import_myst.py + tests, and
update tests/test_swap_sources.py for the new semantics.
Phase 3 will be the cleanup pass and ready-for-review flip.
Generated by robots https://vyos.io
Diffstat (limited to 'docs/configuration/service/https.rst')
| -rw-r--r-- | docs/configuration/service/https.rst | 124 |
1 files changed, 0 insertions, 124 deletions
diff --git a/docs/configuration/service/https.rst b/docs/configuration/service/https.rst deleted file mode 100644 index e72e8e8b..00000000 --- a/docs/configuration/service/https.rst +++ /dev/null @@ -1,124 +0,0 @@ -.. _http-api: - -######## -HTTP API -######## - -VyOS provide an HTTP API. You can use it to execute op-mode commands, -update VyOS, set or delete config. - -Please take a look at the :ref:`vyosapi` page for an detailed how-to. - -************* -Configuration -************* - -.. cfgcmd:: set service https allow-client address <address> - - Only allow certain IP addresses or prefixes to access the https - webserver. - -.. cfgcmd:: set service https certificates ca-certificate <name> - - Use CA certificate from PKI subsystem - -.. cfgcmd:: set service https certificates certificate <name> - - Use certificate from PKI subsystem - -.. cfgcmd:: set service https certificates dh-params <name> - - Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. - Must be at least 2048 bits in length. - -.. cfgcmd:: set service https listen-address <address> - - Webserver should only listen on specified IP address - -.. cfgcmd:: set service https port <number> - - Webserver should listen on specified port. - - Default: 443 - -.. cfgcmd:: set service https enable-http-redirect - - Enable automatic redirect from http to https. - -.. cfgcmd:: set service https tls-version <1.2 | 1.3> - - Select TLS version used. - - This defaults to both 1.2 and 1.3. - -.. cfgcmd:: set service https vrf <name> - - Start Webserver in given VRF. - -.. cfgcmd:: set service https request-body-size-limit <size> - - Set the maximum request body size in megabytes. Default is 1MB. - -API -=== - -.. cfgcmd:: set service https api keys id <name> key <apikey> - - Set a named api key. Every key has the same, full permissions - on the system. - -REST -==== - -.. cfgcmd:: set service https api rest - - Enable REST API - -.. cfgcmd:: set service https api rest debug - - To enable debug messages. Available via :opcmd:`show log` or - :opcmd:`monitor log` - -.. cfgcmd:: set service https api rest strict - - Enforce strict path checking. - -GraphQL -======= - -.. cfgcmd:: set service https api graphql introspection - - Enable GraphQL Schema introspection. - -.. note:: Do not leave introspection enabled in production, it is a security risk. - -.. cfgcmd:: set service https api graphql authentication type <key | token> - - Set the authentication type for GraphQL, default option is key. Available options are: - - * ``key`` use API keys configured in ``service https api keys`` - - * ``token`` use JWT tokens. - -.. cfgcmd:: set service https api graphql authentication expiration - - Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. - -.. cfgcmd:: set service https api graphql authentication secret-length - - Set the byte length of the JWT secret. Default is 32. - -.. cfgcmd:: set service https api graphql cors allow-origin <origin> - - Allow cross-origin requests from `<origin>`. - -********************* -Example Configuration -********************* - -Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint. - -.. code-block:: none - - set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY - set service https api rest |
