diff options
| author | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-06 18:46:21 +0300 |
|---|---|---|
| committer | Yuriy Andamasov <yuriy@vyos.io> | 2026-05-06 18:46:21 +0300 |
| commit | 88957530a3e174bfc61e8358cb2b28fd8f1fbbb6 (patch) | |
| tree | 22b30d717e61a573a3712efec8a60f3e6b409d97 /docs/configuration/service/md-https.md | |
| parent | c784d8880325f96423fdd2c558750cac4313a56e (diff) | |
| download | vyos-documentation-88957530a3e174bfc61e8358cb2b28fd8f1fbbb6.tar.gz vyos-documentation-88957530a3e174bfc61e8358cb2b28fd8f1fbbb6.zip | |
feat: import MyST swap mechanism + content for sagitta (replaces #1886)
Replaces the broken #1886 with a fresh, properly-converted MyST set for
the sagitta (1.4.x) docs, mirroring what landed for circinus via #1897.
This PR:
- Re-imports 210 md-*.md files for sagitta. Source: ran the pipelines
rst-to-myst converter (chrisjsewell/rst-to-myst v0.4.0, with pandoc
fallback) on sagittas RST. Post-processed via the pipelines
postprocess stage (10 ordered fixes for blanks, admonitions, label
hyphens, pandoc artifacts, structural blanks, linter markers).
Compared to the broken #1886 content (which was left over from an
earlier stage-1-only run): zero raw `<div class=>` remnants.
- For 23 stems where sagittas RST is byte-identical with currents RST
(mostly stable policy/protocol pages and the 404 page), reuses currents
already-validated md-*.md content rather than re-converting.
- Drops cli and installation/cloud/aws from sagittas swap set: their
RST has SEVERE/4 "Title level inconsistent" errors that crash
rst-to-myst; they need an independent RST-source fix and are kept as
RST-only for now.
- Adds the per-page swap mechanism: scripts/swap_sources.py,
scripts/import_myst.py, the matching tests under tests/, _swap.txt
with 210 stems, _ext/vyos.py MyST renderer fallback, Makefile
swap-wrapped targets, .readthedocs.yml swap pre/post hooks.
- Adds 187 .webp images and removes 235 superseded .jpg/.png/.jpeg
static assets; flips html_logo to vyos-logo.webp.
- Adds the MyST swap-related blocks to docs/conf.py only:
myst_enable_extensions, myst_fence_as_directive, md-*.md exclude
patterns, _swap_exclude.txt reader, _prefer_webp and _copy_md_sources
setup hooks. github_version fallback set to 'sagitta' to match the
branch (parallel to currents 'current' and circinuss 'circinus').
Deliberately excluded (per user direction):
- llms.txt and sphinx-llms-txt / sphinx-sitemap config: these will
land separately for sagitta via #1870 plus a new sagitta-specific
llms.txt template PR. The conf.py here does not pull those extensions
in, so the build does not depend on the new pip packages.
Verification before pushing:
- 210 md-*.md = 210 _swap.txt stems = 210 RST siblings on sagitta (1:1:1).
- 0 files contain raw `<div class=` (the breakage that took down /en/1.5/).
- conf.py copyright/version/release preserve sagittas values
(2024 / 1.4 / "1.4.x (sagitta)") - not currents.
- html_title from currents conf.py removed - PR #1880 is the right place
for sagittas branch-localized title.
Supersedes / closes on merge:
- #1886 (broken converter output, would break /en/1.4/ if merged).
Generated by robots https://vyos.io
Diffstat (limited to 'docs/configuration/service/md-https.md')
| -rw-r--r-- | docs/configuration/service/md-https.md | 100 |
1 files changed, 100 insertions, 0 deletions
diff --git a/docs/configuration/service/md-https.md b/docs/configuration/service/md-https.md new file mode 100644 index 00000000..c2e97453 --- /dev/null +++ b/docs/configuration/service/md-https.md @@ -0,0 +1,100 @@ +(http-api)= + +# HTTP API + +VyOS provide an HTTP API. You can use it to execute op-mode commands, +update VyOS, set or delete config. + +Please take a look at the {ref}`vyosapi` page for an detailed how-to. + +## Configuration + +```{eval-rst} +.. cfgcmd:: set service https allow-client address <address> + + Only allow certain IP addresses or prefixes to access the https + webserver. +``` + +```{eval-rst} +.. cfgcmd:: set service https certificates ca-certificate <name> + + Use CA certificate from PKI subsystem +``` + +```{eval-rst} +.. cfgcmd:: set service https certificates certificate <name> + + Use certificate from PKI subsystem +``` + +```{eval-rst} +.. cfgcmd:: set service https certificates dh-params <name> + + Use {abbr}`DH (Diffie–Hellman)` parameters from PKI subsystem. + Must be at least 2048 bits in length. +``` + +```{eval-rst} +.. cfgcmd:: set service https listen-address <address> + + Webserver should only listen on specified IP address +``` + +```{eval-rst} +.. cfgcmd:: set service https port <number> + + Webserver should listen on specified port. + + Default: 443 +``` + +```{eval-rst} +.. cfgcmd:: set service https enable-http-redirect + + Enable automatic redirect from http to https. +``` + +```{eval-rst} +.. cfgcmd:: set service https tls-version <1.2 | 1.3> + + Select TLS version used. + + This defaults to both 1.2 and 1.3. +``` + +```{eval-rst} +.. cfgcmd:: set service https vrf <name> + + Start Webserver in given VRF. +``` + +### API + +```{eval-rst} +.. cfgcmd:: set service https api keys id <name> key <apikey> + + Set a named api key. Every key has the same, full permissions + on the system. +``` + +```{eval-rst} +.. cfgcmd:: set service https api debug + + To enable debug messages. Available via {opcmd}`show log` or + {opcmd}`monitor log` +``` + +```{eval-rst} +.. cfgcmd:: set service https api strict + + Enforce strict path checking +``` + +## Example Configuration + +Set an API-KEY is the minimal configuration to get a working API Endpoint. + +```none +set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY +``` |
