summaryrefslogtreecommitdiff
path: root/docs/configuration/service/md-https.md
diff options
context:
space:
mode:
authorYuriy Andamasov <yuriy@vyos.io>2026-05-06 18:46:21 +0300
committerYuriy Andamasov <yuriy@vyos.io>2026-05-06 18:46:21 +0300
commit88957530a3e174bfc61e8358cb2b28fd8f1fbbb6 (patch)
tree22b30d717e61a573a3712efec8a60f3e6b409d97 /docs/configuration/service/md-https.md
parentc784d8880325f96423fdd2c558750cac4313a56e (diff)
downloadvyos-documentation-88957530a3e174bfc61e8358cb2b28fd8f1fbbb6.tar.gz
vyos-documentation-88957530a3e174bfc61e8358cb2b28fd8f1fbbb6.zip
feat: import MyST swap mechanism + content for sagitta (replaces #1886)
Replaces the broken #1886 with a fresh, properly-converted MyST set for the sagitta (1.4.x) docs, mirroring what landed for circinus via #1897. This PR: - Re-imports 210 md-*.md files for sagitta. Source: ran the pipelines rst-to-myst converter (chrisjsewell/rst-to-myst v0.4.0, with pandoc fallback) on sagittas RST. Post-processed via the pipelines postprocess stage (10 ordered fixes for blanks, admonitions, label hyphens, pandoc artifacts, structural blanks, linter markers). Compared to the broken #1886 content (which was left over from an earlier stage-1-only run): zero raw `<div class=>` remnants. - For 23 stems where sagittas RST is byte-identical with currents RST (mostly stable policy/protocol pages and the 404 page), reuses currents already-validated md-*.md content rather than re-converting. - Drops cli and installation/cloud/aws from sagittas swap set: their RST has SEVERE/4 "Title level inconsistent" errors that crash rst-to-myst; they need an independent RST-source fix and are kept as RST-only for now. - Adds the per-page swap mechanism: scripts/swap_sources.py, scripts/import_myst.py, the matching tests under tests/, _swap.txt with 210 stems, _ext/vyos.py MyST renderer fallback, Makefile swap-wrapped targets, .readthedocs.yml swap pre/post hooks. - Adds 187 .webp images and removes 235 superseded .jpg/.png/.jpeg static assets; flips html_logo to vyos-logo.webp. - Adds the MyST swap-related blocks to docs/conf.py only: myst_enable_extensions, myst_fence_as_directive, md-*.md exclude patterns, _swap_exclude.txt reader, _prefer_webp and _copy_md_sources setup hooks. github_version fallback set to 'sagitta' to match the branch (parallel to currents 'current' and circinuss 'circinus'). Deliberately excluded (per user direction): - llms.txt and sphinx-llms-txt / sphinx-sitemap config: these will land separately for sagitta via #1870 plus a new sagitta-specific llms.txt template PR. The conf.py here does not pull those extensions in, so the build does not depend on the new pip packages. Verification before pushing: - 210 md-*.md = 210 _swap.txt stems = 210 RST siblings on sagitta (1:1:1). - 0 files contain raw `<div class=` (the breakage that took down /en/1.5/). - conf.py copyright/version/release preserve sagittas values (2024 / 1.4 / "1.4.x (sagitta)") - not currents. - html_title from currents conf.py removed - PR #1880 is the right place for sagittas branch-localized title. Supersedes / closes on merge: - #1886 (broken converter output, would break /en/1.4/ if merged). Generated by robots https://vyos.io
Diffstat (limited to 'docs/configuration/service/md-https.md')
-rw-r--r--docs/configuration/service/md-https.md100
1 files changed, 100 insertions, 0 deletions
diff --git a/docs/configuration/service/md-https.md b/docs/configuration/service/md-https.md
new file mode 100644
index 00000000..c2e97453
--- /dev/null
+++ b/docs/configuration/service/md-https.md
@@ -0,0 +1,100 @@
+(http-api)=
+
+# HTTP API
+
+VyOS provide an HTTP API. You can use it to execute op-mode commands,
+update VyOS, set or delete config.
+
+Please take a look at the {ref}`vyosapi` page for an detailed how-to.
+
+## Configuration
+
+```{eval-rst}
+.. cfgcmd:: set service https allow-client address <address>
+
+ Only allow certain IP addresses or prefixes to access the https
+ webserver.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https certificates ca-certificate <name>
+
+ Use CA certificate from PKI subsystem
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https certificates certificate <name>
+
+ Use certificate from PKI subsystem
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https certificates dh-params <name>
+
+ Use {abbr}`DH (Diffie–Hellman)` parameters from PKI subsystem.
+ Must be at least 2048 bits in length.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https listen-address <address>
+
+ Webserver should only listen on specified IP address
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https port <number>
+
+ Webserver should listen on specified port.
+
+ Default: 443
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https enable-http-redirect
+
+ Enable automatic redirect from http to https.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https tls-version <1.2 | 1.3>
+
+ Select TLS version used.
+
+ This defaults to both 1.2 and 1.3.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https vrf <name>
+
+ Start Webserver in given VRF.
+```
+
+### API
+
+```{eval-rst}
+.. cfgcmd:: set service https api keys id <name> key <apikey>
+
+ Set a named api key. Every key has the same, full permissions
+ on the system.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https api debug
+
+ To enable debug messages. Available via {opcmd}`show log` or
+ {opcmd}`monitor log`
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https api strict
+
+ Enforce strict path checking
+```
+
+## Example Configuration
+
+Set an API-KEY is the minimal configuration to get a working API Endpoint.
+
+```none
+set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
+```