summaryrefslogtreecommitdiff
path: root/docs/configuration/service/md-https.md
diff options
context:
space:
mode:
authorYuriy Andamasov <yuriy@vyos.io>2026-05-06 20:11:13 +0300
committerGitHub <noreply@github.com>2026-05-06 20:11:13 +0300
commitab5359702db9ba94fa27d770af440a20cf95a41b (patch)
tree22b30d717e61a573a3712efec8a60f3e6b409d97 /docs/configuration/service/md-https.md
parentc784d8880325f96423fdd2c558750cac4313a56e (diff)
parent88957530a3e174bfc61e8358cb2b28fd8f1fbbb6 (diff)
downloadvyos-documentation-ab5359702db9ba94fa27d770af440a20cf95a41b.tar.gz
vyos-documentation-ab5359702db9ba94fa27d770af440a20cf95a41b.zip
Merge pull request #1898 from vyos/fix/myst-import-sagitta-v2
feat: bundle MyST migration + swap mechanism for sagitta (replaces #1886)
Diffstat (limited to 'docs/configuration/service/md-https.md')
-rw-r--r--docs/configuration/service/md-https.md100
1 files changed, 100 insertions, 0 deletions
diff --git a/docs/configuration/service/md-https.md b/docs/configuration/service/md-https.md
new file mode 100644
index 00000000..c2e97453
--- /dev/null
+++ b/docs/configuration/service/md-https.md
@@ -0,0 +1,100 @@
+(http-api)=
+
+# HTTP API
+
+VyOS provide an HTTP API. You can use it to execute op-mode commands,
+update VyOS, set or delete config.
+
+Please take a look at the {ref}`vyosapi` page for an detailed how-to.
+
+## Configuration
+
+```{eval-rst}
+.. cfgcmd:: set service https allow-client address <address>
+
+ Only allow certain IP addresses or prefixes to access the https
+ webserver.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https certificates ca-certificate <name>
+
+ Use CA certificate from PKI subsystem
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https certificates certificate <name>
+
+ Use certificate from PKI subsystem
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https certificates dh-params <name>
+
+ Use {abbr}`DH (Diffie–Hellman)` parameters from PKI subsystem.
+ Must be at least 2048 bits in length.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https listen-address <address>
+
+ Webserver should only listen on specified IP address
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https port <number>
+
+ Webserver should listen on specified port.
+
+ Default: 443
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https enable-http-redirect
+
+ Enable automatic redirect from http to https.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https tls-version <1.2 | 1.3>
+
+ Select TLS version used.
+
+ This defaults to both 1.2 and 1.3.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https vrf <name>
+
+ Start Webserver in given VRF.
+```
+
+### API
+
+```{eval-rst}
+.. cfgcmd:: set service https api keys id <name> key <apikey>
+
+ Set a named api key. Every key has the same, full permissions
+ on the system.
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https api debug
+
+ To enable debug messages. Available via {opcmd}`show log` or
+ {opcmd}`monitor log`
+```
+
+```{eval-rst}
+.. cfgcmd:: set service https api strict
+
+ Enforce strict path checking
+```
+
+## Example Configuration
+
+Set an API-KEY is the minimal configuration to get a working API Endpoint.
+
+```none
+set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
+```