From 038b3a3a2ad91f67f074ba05a35d800c3dac2c07 Mon Sep 17 00:00:00 2001 From: Yuriy Andamasov Date: Sat, 2 May 2026 21:13:13 +0300 Subject: feat(swap-circinus): add incremental RST-to-MyST swap mechanism MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Backport of the swap mechanism from feat/incremental-myst-swap onto the circinus release branch. Built directly on top of origin/circinus, so the underlying RST tree is circinus's (not current's). Mechanism: - scripts/import_myst.py — import md from myst/* with md- prefix - scripts/swap_sources.py — rename md-{name}.md → {name}.md before Sphinx builds, restore after; writes _build/_swap_state.json and _build/_swap_exclude.txt - docs/Makefile — html/dirhtml/pdf/livehtml all run swap → build → trap restore; explicit `swap` and `restore` targets too - docs/conf.py — MyST extensions enabled; swap exclude_patterns loader; _prefer_webp builder hook so html prefers webp over png Content (all from origin/myst/circinus): - 253 md-prefixed pages alongside each {name}.rst counterpart - 1 plain MyST-only page kept at canonical name (docs/copyright.md, no .rst counterpart) - 182 .webp images added (circinus release previously had only PNG/JPG; this PR brings webp into circinus alongside the originals) - docs/_swap.txt populated with all 253 stems → MyST is served by default; revert a page by removing its stem from _swap.txt 🤖 Generated by [robots](https://vyos.io) --- docs/configuration/service/md-https.md | 138 +++++++++++++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 docs/configuration/service/md-https.md (limited to 'docs/configuration/service/md-https.md') diff --git a/docs/configuration/service/md-https.md b/docs/configuration/service/md-https.md new file mode 100644 index 00000000..184fd088 --- /dev/null +++ b/docs/configuration/service/md-https.md @@ -0,0 +1,138 @@ +(http-api)= + +# HTTP API + +VyOS provide an HTTP API. You can use it to execute op-mode commands, +update VyOS, set or delete config. + +Please take a look at the {ref}`vyosapi` page for an detailed how-to. + +## Configuration + +```{cfgcmd} set service https allow-client address \ + +Only allow certain IP addresses or prefixes to access the https +webserver. +``` + +```{cfgcmd} set service https certificates ca-certificate \ + +Use CA certificate from PKI subsystem +``` + +```{cfgcmd} set service https certificates certificate \ + +Use certificate from PKI subsystem +``` + +```{cfgcmd} set service https certificates dh-params \ + +Use {abbr}`DH (Diffie–Hellman)` parameters from PKI subsystem. +Must be at least 2048 bits in length. +``` + +```{cfgcmd} set service https listen-address \ + +Webserver should only listen on specified IP address +``` + +```{cfgcmd} set service https port \ + +Webserver should listen on specified port. + +Default: 443 +``` + +```{cfgcmd} set service https enable-http-redirect + +Enable automatic redirect from http to https. +``` + +```{cfgcmd} set service https tls-version \<1.2 | 1.3\> + +Select TLS version used. + +This defaults to both 1.2 and 1.3. +``` + +```{cfgcmd} set service https vrf \ + +Start Webserver in given VRF. +``` + +```{cfgcmd} set service https request-body-size-limit \ + +Set the maximum request body size in megabytes. Default is 1MB. +``` + + +### API + +```{cfgcmd} set service https api keys id \ key \ + +Set a named api key. Every key has the same, full permissions +on the system. +``` + + +### REST + +```{cfgcmd} set service https api rest + +Enable REST API +``` + +```{cfgcmd} set service https api rest debug + +To enable debug messages. Available via {opcmd}`show log` or +{opcmd}`monitor log` +``` + +```{cfgcmd} set service https api rest strict + +Enforce strict path checking. +``` + + +### GraphQL + +```{cfgcmd} set service https api graphql introspection + +Enable GraphQL Schema introspection. +``` + +:::{note} +Do not leave introspection enabled in production, it is a security risk. +::: + +```{cfgcmd} set service https api graphql authentication type \ + +Set the authentication type for GraphQL, default option is key. Available options are: +* ``key`` use API keys configured in ``service https api keys`` +* ``token`` use JWT tokens. +``` + +```{cfgcmd} set service https api graphql authentication expiration + +Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. +``` + +```{cfgcmd} set service https api graphql authentication secret-length + +Set the byte length of the JWT secret. Default is 32. +``` + +```{cfgcmd} set service https api graphql cors allow-origin \ + +Allow cross-origin requests from \. +``` + + +## Example Configuration + +Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint. + +```none +set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY +set service https api rest +``` -- cgit v1.2.3