From 5d6fa52b8985f8068314aba26878a1d7d5cb84e5 Mon Sep 17 00:00:00 2001 From: Yuriy Andamasov Date: Wed, 6 May 2026 20:42:32 +0300 Subject: feat: flip swap mechanism — MD as primary, RST as override (Phase 1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is the first of three phases inverting the per-page swap mechanism so MD becomes the canonical primary and RST becomes the rare override. Phase 1 — file renames + conf.py exclude_patterns flip only: - Rename docs/**/md-.md to docs/**/.md (drop md- prefix) for all 254 stems previously listed in docs/_swap.txt - Rename docs/**/.rst to docs/**/rst-.rst (add rst- prefix) for the same 254 stems - Repurpose docs/_swap.txt as docs/_rst_overrides.txt; initially empty comment-only since no pages need the RST fallback right now - conf.py exclude_patterns flipped: rst-*.rst is now excluded by default instead of md-*.md - conf.py runtime-artifact references updated to _rst_override_state.json and _md_exclude.txt (Phase 2 will rewrite swap_sources.py to produce these names; for now no swap script runs because overrides list is empty) Phase 2 (next commit on this branch) will rewrite scripts/swap_sources.py with inverted rename direction, delete scripts/import_myst.py + tests, and update tests/test_swap_sources.py for the new semantics. Phase 3 will be the cleanup pass and ready-for-review flip. Generated by robots https://vyos.io --- docs/configuration/service/rst-https.rst | 124 +++++++++++++++++++++++++++++++ 1 file changed, 124 insertions(+) create mode 100644 docs/configuration/service/rst-https.rst (limited to 'docs/configuration/service/rst-https.rst') diff --git a/docs/configuration/service/rst-https.rst b/docs/configuration/service/rst-https.rst new file mode 100644 index 00000000..e72e8e8b --- /dev/null +++ b/docs/configuration/service/rst-https.rst @@ -0,0 +1,124 @@ +.. _http-api: + +######## +HTTP API +######## + +VyOS provide an HTTP API. You can use it to execute op-mode commands, +update VyOS, set or delete config. + +Please take a look at the :ref:`vyosapi` page for an detailed how-to. + +************* +Configuration +************* + +.. cfgcmd:: set service https allow-client address
+ + Only allow certain IP addresses or prefixes to access the https + webserver. + +.. cfgcmd:: set service https certificates ca-certificate + + Use CA certificate from PKI subsystem + +.. cfgcmd:: set service https certificates certificate + + Use certificate from PKI subsystem + +.. cfgcmd:: set service https certificates dh-params + + Use :abbr:`DH (Diffie–Hellman)` parameters from PKI subsystem. + Must be at least 2048 bits in length. + +.. cfgcmd:: set service https listen-address
+ + Webserver should only listen on specified IP address + +.. cfgcmd:: set service https port + + Webserver should listen on specified port. + + Default: 443 + +.. cfgcmd:: set service https enable-http-redirect + + Enable automatic redirect from http to https. + +.. cfgcmd:: set service https tls-version <1.2 | 1.3> + + Select TLS version used. + + This defaults to both 1.2 and 1.3. + +.. cfgcmd:: set service https vrf + + Start Webserver in given VRF. + +.. cfgcmd:: set service https request-body-size-limit + + Set the maximum request body size in megabytes. Default is 1MB. + +API +=== + +.. cfgcmd:: set service https api keys id key + + Set a named api key. Every key has the same, full permissions + on the system. + +REST +==== + +.. cfgcmd:: set service https api rest + + Enable REST API + +.. cfgcmd:: set service https api rest debug + + To enable debug messages. Available via :opcmd:`show log` or + :opcmd:`monitor log` + +.. cfgcmd:: set service https api rest strict + + Enforce strict path checking. + +GraphQL +======= + +.. cfgcmd:: set service https api graphql introspection + + Enable GraphQL Schema introspection. + +.. note:: Do not leave introspection enabled in production, it is a security risk. + +.. cfgcmd:: set service https api graphql authentication type + + Set the authentication type for GraphQL, default option is key. Available options are: + + * ``key`` use API keys configured in ``service https api keys`` + + * ``token`` use JWT tokens. + +.. cfgcmd:: set service https api graphql authentication expiration + + Set the lifetime for JWT tokens in seconds. Default is 3600 seconds. + +.. cfgcmd:: set service https api graphql authentication secret-length + + Set the byte length of the JWT secret. Default is 32. + +.. cfgcmd:: set service https api graphql cors allow-origin + + Allow cross-origin requests from ``. + +********************* +Example Configuration +********************* + +Setting REST API and an API-KEY is the minimal configuration to get a working API Endpoint. + +.. code-block:: none + + set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY + set service https api rest -- cgit v1.2.3