blob: 08b1657581bf9fc8418fd8fe9342246ad812e5e0 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
.. _http-api:
########
HTTP-API
########
VyOS provide an HTTP API. You can use it to execute op-mode commands,
update VyOS, set or delete config.
Please take a look at the :ref:`vyosapi` page for an detailed how-to.
*************
Configuration
*************
.. cfgcmd:: set service https api keys id <name> key <apikey>
Set a named api key. Every key has the same, full permissions
on the system.
.. cfgcmd:: set service https api debug
To enable debug messages. Available via :opcmd:`show log` or
:opcmd:`monitor log`
.. cfgcmd:: set service https api port
Set the listen port of the local API, this has no effect on the
webserver. The default is port 8080
.. cfgcmd:: set service https api socket
Use local socket for API
.. cfgcmd:: set service https api strict
Enforce strict path checking
.. cfgcmd:: set service https virtual-host <vhost> listen-address
<ipv4 or ipv6 address>
Address to listen for HTTPS requests
.. cfgcmd:: set service https virtual-host <vhost> listen-port <1-65535>
Port to listen for HTTPS requests; default 443
.. cfgcmd:: set service https virtual-host <vhost> server-name <text>
Server names for virtual hosts it can be exact, wildcard or regex.
.. cfgcmd:: set service https api-restrict virtual-host <vhost>
By default, nginx exposes the local API on all virtual servers.
Use this to restrict nginx to one or more virtual hosts.
.. cfgcmd:: set service https certificates certbot domain-name <text>
Domain name(s) for which to obtain certificate
.. cfgcmd:: set service https certificates certbot email
Email address to associate with certificate
.. cfgcmd:: set service https certificates system-generated-certificate
Use an automatically generated self-signed certificate
.. cfgcmd:: set service https certificates system-generated-certificate
lifetime <days>
Lifetime in days; default is 365
*********************
Example Configuration
*********************
Set an API-KEY is the minimal configuration to get a working API Endpoint.
.. code-block:: none
set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
To use this full configuration we asume a public accessible hostname.
.. code-block:: none
set service https api keys id MY-HTTPS-API-ID key MY-HTTPS-API-PLAINTEXT-KEY
set service https certificates certbot domain-name rtr01.example.com
set service https certificates certbot email mail@example.com
set service https virtual-host rtr01 listen-address 198.51.100.2
set service https virtual-host rtr01 listen-port 11443
set service https virtual-host rtr01 server-name rtr01.example.com
set service https api-restrict virtual-host rtr01
|
