Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

https: T5902: remove virtual-host configuration #2773

Merged
merged 3 commits into from
Jan 9, 2024
Merged

https: T5902: remove virtual-host configuration #2773

merged 3 commits into from
Jan 9, 2024

Commits on Jan 9, 2024

  1. https: T5902: remove virtual-host configuration 

    We have not seen the adoption of the https virtual-host CLI option.

What it did?
* Create multiple webservers each listening on a different IP/port
  (but in the same VRF)
* All webservers shared one common document root
* All webservers shared the same SSL certificates
* All webservers could have had individual allow-client configurations
* API could be enabled for a particular virtual-host but was always enabled on
  the default host

This configuration tried to provide a full webserver via the CLI but VyOS is a
router and the Webserver is there for an API or to serve files for a local-ui.

Changes

Remove support for virtual-hosts as it's an incomplete and thus mostly useless
"thing". Migrate all allow-client statements to one top-level allow statement.
    @c-po
    c-po committed Jan 9, 2024
    Configuration menu
    Copy the full SHA
    d0d3071 View commit details
    Browse the repository at this point in the history

  2. pki: T5911: fix service update algorithm if certificate name contains… 

    … a hyphen (-)

When testing for changed PKI certificates using node_changed(), we should not
use key_mangling=('-', '_'), as this will make certificate updates with a hypen
not possible.
    @c-po
    c-po committed Jan 9, 2024
    Configuration menu
    Copy the full SHA
    fc6926f View commit details
    Browse the repository at this point in the history

  3. boot-config-loader: T1622: add missing groups to failsafe user 

    This extends commit 86d1291 ("[boot-config-loader] T1622: Add failsafe
and back trace") and adds missing groups to the vyos user. Without this
change the vyos user will only have operator (vyos@vyos>) privileges,
even if this level is discontinued.

One could hack himself up as the user has sudo rights, but rather place
the user in the right groups from the beginning.

NOTE: This user is only added if booted with "vyos-config-debug" and
an error when the configuration can not be loaded at all.
    @c-po
    c-po committed Jan 9, 2024
    Configuration menu
    Copy the full SHA
    07e802a View commit details
    Browse the repository at this point in the history