T4055 added a useful feature that supports VRF for API.
Unfortunately, it doesn't work as expected in Equuleus with following configuration.
set interfaces ethernet eth0 address 'dhcp' set interfaces ethernet eth0 vrf 'mgmt' set interfaces loopback lo set service https api keys id vyos key 'vyos' set service https vrf 'mgmt' set vrf name mgmt table '65535'
There are no nginx processes in the VRF and it's not accessible from eth0 network.
vyos@vyos:~$ show vrf mgmt processes 5829 vyos-http-api-s 5835 unionfs-fuse 3224 sshd
test@vm:~$ curl -sSfLk -X POST 'https://192.168.0.20/retrieve' -F data='{"op": "showConfig", "path": ["interfaces"]}' -F key='vyos' curl: (7) Failed to connect to 192.168.0.20 port 443: Connection refused
And, the nginx configuration file doesn't include ip vrf exec command.
vyos@vyos:~$ cat /etc/systemd/system/nginx.service.d/override.conf [Unit] StartLimitIntervalSec=0 After=vyos-router.service [Service] ExecStartPre= ExecStartPre=/usr/sbin/nginx -t -q -g 'daemon on; master_process on;' ExecStart= ExecStart=/usr/sbin/nginx -g 'daemon on; master_process on;' ExecReload= ExecReload=/usr/sbin/nginx -g 'daemon on; master_process on;' -s reload Restart=always RestartPreventExitStatus=
It works properly in current branch, so it's just in Equuleus.