We already have tftp-server, but in some cases, it is better to use a simple file-server
Proposed CLI
set service file-server port 8123 set service file-server directory '/tmp/myfiles/'
We already have tftp-server, but in some cases, it is better to use a simple file-server
Proposed CLI
set service file-server port 8123 set service file-server directory '/tmp/myfiles/'
PR https://github.com/vyos/vyos-1x/pull/2469
set service file-server listen-address 0.0.0.0 set service file-server port 8000 set service file-server directory '/tmp'
Instead of "file-server" I think "http-server" would be a better name or even "web-server" in this context.
File-server can get confused by FTP instead of HTTP(S).
Also another suggestion to use python is to use a package such as webfs from Debian Bookworm.
This way chroot can be applied to the served directory incl. support for SSL/TLS.
Edit:
My current use of webfs in VyOS 1.5-rolling uses (serves a single index.html):
VSZ: 9376
RSS: 2064
I would vote for that (using nginx as backend since it already exists).
This way the syntax can also be expanded over time if needed (start with the basics and then add whatever might be needed along the road such as SSL/TLS support etc).
Configwise that would probably need to be solved as virtualhost with capability to select listenaddress/interface and have its own logging (so its not mixed with the HTTP-API stuff).
Example/suggestions below mostly based on webfs options:
set service web-server listen-address 0.0.0.0 set service web-server port 8000 set service web-server directory '/tmp/www' set service web-server host 'example.com', 'www.example.com' set service web-server timeout 120 set service web-server concurrent-requests 100 set service web-server directory-listing 'disable' set service web-server index-file 'index.html', 'index.htm' set service web-server user 'www-data' set service web-server group 'www-data'
NGINX is possible, but he is used for now only for API. The first thing was don't touch it by other services for as long as possible.
If some service could be overlapped with API or trying to restart the NGINX service it is a bad thing.
The fear of having the HTTP-API part of nginx compromised by another virtualhost config (as in they are sharing the same process) should be overcome by having a dedicated config file and start a 2nd nginx process.
For example (omitted other parameters):
\# Used for HTTP-API
nginx -c http-api.conf
\# Used for web-server section of VyOS config, only runned if there exists a web-server section
nginx -c vyos.conf
The above vyos.conf would contain various virtualhosts etc configured through the vyos config.
One possible drawback would be that when http-api.conf is started first it will occupy the TCP port being used (unless limited by listen-address to a single interface). But this issue exists no matter which binary (python, webfs etc) will be used for the web-server section.
That is with the 2 process approach you cant have the HTTP-API being runned on say TCP80 on eth0 and at the same time having the web-server section in vyos config use the same port on the same interface (or if configured with 0.0.0.0 as listen-address).