Page MenuHomeVyOS Platform
Create Task
Maniphest T7393

HTTPS API listens on all addresses after changing its listen-address
Closed, ResolvedPublicBUG
Actions

Description

HTTPS API listen-address after configuration API listen to all addresses
To reproduce:

set interfaces ethernet eth1 address 192.0.2.1/30
set service https allow-client address '192.0.2.2'
set service https api keys id KID key 'SdDe9o5s'
commit

set service https listen-address '192.0.2.1'
commit

Check:

vyos@r14# sudo netstat -tulpn | grep nginx
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      8125/nginx: master  
tcp6       0      0 :::443                  :::*                    LISTEN      8125/nginx: master  
[edit]
vyos@r14#

Details

Version
VyOS 2025.04.17-0018-rolling
Is it a breaking change?
Perfectly compatible
Issue type
Bug (incorrect behavior)

Related Objects

Event Timeline

Viacheslav created this task.Apr 24 2025, 5:58 PM
Viacheslav triaged this task as Normal priority.
Viacheslav added projects: VyOS 1.5 Circinus, VyOS 1.4 Sagitta (1.4.3).Apr 24 2025, 6:04 PM
jestabro claimed this task.Apr 24 2025, 7:03 PM
pasik subscribed.Apr 25 2025, 6:21 AM
jestabro added a comment.Apr 30 2025, 1:23 AM

PR:
https://github.com/vyos/vyos-1x/pull/4485

In short, setting listen-address requires an explicit 'systemctl restart nginx' instead of the existing 'systemctl reload-or-restart nginx'; a workaround before merge of the PR is to call the restart.

jestabro mentioned this in rVYOSONEX10dabd1f6523: https: T7393: set listen-address bind fails silently without restart.Apr 30 2025, 11:23 AM
jestabro mentioned this in rVYOSONEX4fb731756e9c: https: T7393: add smoketest for https listen-address.
Restricted Repository Identity mentioned this in rVYOSONEXcec3c1b68b74: Merge pull request #4485 from jestabro/nginx-bind-requires-restart.Apr 30 2025, 11:23 AM
jestabro moved this task from Need Triage to Backport Candidates on the VyOS Rolling board.Apr 30 2025, 9:07 PM
jestabro closed this task as Resolved.May 4 2025, 8:50 PM
jestabro moved this task from Open to Finished on the VyOS 1.5 Circinus board.
jestabro moved this task from Backlog to Finished on the VyOS 1.4 Sagitta (1.4.3) board.
dmbaturin renamed this task from HTTPS API listen-address after configuration API listen to all addresses to HTTPS API listens on all addresses after changing its listen-address.May 28 2025, 8:36 PM
dmbaturin edited projects, added VyOS 1.5 Circinus (1.5-stream-2025-Q2); removed VyOS 1.5 Circinus.
dmbaturin changed Is it a breaking change? from Unspecified (possibly destroys the router) to Perfectly compatible.
dmbaturin moved this task from Open to Finished on the VyOS 1.5 Circinus (1.5-stream-2025-Q2) board.
dmbaturin moved this task from Backport Candidates to Completed on the VyOS Rolling board.
dmbaturin mentioned this in 1.4.3.Jul 17 2025, 8:18 AM