Web interface

Question

Web interface

jsanz1209 opened this issue 2 years ago · 1 comments

Hi everyone!

I have a question related to the web interface (inet_http_server) of supervisord.

For security reasons, should we disable this interface for production environment and only to keep enable for development/testing environment, right?

Thanks in advance

Best regards.

Answer 1 · 2022-09-20T20:16:25.000Z

For security reasons, should we disable this interface for production environment and only to keep enable for development/testing environment, right?

http://supervisord.org/configuration.html#inet-http-server-section-settings advises the following:

The inet HTTP server is not enabled by default. If you choose to enable it, please read the following security warning. The inet HTTP server is intended for use within a trusted environment only. It should only be bound to localhost or only accessible from within an isolated, trusted network. The inet HTTP server does not support any form of encryption. The inet HTTP server does not use authentication by default (see the username= and password= options). The inet HTTP server can be controlled remotely from supervisorctl. It also serves a web interface that allows subprocesses to be started or stopped, and subprocess logs to be viewed. Never expose the inet HTTP server to the public internet.