Closed master-chief-2009 closed 2 months ago
I have been examining how the HTTP server is initiated within the project's codebase. It appears that the server is configured to start automatically, with no inherent option to prevent this behavior.
supervisord
will only listen on a socket if it is configured to do so:
[inet_http_server]
section is present in the config file will supervisord
listen on an inet socket.[unix_http_server]
section is present in the config file will supervisord
listen on a domain socket.In our setup, security scans have flagged the HTTP ports as vulnerable due to the lack of SSL encryption. An ability to disable the HTTP server via a command-line argument would greatly mitigate this issue by preventing the exposure of these ports.
Remove the [inet_http_server]
section from the config file.
Hello,
I have been examining how the HTTP server is initiated within the project's codebase. It appears that the server is configured to start automatically, with no inherent option to prevent this behavior. This default setup poses a challenge, especially in environments with stringent security requirements.
In our setup, security scans have flagged the HTTP ports as vulnerable due to the lack of SSL encryption. An ability to disable the HTTP server via a command-line argument would greatly mitigate this issue by preventing the exposure of these ports.
To address this, I propose the introduction of a feature: a flag that can be used to toggle the HTTP server's startup state. This addition would not only enhance security by allowing the server to be turned off when not needed but also provide greater flexibility in how the service is deployed and managed.
Thank you for considering this feature request. Implementing such a flag could significantly improve the project's adaptability to diverse operational environments.