mnaberez
commented
2 months ago I have been examining how the HTTP server is initiated within the project's codebase. It appears that the server is configured to start automatically, with no inherent option to prevent this behavior.
supervisord will only listen on a socket if it is configured to do so:
- Only when the
[inet_http_server]section is present in the config file willsupervisordlisten on an inet socket. - Only when the
[unix_http_server]section is present in the config file willsupervisordlisten on a domain socket.
In our setup, security scans have flagged the HTTP ports as vulnerable due to the lack of SSL encryption. An ability to disable the HTTP server via a command-line argument would greatly mitigate this issue by preventing the exposure of these ports.
Remove the [inet_http_server] section from the config file.
Hello,
I have been examining how the HTTP server is initiated within the project's codebase. It appears that the server is configured to start automatically, with no inherent option to prevent this behavior. This default setup poses a challenge, especially in environments with stringent security requirements.
In our setup, security scans have flagged the HTTP ports as vulnerable due to the lack of SSL encryption. An ability to disable the HTTP server via a command-line argument would greatly mitigate this issue by preventing the exposure of these ports.
To address this, I propose the introduction of a feature: a flag that can be used to toggle the HTTP server's startup state. This addition would not only enhance security by allowing the server to be turned off when not needed but also provide greater flexibility in how the service is deployed and managed.
Thank you for considering this feature request. Implementing such a flag could significantly improve the project's adaptability to diverse operational environments.