search

strongloop / strong-pm

deployer for node applications
http://strong-pm.io
Other
1k stars 71 forks source link

HTTP basic auth not working #400

Closed htmlauthor closed 7 years ago

htmlauthor commented 7 years ago

Hello everyone, I am running strong-pm@5.2.4 on RedHat Linux v7 server. Set up basic auth on it using: sl-pm-install --http-auth user:pass --force Did systemctl daemon-reload and systemctl restart strong-pm, even tried restarting whole server, but I can still successfully hit slc ctl -C http://server-host:8701 log-dump appname and see logs without any username and password provided.

I can see env STRONGLOOP_PM_HTTP_AUTH=basic:user:pass is set in /etc/init/strong-pm.conf

My expectation was to get connection refused or getting back error 401 if I am trying to access status/logs/anything without providing basic auth credentials, but it is just going through and giving back information to anyone.

Any pointers on what am I missing?

htmlauthor commented 7 years ago

After some sleep and coffee I realized, RedHat 7 is using systemd as an init system. To enable Basic Auth on strong-pm running under RedHat 7:

  1. sl-pm-install --http-auth user:pass --systemd
  2. systemctl daemon-reload
  3. systemctl restart strong-pm

To access status information after enabling basic auth: slc ctl -C http://user:pass@server-host:8701 log-dump apimanager