Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix no-auth disabling https #573

Merged
merged 1 commit into from
Apr 23, 2019
Merged

Fix no-auth disabling https #573

merged 1 commit into from
Apr 23, 2019

Conversation

nol166
Copy link
Contributor

@nol166 nol166 commented Apr 23, 2019

Describe in detail the problem you had and how this PR fixes it

--no-auth disallows password requirement and SSL, it should instead only disallow the password requirement. Changes the default value from undefined to false for the --no-auth flag

Is there an open issue you can link to?

fixes #300

@nol166 nol166 requested a review from kylecarbs April 23, 2019 16:07
@nol166 nol166 requested a review from code-asher as a code owner April 23, 2019 16:07
@nol166 nol166 changed the title Fix no-auth to still use HTTPS, set default for no-auth to false Fix no-auth disabling https Apr 23, 2019
@code-asher code-asher merged commit 6b887dc into master Apr 23, 2019
@code-asher code-asher deleted the fix/no-auth branch April 23, 2019 21:38
kylejeske added a commit to 2n2b1/code-server that referenced this pull request Apr 24, 2019
@kylejeske
codercom updates (#1)
a0cc5d7 
* Add --socket flag (coder#564)

* Add --socket flag

* Add msg for already bound socket

* Bundle grammars (coder#563)

* Fix clipboard pasting

* Remove log statement from copy

* Offer https/http url based on schema (coder#572)

* Let people know when telemetry is disabled, change url to https if secure connection

* Remove --no-auth as a http candidate

* Rename variable, change let to const

* Fix no-auth to still use HTTPS, set default for no-auth to false (coder#573)

* Fix markdown preview focus (coder#546)

* Fix hash

* Remove whitespace
@RyanEwen
Copy link

RyanEwen commented May 1, 2019

Either this issue still exists or it hasn't made it into the docker version as of yet

nwtnsqrd
nwtnsqrd reviewed May 24, 2019
View reviewed changes
packages/server/src/server.ts
@@ -133,7 +133,7 @@ export const createApp = async (options: CreateAppOptions): Promise<{
});
});

const server = httpolyglot.createServer(options.bypassAuth ? {} : options.httpsOptions || certs, app) as http.Server;
const server = httpolyglot.createServer(options.allowHttp ? {} : options.httpsOptions || certs, app) as http.Server;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change causes (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) when running code-server behind a reverse proxy which provides SSL. Although this is likely due to faulty configuration of the reverse proxy. In nginx, I had to change

location / {
       proxy_pass https://localhost:8443;
       [...]

to

location / {
       proxy_pass http://localhost:8443;
       [...]

Just posting this here in case anyone mis-configured their reverse proxy like I did ;)

code-asher pushed a commit that referenced this pull request Jun 19, 2019
@nol166 @code-asher
Fix no-auth to still use HTTPS, set default for no-auth to false (#573)
5dc9fb4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nwtnsqrd nwtnsqrd nwtnsqrd left review comments

@code-asher code-asher code-asher approved these changes

@kylecarbs kylecarbs Awaiting requested review from kylecarbs

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

--no-auth flag also disables SSL
4 participants
@nol166 @RyanEwen @nwtnsqrd @code-asher