Skip to content

Fix no-auth disabling https#573

Merged
code-asher merged 1 commit into
masterfrom
fix/no-auth
Apr 23, 2019
Merged

Fix no-auth disabling https#573
code-asher merged 1 commit into
masterfrom
fix/no-auth

Conversation

@nol166
Copy link
Copy Markdown
Contributor

@nol166 nol166 commented Apr 23, 2019

Describe in detail the problem you had and how this PR fixes it

--no-auth disallows password requirement and SSL, it should instead only disallow the password requirement. Changes the default value from undefined to false for the --no-auth flag

Is there an open issue you can link to?

fixes #300

@nol166 nol166 requested a review from kylecarbs April 23, 2019 16:07
@nol166 nol166 requested a review from code-asher as a code owner April 23, 2019 16:07
@nol166 nol166 changed the title Fix no-auth to still use HTTPS, set default for no-auth to false Fix no-auth disabling https Apr 23, 2019
@code-asher code-asher merged commit 6b887dc into master Apr 23, 2019
@code-asher code-asher deleted the fix/no-auth branch April 23, 2019 21:38
kylejeske added a commit to 2n2b1/code-server that referenced this pull request Apr 24, 2019
@kylejeske
codercom updates (#1)
a0cc5d7 
* Add --socket flag (coder#564)

* Add --socket flag

* Add msg for already bound socket

* Bundle grammars (coder#563)

* Fix clipboard pasting

* Remove log statement from copy

* Offer https/http url based on schema (coder#572)

* Let people know when telemetry is disabled, change url to https if secure connection

* Remove --no-auth as a http candidate

* Rename variable, change let to const

* Fix no-auth to still use HTTPS, set default for no-auth to false (coder#573)

* Fix markdown preview focus (coder#546)

* Fix hash

* Remove whitespace
@RyanEwen
Copy link
Copy Markdown

RyanEwen commented May 1, 2019

Either this issue still exists or it hasn't made it into the docker version as of yet

nwtnsqrd
nwtnsqrd reviewed May 24, 2019
View reviewed changes
Comment thread packages/server/src/server.ts
});

const server = httpolyglot.createServer(options.bypassAuth ? {} : options.httpsOptions || certs, app) as http.Server;
const server = httpolyglot.createServer(options.allowHttp ? {} : options.httpsOptions || certs, app) as http.Server;
Copy link
Copy Markdown
Contributor

@nwtnsqrd nwtnsqrd May 24, 2019

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This change causes (SSL: error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure:SSL alert number 40) when running code-server behind a reverse proxy which provides SSL. Although this is likely due to faulty configuration of the reverse proxy. In nginx, I had to change

location / {
       proxy_pass https://localhost:8443;
       [...]

to

location / {
       proxy_pass http://localhost:8443;
       [...]

Just posting this here in case anyone mis-configured their reverse proxy like I did ;)

code-asher pushed a commit that referenced this pull request Jun 19, 2019
@nol166 @code-asher
Fix no-auth to still use HTTPS, set default for no-auth to false (#573)
5dc9fb4
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@code-asher code-asher code-asher approved these changes

@kylecarbs kylecarbs Awaiting requested review from kylecarbs

+1 more reviewer

@nwtnsqrd nwtnsqrd nwtnsqrd left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

--no-auth flag also disables SSL

4 participants

@nol166 @RyanEwen @nwtnsqrd @code-asher