Date: Fri, 16 Apr 2021 04:36:05 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 255106] www/caddy: rc.d/caddy requires admin API for stopping Message-ID: <bug-255106-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255106 Bug ID: 255106 Summary: www/caddy: rc.d/caddy requires admin API for stopping Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Some People Priority: --- Component: Individual Port(s) Assignee: adamw@FreeBSD.org Reporter: thijs@vandien.net Assignee: adamw@FreeBSD.org Flags: maintainer-feedback?(adamw@FreeBSD.org) Caddy can be controlled using an admin API endpoint that it serves on localhost:2019. Having that enabled is not ideal from a security perspectiv= e, because any user able to log in may connect to it. Disabling it with `admin off` in the global config breaks `service caddy reload` as well as `service caddy stop`. The former (as of Caddy 2) does not appear to have an alternative anymore, but perhaps at least the latter coul= d be rewritten using to make use of `kill`? Meanwhile, I'll then file an issue w= ith the Caddy project so we can hopefully fix reloading after. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255106-7788>