Can't log in from a fresh LXC deploy, and the service is LAN-only by
design. Rip out the whole bcrypt-password / signed-cookie session
layer: internal/auth, login templates, gen-admin-password binary +
Makefile targets, auth config block, login/logout routes and the
RequireSession middleware wrap. Agent bearer-token auth on
/api/v1/runs/{id}/* is untouched.
Operators who want a password can front the service with a reverse
proxy — noted in README and docs/operations.md.
This commit is contained in:
@@ -28,15 +28,6 @@ janitor:
|
||||
# Interval between cleanup sweeps. 0 defaults to 60.
|
||||
interval_minutes: 60
|
||||
|
||||
auth:
|
||||
# bcrypt hash of your admin password.
|
||||
# Generate via: ./bin/gen-admin-password "your-password"
|
||||
admin_password_bcrypt: "$2a$10$REPLACE_ME_WITH_A_REAL_BCRYPT_HASH_0123456789abcdefABCDEFxx"
|
||||
# Random 32-byte hex string used to sign session cookies.
|
||||
# Generate via: openssl rand -hex 32 (or use PowerShell equivalent)
|
||||
session_secret_hex: "0000000000000000000000000000000000000000000000000000000000000000"
|
||||
session_ttl_hours: 24
|
||||
|
||||
dispatcher:
|
||||
max_concurrent_runs: 3
|
||||
|
||||
|
||||
Reference in New Issue
Block a user