BUGFIX: add access.ui setting to scaffolded security.toml

... The property is read here: b70cb3e0b2/weed/server/volume_server.go (L69)
2024-01-19 02:48:24 +00:00 · 2021-12-24 13:59:04 +01:00 · 2021-12-24 13:59:04 +01:00 · 6db49100d6
parent 255a1c7dcd
commit 6db49100d6
1 changed files with 7 additions and 0 deletions
--- a/weed/command/scaffold/security.toml
+++ b/weed/command/scaffold/security.toml
@ -10,6 +10,13 @@
 key = ""
 expires_after_seconds = 10           # seconds

+# by default, if the signing key above is set, the Volume UI over HTTP is disabled.
+# by setting ui.access to true, you can re-enable the Volume UI. Despite
+# some information leakage (as the UI is unauthenticted), this should not
+# pose a security risk.
+[access]
+ui = false
+
 # jwt for read is only supported with master+volume setup. Filer does not support this mode.
 [jwt.signing.read]
 key = ""