diff --git a/pkg/server/server.go b/pkg/server/server.go index bc059f333001..696b0fc8dfc8 100644 --- a/pkg/server/server.go +++ b/pkg/server/server.go @@ -1234,21 +1234,6 @@ func (s *Server) Start(ctx context.Context) error { // endpoints. s.mux.Handle(debug.Endpoint, debug.NewServer(s.st)) - // Serve UI assets. This needs to be before the gRPC handlers are registered, otherwise - // the `s.mux.Handle("/", ...)` would cover all URLs, allowing anonymous access. - maybeAuthMux := newAuthenticationMuxAllowAnonymous( - s.authentication, ui.Handler(ui.Config{ - ExperimentalUseLogin: s.cfg.EnableWebSessionAuthentication, - LoginEnabled: s.cfg.RequireWebSession(), - GetUser: func(ctx context.Context) *string { - if u, ok := ctx.Value(webSessionUserKey{}).(string); ok { - return &u - } - return nil - }, - })) - s.mux.Handle("/", maybeAuthMux) - // Initialize grpc-gateway mux and context in order to get the /health // endpoint working even before the node has fully initialized. jsonpb := &protoutil.JSONPb{ @@ -1537,16 +1522,6 @@ func (s *Server) Start(ctx context.Context) error { s.serveMode.set(modeOperational) - s.mux.Handle(adminPrefix, authHandler) - // Exempt the health check endpoint from authentication. - s.mux.Handle("/_admin/v1/health", gwMux) - s.mux.Handle(ts.URLPrefix, authHandler) - s.mux.Handle(statusPrefix, authHandler) - s.mux.Handle(loginPath, gwMux) - s.mux.Handle(logoutPath, authHandler) - s.mux.Handle(statusVars, http.HandlerFunc(s.status.handleVars)) - log.Event(ctx, "added http endpoints") - log.Infof(ctx, "starting %s server at %s (use: %s)", s.cfg.HTTPRequestScheme(), s.cfg.HTTPAddr, s.cfg.HTTPAdvertiseAddr) log.Infof(ctx, "starting grpc/postgres server at %s", s.cfg.Addr) @@ -1609,6 +1584,33 @@ func (s *Server) Start(ctx context.Context) error { log.Info(ctx, "serving sql connections") // Start servicing SQL connections. + // Serve UI assets. This needs to be before the gRPC handlers are registered, otherwise + // the `s.mux.Handle("/", ...)` would cover all URLs, allowing anonymous access. + maybeAuthMux := newAuthenticationMuxAllowAnonymous( + s.authentication, + ui.Handler(ui.Config{ + ExperimentalUseLogin: s.cfg.EnableWebSessionAuthentication, + LoginEnabled: s.cfg.RequireWebSession(), + GetUser: func(ctx context.Context) *string { + if u, ok := ctx.Value(webSessionUserKey{}).(string); ok { + return &u + } + return nil + }, + }), + ) + s.mux.Handle("/", maybeAuthMux) + + s.mux.Handle(adminPrefix, authHandler) + // Exempt the health check endpoint from authentication. + s.mux.Handle("/_admin/v1/health", gwMux) + s.mux.Handle(ts.URLPrefix, authHandler) + s.mux.Handle(statusPrefix, authHandler) + s.mux.Handle(loginPath, gwMux) + s.mux.Handle(logoutPath, authHandler) + s.mux.Handle(statusVars, http.HandlerFunc(s.status.handleVars)) + log.Event(ctx, "added http endpoints") + // Attempt to upgrade cluster version. s.startAttemptUpgrade(ctx)