chore(docker): remove unused supervisord admin port

[wyattwalter]

Summary

The supervisord inet HTTP server on port 9001 is not used by anything internally — supervisorctl (Java backend self-restart, RTS, healthcheck, auto_heal) goes through the Unix socket. The admin port is dead config we don't need.

Removed

• [inet_http_server] block in supervisord.conf
• APPSMITH_SUPERVISOR_USER / _PASSWORD generation in entrypoint.sh
• SUPERVISOR_PASSWORD positional arg in docker.env.sh template (shifts REDIS_PASSWORD from $6 to $5)
• APPSMITH_SUPERVISOR_PASSWORD entry in app.json (Heroku)
• /supervisor route in caddy-reconfigure.mjs

Compatibility

APPSMITH_SUPERVISOR_PASSWORD set in customer env files will be ignored; the /supervisor URL will 404. Docs page covering it will be updated separately.

Test plan

• CI passes
• Local container build comes up, all processes start under supervisord
• supervisorctl status still works inside the container (Unix socket)
• License change / env reload still restarts the JVM (EnvManagerCEImpl flow)

Summary by CodeRabbit

• Chores
  • Removed Supervisor password authentication configuration.
  • Disabled Supervisor TCP web interface.
  • Updated reverse proxy routing for internal services.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 80160863-704a-4e5f-a631-e4c0ef7f12d8

📥 Commits

Reviewing files that changed from the base of the PR and between d44df5f and 13eacee.

📒 Files selected for processing (5)

• app.json
• deploy/docker/fs/etc/supervisor/supervisord.conf
• deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs
• deploy/docker/fs/opt/appsmith/entrypoint.sh
• deploy/docker/fs/opt/appsmith/templates/docker.env.sh

💤 Files with no reviewable changes (2)

• deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs
• deploy/docker/fs/etc/supervisor/supervisord.conf

---

Walkthrough

This PR removes supervisor password authentication from the Appsmith deployment configuration and updates internal reverse proxy routing. The changes disable the TCP supervisor HTTP interface, strip supervisor credentials from configuration templates and environment generation, and redirect /rts/* traffic to port 8091 instead of routing /supervisor/* to port 9001.

Changes

Supervisor Authentication and Routing Reconfiguration

Layer / File(s)	Summary
Supervisor configuration removal from app and supervisor config app.json, deploy/docker/fs/etc/supervisor/supervisord.conf	APPSMITH_SUPERVISOR_PASSWORD environment variable is removed from app.json, and the [inet_http_server] TCP interface block is removed from supervisord.conf, leaving only UNIX socket RPC.
Docker environment generation cleanup deploy/docker/fs/opt/appsmith/entrypoint.sh, deploy/docker/fs/opt/appsmith/templates/docker.env.sh	entrypoint.sh no longer generates a supervisor password and updates the docker.env.sh call signature; docker.env.sh removes SUPERVISOR_PASSWORD argument parsing and stops exporting APPSMITH_SUPERVISOR_USER and APPSMITH_SUPERVISOR_PASSWORD in the generated environment.
Caddy reverse proxy routing updates deploy/docker/fs/opt/appsmith/caddy-reconfigure.mjs	/supervisor/* reverse proxy route to port 9001 is removed and replaced with a /rts/* route to port 8091.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Poem

🔐 Supervisor's locks are now unset,
No password token to forget,
Routes redirect through RTS's door,
TCP interface exists no more. ✨

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 0.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately summarizes the main change—removing the unused supervisord admin port—and is concise and clear.
Description check	✅ Passed	The description provides clear context, lists all removed components, addresses compatibility concerns, and includes a test plan. However, it does not include the 'Fixes #Issue' reference or DevRel/Marketing checkbox required by the template.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/remove-supervisor-admin-ui

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[wyattwalter]

/build-deploy-preview skip-tests=true

[github-actions]

Deploying Your Preview: https://github.com/appsmithorg/appsmith/actions/runs/26256565614.
Workflow: On demand build Docker image and deploy preview.
skip-tests: true.
env: ``.
PR: 41837.
recreate: .
base-image-tag: .

[github-actions]

Deploy-Preview-URL: https://ce-41837.dp.appsmith.com