Server 'unix_http_server' running without any HTTP authentication checking

You got

CRIT Server 'unix_http_server' running without any HTTP authentication checking

is because username/password is not set for supervisor's unix http server.

Add them into supervisord.conf's [unix_http_server]:

[unix_http_server]
username = dummy
password = dummy

But you will be asked for username/password when you use supervisorctl.
Add same items into [supervisorctl] and you are good to go.

[supervisorctl]
username = dummy
password = dummy

More info: (#694) (#717)

If you want the HTTP server to listen on a TCP port (instead of a Unix domain socket), then you need to use inet_http_server instead of unix_http_server.

Documentation: http://supervisord.org/configuration.html#inet-http-server-section-settings