怎么设置允许http访问呢，我们是内网做的，不需要https的

[loverto]

怎么设置允许http访问呢，我们是内网做的，不需要https的，

[gabrie-allaigre]

Sorry, I don't understand. Please write english.
With google translation, SonarQube requires to have https for oauth

[loverto]

Our system is used by the internal network, I think there is no need to use https, this plugin must use https? Or that is sonarqube need, if I do not want to use https, then I manually modify the plugin can solve this problem, I would like to know where to amend?

[loverto]

2017.05.26 09:20:02 ERROR web[AVxECceHChrxi02dAADk][o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'gitlab'

[misterfifi1]

Hi,
In this case, Gitlab is an OAuth provider and follow the OAUTH 2.0 RFC, the communication between servers must be secured. so HTTPS is mandatory. I don't know if it is possible to use it in your context, but you can use https://letsencrypt.org/ to create the certificate.
Regards,

[Totti0135]

I have the same question, but I just want to know wether both sonarqube and gitlab need https or just sonarqube?

[gabrie-allaigre]

Hi,
SonarQube need https.
GitLab maybe.

[misterfifi1]

Hi,
From my point of view, following the OAuth 2.0 RFC (Section: 10.9. Ensuring Endpoint Authenticity), all servers must be secured and the communication should be done through TLS (only localhost is autorised in HTTP for tests purpose). Therefore HTTPS should be activated on both.

if needed, you can create a free certificate using https://letsencrypt.org/

Regards.