slimsag
commented
1 year ago Hey friend :) Thanks for the issue
When the app launches, it generates a nonce sign in URL and uses that to open your browser without needing to sign in (while still keeping the instance secure so it's not an open server on your machine.)
Ideally the app would set up HTTPS automatically, but it would be nice if it even just had a workaround for a reverse proxy.
Totally agree; what we'll add soon is a way to change the password (cc @keegancsmith), e.g. via a sourcegraph CLI command or such so that you can sign in when accessing it over HTTPS or otherwise without the nonce URL.
It may be possible to navigate to /users/admin/settings/security right now and change your password from there, but I haven't tried it so not 100% certain
felixfbecker
I tried to use the App locally so I could use the browser extension to review PRs and I really liked the easy setup of the app.
But the browser extension unfortunately doesn't work with it, because it requires the URL to be HTTPS (a browser limitation).
I tried to set up an NGINX reverse proxy locally with a self-signed certificate, but when I then open
https://localhostI get a login screen:Which I'm not sure how to proceed from, since the HTTP localhost endpoint doesn't require any credentials and shows no user account in the top right. It looks like the auth middleware is not working when the endpoint is proxied from HTTPS.
I also tried updating
externalURLinsite-config.jsonto point to the HTTPS endpoint, but it seems to always get reverted when restarting the server.Ideally the app would set up HTTPS automatically, but it would be nice if it even just had a workaround for a reverse proxy.