From 066df500e287f807e0ee4f4dac7e573e4170b34d Mon Sep 17 00:00:00 2001 From: ABILASH K B Date: Mon, 25 May 2026 22:30:07 +0530 Subject: [PATCH] docs: document insecure git access env var --- openhands/usage/environment-variables.mdx | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/openhands/usage/environment-variables.mdx b/openhands/usage/environment-variables.mdx index 85124c03..2245ca97 100644 --- a/openhands/usage/environment-variables.mdx +++ b/openhands/usage/environment-variables.mdx @@ -166,6 +166,21 @@ These variables correspond to the `[security]` section in `config.toml`: ## Integration Variables +### Git Provider Access +| Environment Variable | Type | Default | Description | +|---------------------|------|---------|-------------| +| `ALLOW_INSECURE_GIT_ACCESS` | boolean | `false` | Allow OpenHands to connect to git providers over plain HTTP. Set this only for trusted local or internal Gitea/Forgejo instances where HTTPS is not available. | + + + `ALLOW_INSECURE_GIT_ACCESS=true` permits insecure HTTP connections to git providers. Only enable it for trusted local or internal networks that you control. Do not use it for public or untrusted git providers. + + +When running OpenHands with Docker, set this on the OpenHands server container: + +```bash +docker run -e ALLOW_INSECURE_GIT_ACCESS=true openhands/openhands +``` + ### GitHub Integration | Environment Variable | Type | Default | Description | |---------------------|------|---------|-------------| @@ -249,4 +264,4 @@ export DEBUG_RUNTIME=true docker run -e LLM_API_KEY="your-key" -e DEBUG=true openhands/openhands ``` -6. **Validation**: Invalid environment variable values will be logged as errors and fall back to defaults. \ No newline at end of file +6. **Validation**: Invalid environment variable values will be logged as errors and fall back to defaults.