Seems chrome on mac no longer allow advanced->visit trick for our self-sign ssl, so we have return to http for a while.
I disabled 301 redirects and changed port to *80 in httpd config file, yet redirect to https sitll happen. What is redirecting and what should I do?
clear your cache. 301 redirects are cached.
also, if that instance is exposed to the internet using plain http is not ok since passwords and session cookies are transmitted in plain text. that’s pretty insecure and should never be done. you could just use let’s encrypt… (if you don’t have a domain - i don’t remember if that was you or someone else here - you can always get one of the free dyndns-like ones…)
Yes that’s me. We are in local net without local dns, so we have to do with ip. Heard let’s encrypt will not sign for ip address. 
Cleared browser cache and works. (also changed uwsgi to http)
My users want https (so windows user can use as normal) and http (for mac user) exist together. Could there be two BASE_URL ?
we no longer support mixing http and https.
I don’t see how that would help. Indico is typically deployed on the Internet, and unencrypted connections are not really acceptable anymore in 2021 for anything that’s not public static data with no authentication. It doesn’t matter which host is used for that…
Just wondering, do you have access to public DNS in your local network? Because then my previous suggestion about getting a free dyndns host name and pointing it to your Indico instance’s IP address would allow you got get a Let’s Encrypt certificate - and also stop using the IP address altogether. It’s not like humans are good at memorizing IP addresss anyway 
What I mean, I can prepare two set of httpd config files, with two ports and two domains, both point to a same site (as some sites have multiple domains);
so two files, with one point to http:80, another to https:443 should work too. And that do works, except BASE_URL allows only one domain.
Dyndns may technically work, but a resolved server may cause legal problem in china, so that’s not a pure IT apartment decision… Thanks the advice nonetheless. 
I mean even with a domain name you can restrict access to inside your local network. But not having DNS for anything in your network seems like a more general issue outside the scope of Indico.
We do not plan to support multiple BASE_URLs (or protocols) since having the same content reachable via different hosts contradicts pretty much all best practices that apply nowadays.
Of course you can patch the code yourself to disable the BASE_URL enforcement, but you’ll be on your own with that…