diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6185d9f3c..909cc3031 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@
 - Use relative paths in mount scripts
 - Run the docker image with the system user
 - During the setup, autoconfigure the main domain
+- During the setup, ask to set ALLOW_INSECURE_HTTP if DEFAULT_PROTOCOL was set to http
 - Fix a bug: unable to generate the secret key base during the setup
 - [TODO DEPLOY] `\curl -sSL https://raw.githubusercontent.com/sleede/fab-manager/master/scripts/set-docker-user.sh | bash`
 
diff --git a/setup/setup.sh b/setup/setup.sh
index fad858f01..d69a433cc 100755
--- a/setup/setup.sh
+++ b/setup/setup.sh
@@ -355,6 +355,16 @@ configure_env_file()
   # we automatically generate the SECRET_KEY_BASE
   secret=$(docker-compose -f "$FABMANAGER_PATH/docker-compose.yml" run --user "$(id -u):$(id -g)" --rm "$SERVICE" bundle exec rake secret)
   sed -i.bak "s/SECRET_KEY_BASE=/SECRET_KEY_BASE=$secret/g" "$FABMANAGER_PATH/config/env"
+
+  # if DEFAULT_PROTOCOL was set to http, ALLOW_INSECURE_HTTP is probably required
+  if grep "^DEFAULT_PROTOCOL=http$" "$FABMANAGER_PATH/config/env"; then
+    get_md_anchor "$doc" "ALLOW_INSECURE_HTTP"
+    printf "You have set \e[1mDEFAULT_PROTOCOL\e[21m to \e[1mhttp\e[21m.\n"
+    read -rp "Do you want to allow insecure HTTP? (y/N) " confirm </dev/tty
+    if [ "$confirm" = "y" ]; then
+      sed -i.bak "s/ALLOW_INSECURE_HTTP=.*/ALLOW_INSECURE_HTTP=true/g" "$FABMANAGER_PATH/config/env"
+    fi
+  fi
 }
 
 read_password()