~hey all working on a traefik gateway with ory and running i Ory Community #ory-selfhosting

hey all--working on a traefik gateway with ory, an...

loud-engineer-1276

03/21/2023, 1:16 AM

~~hey all--working on a traefik gateway with ory, and running into an infinite loop issue with this compose setup:~~

Copy code

kratos-selfservice-ui-node:
    image: oryd/kratos-selfservice-ui-node:v0.11.1
    ports:
      - "4455:4455"
    environment:
      - PORT=4455
      - KRATOS_PUBLIC_URL=<http://kratos:4433/>
      - KRATOS_BROWSER_URL=<http://127.0.0.1:4433/>
    networks:
      - intranet
    restart: on-failure
    labels:
      - "traefik.enable=true"
      - "traefik.http.services.login-ui.loadbalancer.server.port=4455"
      - "traefik.http.routers.login-ui.rule=PathPrefix(`/login/`)"
      - "traefik.http.routers.login-ui.middlewares=login-ui-stripprefix"
      - "traefik.http.middlewares.login-ui-stripprefix.stripprefix.prefixes=/login"

in my
kratos.yml
, I've updated all references to
127.0.0.1:4455
to
localhost:8080/login
:

Copy code

version: v0.11.0

dsn: memory

serve:
  public:
    base_url: <http://127.0.0.1:4433/>
    cors:
      enabled: true
  admin:
    base_url: <http://kratos:4434/>

selfservice:
  default_browser_return_url: <http://localhost:8080/login/>
  allowed_return_urls:
    - <http://localhost:8080/login/>

  methods:
    password:
      enabled: true
    totp:
      config:
        issuer: Kratos
      enabled: true
    lookup_secret:
      enabled: true
    link:
      enabled: true
    code:
      enabled: true

  flows:
    error:
      ui_url: <http://localhost:8080/login/error>

    settings:
      ui_url: <http://localhost:8080/login/settings>
      privileged_session_max_age: 15m
      required_aal: highest_available

    recovery:
      enabled: true
      ui_url: <http://localhost:8080/login/recovery>
      use: code

    verification:
      enabled: true
      ui_url: <http://localhost:8080/login/verification>
      use: code
      after:
        default_browser_return_url: <http://localhost:8080/login/>

    logout:
      after:
        default_browser_return_url: <http://localhost:8080/login/login>

    login:
      ui_url: <http://localhost:8080/login/login>
      lifespan: 10m

    registration:
      lifespan: 10m
      ui_url: <http://localhost:8080/login/registration>
      after:
        password:
          hooks:
            - hook: session

log:
  level: debug
  format: text
  leak_sensitive_values: true

secrets:
  cookie:
    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
  cipher:
    - 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
  algorithm: xchacha20-poly1305

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>

however, when I try to access kratos via
<http://localhost:8080/login>
, I expect to see the welcome, but instead get sent on an infinite redirect loop between kratos and the self service module. I've got a WIP gist here: https://gist.github.com/thatrandybrown/b975133eacb59a1a703ffe5d0ac7e8b5, but most everything isn't materially different from https://github.com/ory/kratos/blob/master/quickstart.yml and https://github.com/ory/examples/tree/master/oathkeeper/07-traefik-decision, which is what I'm working toward. ~~My hope is that I don't need to bypass my gateway and access auth directly. any help on where I might need to look would be greatly appreciated.~~

3 Views

Open in Slack

Previous Next