https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> I used kratos on my server(on-premi...
# ory-copilot
f
@chilly-king-10285 I used kratos on my server(on-premise) was hosted on auth.a.com domain When i develop on local system, boot local kratos for localhost domain. Now, I should build stage server(test servce) for our QA team. It would be hosted on auth.dev.a.com domain. Can i allow localhost on auth.dev.a.com? I really want to dispose local kratos server.
c
A message from kapa.ai
Yes, you can configure Ory Kratos to use UI views hosted on your local machine. This can be done by using the [Ory Tunnel](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel) to create a connection between your local environment and the Ory Network. This will allow the system to accept 
<http://localhost:1234/>
as part of the same domain as your project. However, this should be used for development purposes only. When you go to production, always add a custom domain to your project. Here is an example of how you can configure it:
Copy code
bash # Clone and run Ory Kratos locally git clone --depth 1 --branch master <https://github.com/ory/kratos.git>   cd kratos   git checkout master   git pull -ff   docker-compose -f quickstart.yml -f contrib/quickstart/kratos/cloud/quickstart.yml up --build --force-recreate -d    # Set the environment variable to the exposed port: export ORY_SDK_URL=<http://localhost:4433>
Then, you can start the Ory proxy to mirror the Ory API endpoints on your application's domain (
localhost
):
Copy code
bash ory proxy <http://localhost:3000>
You can then access the application at http://localhost:4000. Remember to keep the domain consistent across your configuration. This means if you use 
localhost
or 
127.0.0.1
, it should be used consistently. Sources: - [Configure Ory to use your UI](https://www.ory.sh/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui#development) - [Mixing up 127.0.0.1 and localhost](https://www.ory.sh/docs/kratos/debug/csrf#mixing-up-127001-and-localhost) - [Run your Vue.js app](https://www.ory.sh/docs/getting-started/integrate-auth/vue#run-your-vuejs-app) - [Test your application](https://www.ory.sh/docs/getting-started/integrate-auth/go#test-your-application)
f
@chilly-king-10285 Can i allow two domains(localhost:5173, auth.a.com) on on-premise kratos?
c
A message from kapa.ai
Based on the information provided in the extracts, Ory Kratos does not currently support setting up session cookies running on two separate top-level domains (for example 
localhost:5173
and 
auth.a.com
). This is due to the way HTTP cookies work, as they ignore ports and subdomains can set HTTP cookies for parent domains. However, you can adjust the session cookie's domain using the following configuration in your 
config.yml
file:
Copy code
yaml # Settings for both anti-CSRF and session cookies   cookies:    domain: <http://www.cookies.com|www.cookies.com>    path: /cookies    same_site: Lax      session:    cookie:    # Overrides cookies.domain for session cookies    domain: <http://my-domain.com|my-domain.com>       # Overrides cookies.path for session cookies    path: /       # Overrides cookies.samesite for session cookies    same_site: Strict
This issue is being tracked in the Ory Kratos GitHub repository under issue [kratos#662](https://github.com/ory/kratos/issues/662). For more information, you can refer to the [Advanced base URL, CSRF and session cookie settings](https://www.ory.sh/docs/kratos/guides/multi-domain-cookies) guide.
f
@chilly-king-10285 Can i allow two domains(localhost:5173, auth.a.com) on on-premise kratos?
c
A message from kapa.ai
Based on the information provided in the extracts, Ory Kratos does not currently support setting up session cookies running on two separate top-level domains (for example 
localhost:5173
and 
auth.a.com
). This is due to the way HTTP cookies work, as they ignore ports and subdomains can set HTTP cookies for parent domains. However, you can adjust the session cookie's domain using the following configuration in your 
config.yml
file:
Copy code
yaml # Settings for both anti-CSRF and session cookies   cookies:    domain: <http://www.cookies.com|www.cookies.com>    path: /cookies    same_site: Lax      session:    cookie:    # Overrides cookies.domain for session cookies    domain: <http://my-domain.com|my-domain.com>       # Overrides cookies.path for session cookies    path: /       # Overrides cookies.samesite for session cookies    same_site: Strict
This issue is being tracked in the Ory Kratos GitHub repository under issue [kratos#662](https://github.com/ory/kratos/issues/662). For more information, you can refer to the [Advanced base URL, CSRF and session cookie settings](https://www.ory.sh/docs/kratos/guides/multi-domain-cookies) guide.
f
@chilly-king-10285 Is there any way to allow localhost and another domain in on-premise kratos? It's very annoying to boot kratos for localhost during development.
c
A message from kapa.ai
Yes, you can configure Ory Kratos to use UI views hosted on your local machine while developing. This can be done by using the [Ory Tunnel](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel) to create a connection between your local environment and the Ory Network. This will allow the system to accept 
<http://localhost:1234/>
as part of the same domain as your project. However, this should be used for development purposes only. When you go to production, always add a custom domain to your project. Here is an example of how you can configure it:
Copy code
bash # Clone and run Ory Kratos locally git clone --depth 1 --branch master <https://github.com/ory/kratos.git>   cd kratos   git checkout master   git pull -ff   docker-compose -f quickstart.yml -f contrib/quickstart/kratos/cloud/quickstart.yml up --build --force-recreate -d    # Set the environment variable to the exposed port: export ORY_SDK_URL=<http://localhost:4433>
Then, you can start the Ory proxy to mirror the Ory API endpoints on your application's domain (
localhost
):
Copy code
bash ory proxy <http://localhost:3000>
You can then access the application at http://localhost:4000. Remember to keep the domain consistent across your configuration. This means if you use 
localhost
or 
127.0.0.1
, it should be used consistently. Sources: - [Configure Ory to use your UI](https://www.ory.sh/docs/kratos/bring-your-own-ui/configure-ory-to-use-your-ui#development) - [Mixing up 127.0.0.1 and localhost](https://www.ory.sh/docs/kratos/debug/csrf#mixing-up-127001-and-localhost) - [Run your Vue.js app](https://www.ory.sh/docs/getting-started/integrate-auth/vue#run-your-vuejs-app) - [Test your application](https://www.ory.sh/docs/getting-started/integrate-auth/go#test-your-application)
f
@chilly-king-10285If hosted domain is auth.a.com export auth.a.com ory proxy http://localhost:5173 it would work?
c
A message from kapa.ai
Based on the information provided in the extracts, you can use the Ory Proxy in a production setup when self-hosting Ory components. You can set the entry point URL to the domain where you want to expose the app through the Ory Proxy. Here is an example of how you can configure it:
Copy code
bash # Set the environment variable to the exposed port: export ORY_SDK_URL=<http://auth.a.com>    # Start the Ory proxy ory proxy <http://localhost:5173> <http://auth.a.com>
This command will start the Ory Proxy and expose your local application (running on 
localhost:5173
) on the 
<http://auth.a.com>
domain. Please note that the Ory Proxy should never be the main entry point to your application. Always run an ingress proxy such as Nginx or Traefik in front. Sources: - [Use Ory Proxy when self-hosting](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel#use-ory-proxy-when-self-hosting) - [Use Ory Proxy with virtual and dedicated servers](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel#use-ory-proxy-with-virtual-and-dedicated-servers)
25 Views
Open in Slack
PreviousNext
Powered by