https://www.ory.sh/ logo
Join Slack
Powered by
Hello, I was able to install and run kratos quicks...
# talk-kratos
b
Hello, I was able to install and run kratos quickstart on my local windows machine (127.0.0.1) but I see problems when I installed it on a VM in the intranet, VM does not have any UI so I am using browser in my PC with <http//accessing|http//ipaddr:4455>, it opens the welcome page fine but any click on the welcome page (sign-in, sign-up etc) fail because it tries to redirect the request to 127.0.0.1. Even after updating the values of 
base_url
, 
default_browser_return_url
and 
ui_url
with the right IP address in the 
./contrib/quickstart/kratos/email-password/kratos.yml
file and docker compose file `quickstart.yml` it does not work and always redirect the request to 127.0.0.1. How could I fix this problem @magnificent-energy-493
@witty-holiday-65473 could you please help here. Thanks!
w
what changes did you make to your 
kratos.yml
? (specifically)
b
I replaced 127.0.0.1 by my VM's IP address
w
Can you paste it in between ``` s?
b
File: contrib/quickstart/kratos/email-password/kratos.yml
Copy code
version: v0.13.0

dsn: memory

serve:
  public:
    base_url: <http://10.2.143.26:4433/>
    cors:
      enabled: true
  admin:
    base_url: <http://kratos:4434/>

selfservice:
  default_browser_return_url: <http://10.2.143.26:4455/>
  allowed_return_urls:
    - <http://10.2.143.26:4455>

  methods:
    password:
      enabled: true
    totp:
      config:
        issuer: Kratos
      enabled: true
    lookup_secret:
      enabled: true
    link:
      enabled: true
    code:
      enabled: true

  flows:
    error:
      ui_url: <http://10.2.143.26:4455/error>

    settings:
      ui_url: <http://10.2.143.26:4455/settings>
      privileged_session_max_age: 15m
      required_aal: highest_available
   recovery:
      enabled: true
      ui_url: <http://10.2.143.26:4455/recovery>
      use: code

    verification:
      enabled: true
      ui_url: <http://10.2.143.26:4455/verification>
      use: code
      after:
        default_browser_return_url: <http://10.2.143.26:4455/>

    logout:
      after:
        default_browser_return_url: <http://10.2.143.26:4455/login>

    login:
      ui_url: <http://10.2.143.26:4455/login>
      lifespan: 10m

    registration:
      lifespan: 10m
      ui_url: <http://10.2.143.26:4455/registration>
      after:
        password:
          hooks:
            - hook: session
            - hook: show_verification_ui

log:
  level: debug
  format: text
  leak_sensitive_values: true

secrets:
  cookie:
    - PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
  cipher:
    - 32-LONG-SECRET-NOT-SECURE-AT-ALL
ciphers:
  algorithm: xchacha20-poly1305

hashers:
  algorithm: bcrypt
  bcrypt:
    cost: 8

identity:
  default_schema_id: default
  schemas:
    - id: default
      url: file:///etc/config/kratos/identity.schema.json

courier:
  smtp:
    connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>
w
Did you set your ORY_SDK_URL for your self-service instance running on :4455?
Cuz if it’s redirecting you to localhost or 127.0.0.1, I’ll bet it’s cuz that env var isn’t set.
b
I did not set ORY_SDK_URL, where is that
w
What self-service flavor are you using? The default “node” one?
b
yes
Copy code
{
  "watch": [
    "src"
  ],
  "ext": "ts",
  "exec": "ts-node ./src/index.ts",
  "env": {
    "CSRF_COOKIE_NAME": "ax-csrf-cookie",
    "COOKIE_SECRET": "I_AM_VERY_SECRET",
    "CSRF_COOKIE_SECRET": "I_AM_VERY_SECRET_TOO",
    "DANGEROUSLY_DISABLE_SECURE_CSRF_COOKIES": "true",
    "ORY_SDK_URL": "<http://localhost:4433>",
    "KRATOS_PUBLIC_URL": "<http://localhost:4433>",
    "KRATOS_ADMIN_URL": "<http://localhost:4434>"
  }
}
is this the one?
w
Then, wherever you’re starting that up, set that environment variable to the docker ip you have in the Kratos yml with the :4455 port.
Well there’s your issue.
You have Kratos set up using some docker ip for Kratos and Kratos’ self service ui. But for the self service ui you have that set up for localhost.
Change the ORY and KRATOS env vars to match what you put in the Kratos yml. http://10.2.143.26:4455/
Well. Not the admin url. Also. You don’t need all of those. Pick one. ORY_SDK_URL or KRATOS_PUBLIC_URL. At least for this QuickStart.
Copy code
{
  "watch": [
    "src"
  ],
  "ext": "ts",
  "exec": "ts-node ./src/index.ts",
  "env": {
    "CSRF_COOKIE_NAME": "ax-csrf-cookie",
    "COOKIE_SECRET": "I_AM_VERY_SECRET",
    "CSRF_COOKIE_SECRET": "I_AM_VERY_SECRET_TOO",
    "DANGEROUSLY_DISABLE_SECURE_CSRF_COOKIES": "true",
    "KRATOS_PUBLIC_URL": "<http://10.2.143.26:4455/>"
  }
}
b
I changed all 3 and restarted the docker containers but the problem is not fixed
w
If that doesn’t work, it would be because the ip is wrong. (Cuz your docker is creating a new docker network each time you bring it up)
Why not bind the ports to your local host machine?
So you don’t have to do clumsy docker ip dances?
b
hmm let me try that, Thanks!
that didn't work either because sign in page opens at 4433
here is my port binding ssh -L 4455localhost4455 nutanix@10.2.143.26
w
Sorry. I was talking about docker port binding.
And using “host.docker.internal” instead of the ip/localhost
b
nevermind, I did port forwarding on my local windows machine and following worked ssh -L 4455127.0.0.14455 -L 4433127.0.0.14433 xyz@10.2.143.26
somehow my credentials are not working, is there any way to erase everything and start over again. Also I never received validation code on my email during sign-up and I was forced to setup google authenticator
w
you won't get an email. not with quickstart. you'll need to add another forward 
ssh -L 4455:127.0.0.1:4455 -L 4433:127.0.0.1:4433 -L 4436:127.0.0.1:4436 xyz@10.2.143.26
(mailslurper) since quickstart/dev/demo/whatever will run the mailslurper fake/loopback mailer.
127 Views
Open in Slack
PreviousNext
Powered by