https://www.ory.sh/ logo
Join Slack
Powered by
<@U04UQ68083H> I'm trying to run the Ory tunnel wi...
# ory-copilot
q
@chilly-king-10285 I'm trying to run the Ory tunnel with SSL. I used the command:
Copy code
ory tunnel --dev --project <projectId> https://<domain> --cookie-domain <domain>
When I try to access the whoami endpoint via that https domain I get the following error:
Copy code
Error: write EPROTO 4839707416:error:100000f7:SSL routines:OPENSSL_internal:WRONG_VERSION_NUMBER:../../../../src/third_party/boringssl/src/ssl/tls_record.cc:242:
Am I missing a configuraiton? I tries to set a config file like this to point to the ssl keys but no luck:
Copy code
{
  "serve": {
    "public": {
      "tls": {
        "cert": {
          "path": "/<path>/cert.pem"
        },
        "key": {
          "path": "/<path>/privkey.pem"
        }
      }
    }
  }
}
c
A message from kapa.ai
Based on the information provided in the knowledge sources, it seems like you're trying to set up HTTPS (TLS) for Ory Kratos. You can use self-signed TLS certificates for this purpose. Here's how you can generate and use them: First, generate the certificates:
Copy code
bash openssl genrsa -out key.pem 4096   openssl req -new -x509 -sha256 -key key.pem -out cert.crt -days 365
Then, you can either base64 encode the certificates and keys and pass them as environment variables:
Copy code
bash SERVE_PUBLIC_TLS_CERT_BASE64=$(base64 -i cert.crt)   SERVE_PUBLIC_TLS_KEY_BASE64=$(base64 -i key.pem)   SERVE_ADMIN_TLS_CERT_BASE64=$(base64 -i cert.crt)   SERVE_ADMIN_TLS_KEY_BASE64=$(base64 -i key.pem)
Or, you can directly provide the paths to the certificates and keys:
Copy code
bash SERVE_PUBLIC_TLS_KEY_PATH=/path/to/key.pem   SERVE_PUBLIC_TLS_CERT_PATH=/path/to/cert.crt   SERVE_ADMIN_TLS_KEY_PATH=/path/to/key.pem   SERVE_ADMIN_TLS_CERT_PATH=/path/to/cert.crt
If you're running Docker locally, you can pass these as environment variables:
Copy code
bash docker run ... \    -e SERVE_PUBLIC_TLS_CERT_BASE64="$SERVE_PUBLIC_TLS_CERT_BASE64" \    -e SERVE_PUBLIC_TLS_KEY_BASE64="$SERVE_PUBLIC_TLS_KEY_BASE64" \    -e SERVE_ADMIN_TLS_CERT_BASE64="$SERVE_ADMIN_TLS_CERT_BASE64" \    -e SERVE_ADMIN_TLS_KEY_BASE64="$SERVE_ADMIN_TLS_KEY_BASE64" \    ...
Or, you can mount the files using 
--mount
and linking to the files. Please note that the error you're seeing (
WRONG_VERSION_NUMBER
) typically indicates a protocol mismatch. It's possible that the client is trying to connect using a different version of SSL/TLS than the server is configured to accept. For more details, please refer to the [Ory Kratos HTTPS (TLS) setup guide](https://www.ory.sh/docs/kratos/guides/https-tls).
q
@chilly-king-10285 I'm runninh 
ory proxy
and I would like it to be serve via https, how do I do that
c
A message from kapa.ai
Based on the provided knowledge sources, there isn't a direct way to run the 
ory proxy
command with HTTPS. The 
ory proxy
command is used to expose your application through the Ory Proxy, and it doesn't have a built-in option for HTTPS. However, you can secure your application with HTTPS at the server level. This involves obtaining an SSL certificate for your domain and configuring your server to use this certificate for HTTPS connections. The exact steps for this process depend on your server software (e.g., Nginx, Apache). Here are some general steps: 1. Obtain an SSL certificate for your domain. You can get a free certificate from Let's Encrypt. 2. Install the SSL certificate on your server. The process for this varies depending on your server software. 3. Configure your server to use the SSL certificate for HTTPS connections. This usually involves editing your server's configuration file to specify the paths to the certificate and private key files. 4. Update your server's firewall rules to allow HTTPS traffic on port 443. 5. Restart your server to apply the changes. After setting up HTTPS at the server level, you can continue to use the 
ory proxy
command as before. The Ory Proxy will now be accessible via HTTPS. Please note that this is a general guide and the exact steps may vary depending on your specific setup and server software. For more detailed instructions, please refer to your server software's documentation.
13 Views
Open in Slack
PreviousNext
Powered by