No, you cannot set up Ory Kratos to run on a different top level domain than your frontend. Ory Kratos and your UI must be hosted on the same top level domain. For example,

<http://kratos.bar.com|kratos.bar.com>

and

<http://ui.bar.com|ui.bar.com>

will work,

<http://kratos.bar.com|kratos.bar.com>

and

<http://bar.com|bar.com>

will work, but

<http://kratos.bar.com|kratos.bar.com>

and

<http://not-ar.com|not-ar.com>

will not work. This is because Ory Kratos' browser features rely heavily on HTTP Cookies to mitigate common attack vectors and make the integration as easy as possible to use. However, running the services on different ports is acceptable, as long as the domain stays the same. Also, it's important to note that HTTP Cookies ignore ports, meaning the browser will send a cookie it received for

<http://my-domain.com:1234>

to

<http://my-domain.com:4321>

as well. For more information, you can refer to the following documentation: - [Initialization and redirect to UI](https://www.ory.sh/docs/kratos/self-service#initialization-and-redirect-to-ui) - [Advanced base URL, CSRF and session cookie settings](https://www.ory.sh/docs/kratos/guides/multi-domain-cookies) - [Running on separate (sub)domains](https://www.ory.sh/docs/kratos/debug/csrf#running-on-separate-subdomains) - [Initialize settings flow](https://www.ory.sh/docs/kratos/self-service/flows/user-settings#initialize-settings-flow) - [Browser flows for client-side apps: Single-Page-Apps, React.js, Angular, Next.js, ...](https://www.ory.sh/docs/kratos/self-service#browser-flows-for-client-side-apps-single-page-apps-reactjs-angular-nextjs-)

Yes, you can run multiple instances of Ory Kratos with the same database. This is part of Ory's scalability feature. To scale Ory, you can spin up another VM, Docker container, or pod of Ory Kratos with the same configuration. Ory scales effortlessly to thousands of pods without any additional work. There is no need for complex key-value stores or message queues to serve high traffic environments. However, when it comes to the mail courier worker that processes emails, only one instance of this mail courier should be run at one time to avoid processing the same email multiple times. For simple single-instance Ory Kratos deployments, the courier can simply be run as a background worker, but for multi-instance Ory Kratos deployments, it needs to be run as a distinct singleton foreground worker. For more information, you can refer to the following documentation: - [Scalability](https://www.ory.sh/docs/self-hosted/operations/scalability) - [Mail courier in self-hosted Ory Kratos](https://www.ory.sh/docs/kratos/self-hosted/mail-courier-selfhosted)

New message text here

If you want to separate your customers and employees, for example, but have them use the same login dialog for your portal, you can deploy Ory Kratos two times, and use the same login UI pointing to two different Kratos login endpoints -

/login/customer

or

/login/employee

. This can be achieved either by having two different login routes, or by adding some logic to your login UI that reroutes customers to

/login/customer

and employees to

/login/employee

. You define the same login or registration UI URLs in both of the Kratos configurations. You may need to tell your login/registration UI which Kratos it's supposed to talk to. The instances are cheap to deploy and the databases are isolated from each other. This way, you can have multiple frontends (or multiple instances of Kratos) that use the same underlying user data. However, each instance of Kratos would need to be configured to point to the correct frontend. For more information, you can refer to the following documentation: - [How can I separate customers/employee data, but have them use the same login dialog](https://www.ory.sh/docs/kratos/debug/troubleshooting#how-can-i-separate-customersemployee-data-but-have-them-use-the-same-login-dialog)

Ory Kratos does not support multi-tenancy, which means you cannot have multiple instances of Kratos sharing the same database while serving different top-level domains. Each instance of Kratos is designed to be isolated and serve a single tenant. However, you can deploy multiple instances of Kratos, each with its own database and configuration, to serve different top-level domains. Each instance can be configured to point to a different frontend and have its own Kubernetes ingress. For more information, you can refer to the following documentation: - [Multitenancy](https://www.ory.sh/docs/kratos/guides/multi-tenancy-multitenant) - [General troubleshooting](https://www.ory.sh/docs/kratos/debug/troubleshooting)

I understand your frustration. The design decisions in Ory Kratos are made with security and simplicity in mind. While this might limit some use-cases, it ensures that the system remains secure and easy to use for the majority of scenarios. If you have specific requirements that are not currently supported, I would recommend reaching out to the Ory community or the Ory team directly. They are always open to feedback and might be able to provide guidance or consider your use-case for future updates. You can reach out to them through the [Ory Support](https://www.ory.sh/support/) page.

I understand your point, and it seems like a reasonable suggestion. However, as of now, Ory Kratos does not support multiple base URLs in its configuration. The base URL is a fundamental part of the configuration and is used to compute redirect URLs, form action URLs, and more. If you believe this feature would be beneficial, I recommend creating a feature request in the [Ory Kratos GitHub repository](https://github.com/ory/kratos/issues). The Ory team is very responsive to community feedback and may consider implementing this feature in future releases.

After a successful user registration in Ory Kratos, you can configure it to redirect to a specific URL. This is done by setting the

default_browser_return_url

under the

selfservice.flows.registration.after

configuration key. Here is an example of how you can set it up:

yaml selfservice:     flows:       registration:         after:           default_browser_return_url: <https://end-up-here-after-registration/>

In this example, after a successful registration, the user will be redirected to

<https://end-up-here-after-registration/>

. You can find more details in the [Ory Kratos documentation](https://www.ory.sh/docs/kratos/concepts/browser-redirect-flow-completion#post-registration-redirection).

If Ory Kratos is not redirecting to the configured URL after registration, there could be several reasons for this. Here are some common issues and how you can troubleshoot them: 1. Redirect URI mismatch: Ensure that the redirect URI in your Ory Kratos configuration matches the one in your application. A mismatch can cause redirection issues. 2. Redirect loops during registration: If you're experiencing redirect loops during registration, it could be due to a misconfiguration. Check your configuration for any errors. 3. Domain verification issues: If your domain is not verified, it could cause redirection issues. Make sure your domain is correctly set up and verified. To troubleshoot these issues, you can refer to the [Social sign-in troubleshooting](https://www.ory.sh/docs/troubleshooting/troubleshooting-social-sign-in) guide in the Ory Kratos documentation. If you're still experiencing issues after checking these common problems, you might want to look into the logs of your Ory Kratos instance for any error messages or warnings. These logs can provide valuable information about what might be going wrong. Remember, the configuration should look something like this:

yaml selfservice:     flows:       registration:         after:           default_browser_return_url: <https://end-up-here-after-registration/>

Make sure the URL is correctly set and accessible.