I am having issues with kratos and selfservice config with H Ory Community #ory-selfhosting

I am having issues with kratos and selfservice con...

white-advantage-37945

08/03/2022, 9:38 AM

I am having issues with kratos and selfservice config with Helm. My Kratos helm values:

Copy code

ingress:
    admin:
      enabled: true
      className: kong
      hosts:
        - host: kratos.admin.app.test
          paths:
            - path: /
              pathType: ImplementationSpecific
  
    public:
      enabled: true
      className: kong
      hosts:
        - host: kratos.public.app.test
          paths:
            - path: /
              pathType: ImplementationSpecific
  
  kratos:
    development: true
  
    automigration:
      enabled: true
  
    config:
      serve:
        public:
          base_url: <http://kratos.public.app.test>
  
      dsn: <postgres://root:example@host.docker.internal:5432/showcase?sslmode=disable&max_conns=20&max_idle_conns=4>
  
      identity:
        schemas:
          - id: expert
            url: <base64://removed__for__post>
        default_schema_id: removed__for__post
  
      selfservice:
        flows:
          registration:
            ui_url: <http://selfservice.app.test/registration>
  
          login:
            ui_url: <http://selfservice.app.test/login>
  
        default_browser_return_url: <http://selfservice.app.test>
  
      courier:
        smtp:
          connection_uri: <smtps://test:test@mailslurper:1025/?skip_ssl_verify=true>

My selfservice config:

Copy code

ingress:
  className: kong
  enabled: true
  hosts:
    - host: selfservice.app.test
      paths:
        - path: /
          pathType: ImplementationSpecific

kratosAdminUrl: kratos-admin.default.svc.cluster.local
kratosBrowserUrl: <http://kratos.public.app.test>
kratosPublicUrl: <http://kratos.public.app.test>

baseUrl: <http://selfservice.app.test>

projectName: "app"

When I go ahead and attempt to click on sign up in selfservice node ui I get the following error:

Copy code

{
  "message": "connect ECONNREFUSED 127.0.0.1:80",
  "name": "Error",
  "stack": "Error: connect ECONNREFUSED 127.0.0.1:80\n    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1133:16)",
  "config": {
    "url": "<http://kratos.public.app.test/self-service/login/flows?id=8d0658ef-965d-4758-85e6-a00eb6553ea9>",
    "method": "get",
    "headers": {
      "Accept": "application/json, text/plain, */*",
      "User-Agent": "axios/0.21.4"
    },
    "transformRequest": [
      null
    ],
    "transformResponse": [
      null
    ],
    "timeout": 0,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "maxBodyLength": -1,
    "transitional": {
      "silentJSONParsing": true,
      "forcedJSONParsing": true,
      "clarifyTimeoutError": false
    }
  },
  "code": "ECONNREFUSED"
}

Any idea why I am getting this? Am I missing config?

white-advantage-37945

08/03/2022, 3:15 PM

Any chance I could get some insight from the ORY Team? :)

white-advantage-37945

08/04/2022, 1:43 PM

@worried-kitchen-94392 Any chance I could get your insight on my config? 🙂

worried-kitchen-94392

08/04/2022, 1:48 PM

Hi there, from a glance it looks like the UI app is looking at the wrong url for kratos. You need to pass the internal k8s service fqdn

worried-kitchen-94392

08/04/2022, 1:50 PM

Compare it to the QuickStart examples of kratos with docker. You pass 2urls to the ui app: one internal and on external

worried-kitchen-94392

08/04/2022, 1:51 PM

I am on my phone now so can't give you the full solution:/

white-advantage-37945

08/04/2022, 2:20 PM

@worried-kitchen-94392 Thanks, np 🙂 I have changed

Copy code

kratosBrowserUrl: <http://kratos.public.app.test>

to:

Copy code

kratosBrowserUrl: kratos-public.svc.cluster.local

But I just get a 404 now...

white-advantage-37945

08/04/2022, 2:21 PM

Looking at the docker compose, I cannot see how my config differs

worried-kitchen-94392

08/05/2022, 8:02 AM

https://github.com/ory/kratos/blob/master/quickstart.yml#L22 i meant this 🙂 in this context the PUBLIC_URL is the internal fqdn of the service (internal docker network) and BROWSER is the url on which you access via browser, so the exposed via ingress url

white-advantage-37945

08/05/2022, 10:03 AM

@worried-kitchen-94392 I ended up trying this out:

Copy code

kratosAdminUrl: kratos-admin.default.svc.cluster.local
kratosBrowserUrl: <http://kratos.public.egrist.test>
kratosPublicUrl: kratos-public.default.svc.cluster.local

However, I still get:

Copy code

{
  "message": "connect ECONNREFUSED 127.0.0.1:80",
  "name": "Error",
  "stack": "Error: connect ECONNREFUSED 127.0.0.1:80\n    at TCPConnectWrap.afterConnect [as oncomplete] (node:net:1133:16)",
  "config": {
    "url": "kratos-public.default.svc.cluster.local/self-service/registration/flows?id=86962688-1ba6-4819-8827-73ad00cf55ee",
    "method": "get",
    "headers": {
      "Accept": "application/json, text/plain, */*",
      "User-Agent": "axios/0.21.4"
    },
    "transformRequest": [
      null
    ],
    "transformResponse": [
      null
    ],
    "timeout": 0,
    "xsrfCookieName": "XSRF-TOKEN",
    "xsrfHeaderName": "X-XSRF-TOKEN",
    "maxContentLength": -1,
    "maxBodyLength": -1,
    "transitional": {
      "silentJSONParsing": true,
      "forcedJSONParsing": true,
      "clarifyTimeoutError": false
    }
  },
  "code": "ECONNREFUSED"
}

worried-kitchen-94392

08/05/2022, 11:13 AM

It looks like the app is trying to connect to

127.0.0.1:80

is localhost set somewhere in the config? @high-optician-2097 @steep-lamp-91158 any ideas?

white-advantage-37945

08/05/2022, 12:08 PM

We use Kind and we use the following config: https://mjpitz.com/blog/2020/10/21/local-ingress-domains-kind/ We also use Kong. But I dont explicitly set 127.0.0.1:80 in any ORY config.

16 Views

Open in Slack

Previous Next