< chilly king 10285> I am switching from AWS Cognito to Ory Ory Community #ory-copilot

<@U04UQ68083H> I am switching from AWS Cognito to ...

high-magician-68236

06/24/2024, 7:35 AM

@chilly-king-10285 I am switching from AWS Cognito to Ory ecosystem. I have installed Ory and created project, added Kratos login. I need now to add Oauthkeeper/Hydra. How to start? I wanna run it now locally before I prcess with helm charts.

chilly-king-10285

06/24/2024, 7:35 AM

A message from kapa.ai

chilly-king-10285

06/24/2024, 7:36 AM

To add Ory Oathkeeper and Hydra to your Ory ecosystem, you can follow these steps: 1. Clone the Ory Kratos repository and fetch the latest images:

Copy code

bash git clone <https://github.com/ory/kratos.git>   cd kratos   git checkout v0.8.0-alpha.3

[Source](https://www.ory.sh/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy#running-ory-kratos-and-the-ory-oathkeeper-identity-and-access-proxy) 2. Run the quickstart and add the Ory Oathkeeper config:

Copy code

bash docker-compose \     -f quickstart.yml \     -f quickstart-oathkeeper.yml \     up --build --force-recreate

[Source](https://www.ory.sh/docs/kratos/guides/zero-trust-iap-proxy-identity-access-proxy#running-ory-kratos-and-the-ory-oathkeeper-identity-and-access-proxy) 3. Set up an OAuth 2.0 Client:

Copy code

bash docker run --rm -it \     -e HYDRA_ADMIN_URL=<https://ory-hydra-example--hydra:4445> \     --network hydraguide \     oryd/hydra:v1.10.6 \     clients create --skip-tls-verify \       --id facebook-photo-backup \       --secret some-secret \       --grant-types authorization_code,refresh_token,client_credentials,implicit \       --response-types token,code,id_token \       --scope openid,offline,photos.read \       --callbacks <http://127.0.0.1:9010/callback>

[Source](https://www.ory.sh/docs/hydra/self-hosted/configure-deploy#perform-oauth-20-flow) 4. Perform the OAuth 2.0 Flow:

Copy code

bash --token-url <https://ory-hydra-example--hydra:4444/oauth2/token> \       --client-id facebook-photo-backup \       --client-secret some-secret \       --scope openid,offline,photos.read

[Source](https://www.ory.sh/docs/hydra/self-hosted/configure-deploy#perform-oauth-20-flow) Please note that you need to replace

facebook-photo-backup

and

some-secret

with your actual client id and secret. Also, make sure that ports

, and

are free and always use

127.0.0.1

as the hostname; never use

localhost

! This is important because browsers treat these two as separate domains and will therefore have issues with setting and using the right cookies. Once you have set up everything correctly, you should be able to access your application locally.

high-magician-68236

06/24/2024, 7:54 AM

@chilly-king-10285 nice, so then I need to it to connect to local postgresql which i have for data storage. As Ory is all self hosting, try to run on my machine(macOS M1 ARM CPU) Kratos, Hydra, Oauthkeeper so I can self-host signup, use postgresql, register and protect endpoint. Provide step-by-step guide

chilly-king-10285

06/24/2024, 7:54 AM

A message from kapa.ai

chilly-king-10285

06/24/2024, 7:55 AM

Sure, here are the steps to set up Ory Kratos, Hydra, and Oathkeeper with PostgreSQL on your local machine: 1. Install PostgreSQL on your local machine:

Copy code

bash sudo apt install postgresql postgresql-contrib   sudo -i -u postgres

Then create the database:

Copy code

bash createdb hydra

[Source](https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#install-postgresql) 2. Install Ory Hydra: First, create a new user and folders to hold the installation data and configuration files:

Copy code

bash useradd -s /bin/false -m -d /opt/hydra hydra mkdir /opt/hydra/{bin,config}

Then, download and install Ory Hydra:

Copy code

bash cd /opt/hydra/bin   wget <https://github.com/ory/hydra/releases/download/<version-you-want>/hydra_<version-you-want>-linux_64bit.tar.gz>   tar xfvz hydra_<version-you-want>-linux_64bit.tar.gz   rm *md   rm LICENSE

[Source](https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#install-ory-hydra) 3. Configure Ory Hydra to use PostgreSQL: Open

hydra.yml

and change the DSN configuration to use the Postgres database you configured before:

Copy code

bash dsn: <postgres://hydra:[[email> protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>):5432/hydra?sslmode=disable&max_conns=20&max_idle_conns=4   urls:     self:       issuer: <https://oauth2.example.com>

[Source](https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#install-ory-hydra) 4. Apply migrations:

Copy code

bash /opt/hydra/bin/hydra -c /opt/hydra/config/hydra.yml migrate sql -y <postgres://hydra:[[email> protected]](<https://www.ory.sh/cdn-cgi/l/email-protection>):5432/hydra?sslmode=disable

[Source](https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#install-ory-hydra) 5. Test your setup:

Copy code

bash /opt/hydra/bin/hydra -c /opt/hydra/config/hydra.yml serve all

[Source](https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#install-ory-hydra) Please note that you need to replace

<version-you-want>

with the actual version of Ory Hydra you want to install. Also, replace

<https://oauth2.example.com>

with your actual issuer URL. For Ory Oathkeeper, you can follow the [official Ory Oathkeeper guide](https://www.ory.sh/oathkeeper/docs/) to set it up. For Ory Kratos, you can follow the [official Ory Kratos guide](https://www.ory.sh/kratos/docs/) to set it up. Remember to set up your environment variables to connect with Ory's APIs:

Copy code

bash export ORY_SDK_URL=https://{project.slug}.<http://projects.oryapis.com|projects.oryapis.com>

[Source](https://www.ory.sh/docs/getting-started/integrate-auth/react#run-your-react-app) Once you have set up everything correctly, you should be able to access your application locally

high-magician-68236

06/24/2024, 7:57 AM

@chilly-king-10285 Which service is gonna use postgresql? Kratos? Also provide more detailed information, I am new to the system.

chilly-king-10285

06/24/2024, 7:57 AM

A message from kapa.ai

chilly-king-10285

06/24/2024, 7:57 AM

Yes, Ory Kratos can use PostgreSQL for data storage. Here's a more detailed guide on how to set up Ory Kratos with PostgreSQL: 1. Install PostgreSQL:

Copy code

bash sudo apt install postgresql postgresql-contrib -y   sudo -i -u postgres

Then create the database:

Copy code

bash createdb kratos

[Source](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-postgresql) 2. Change the default password encryption to a stronger one:

Copy code

bash psql   ALTER SYSTEM SET password_encryption = 'scram-sha-256';   SELECT pg_reload_conf();

[Source](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-postgresql) 3. Create a user for Kratos:

Copy code

bash CREATE USER kratos PASSWORD '<YOUR_PASSWORD_HERE>';

[Source](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-postgresql) 4. Give the newly created account access to the database:

Copy code

bash GRANT CONNECT ON DATABASE kratos to kratos;

[Source](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-postgresql) 5. Install Ory Kratos: First, create a new user and folders to hold the installation data and configuration files:

Copy code

bash useradd -s /bin/false -m -d /opt/kratos kratos   mkdir /opt/kratos/{bin,config}

Then, download and install Ory Kratos:

Copy code

bash cd /opt/kratos/bin   wget <https://github.com/ory/kratos/releases/download/<version-you-want>/kratos_<version-you-want>-linux_64bit.tar.gz>   tar xfvz kratos_<version-you-want>-linux_64bit.tar.gz   rm *md   rm LICENSE

[Source](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-ory-kratos) 6. Configure Ory Kratos to use PostgreSQL: Open

kratos.yml

and change the DSN configuration to use the Postgres database you configured before:

Copy code

bash dsn: <postgres://kratos:<YOUR_PASSWORD_HERE>@localhost:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4>

[Source](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-ory-kratos) 7. Apply migrations:

Copy code

bash /opt/kratos/bin/kratos -c /opt/kratos/config/kratos.yml migrate sql -y <postgres://kratos:<YOUR_PASSWORD_HERE>@localhost:5432/kratos?sslmode=disable>

[Source](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-ory-kratos) Please note that you need to replace

<version-you-want>

with the actual version of Ory Kratos you want to install, and

<YOUR_PASSWORD_HERE>

with the password you set for the

kratos

user in PostgreSQL. Once you have set up everything correctly, you should be able to access your application locally.

high-magician-68236

06/24/2024, 8:16 AM

@chilly-king-10285 assume that I have docker image for creating postgresql, there is docker-compose for it.

Copy code

version: '3.9'

services:
  postgres:
    image: postgres:14-alpine
    ports:
      - 5432:5432
    volumes:
      - ./db/data:/var/lib/postgresql/data
    environment:
      - POSTGRES_PASSWORD=test
      - POSTGRES_USER=test
      - POSTGRES_DB=test

chilly-king-10285

06/24/2024, 8:17 AM

A message from kapa.ai

chilly-king-10285

06/24/2024, 8:17 AM

Great, you have a Docker Compose file for setting up a PostgreSQL database. Now, you can use this database with Ory Kratos, Hydra, and Oathkeeper. Here's how you can do it: 1. Run your PostgreSQL Docker Compose file:

Copy code

bash docker-compose up -d

This will start your PostgreSQL database in the background. 2. Configure Ory Kratos to use your PostgreSQL database: In your Kratos configuration file (

kratos.yml

), set the DSN (Data Source Name) to your PostgreSQL database:

Copy code

bash dsn: <postgres://test:[email> protected]:5432/test?sslmode=disable&max_conns=20&max_idle_conns=4

[Source](https://www.ory.sh/docs/kratos/quickstart#next-steps) 3. Configure Ory Hydra to use your PostgreSQL database: In your Hydra configuration file (

hydra.yml

), set the DSN to your PostgreSQL database:

Copy code

bash dsn: <postgres://test:[email> protected]:5432/test?sslmode=disable&max_conns=20&max_idle_conns=4

[Source](https://www.ory.sh/docs/hydra/self-hosted/dependencies-environment#database-configuration) 4. Configure Ory Oathkeeper to use your PostgreSQL database: In your Oathkeeper configuration file (

oathkeeper.yml

), set the DSN to your PostgreSQL database:

Copy code

bash dsn: <postgres://test:[email> protected]:5432/test?sslmode=disable&max_conns=20&max_idle_conns=4

[Source](https://www.ory.sh/docs/oathkeeper/guides/proxy-websockets#install-ory-kratos-and-ory-oathkeeper) Please replace

localhost

with the IP address of your PostgreSQL container if it's running on a different host. 5. Run the migrations for each service: For each service (Kratos, Hydra, Oathkeeper), you need to run the migrations. Here's how you can do it for Kratos:

Copy code

bash docker run -e DSN="<postgres://test:[email> protected]:5432/test?sslmode=disable&max_conns=20&max_idle_conns=4" oryd/kratos:<version> migrate sql -e

[Source](https://www.ory.sh/docs/kratos/guides/docker) Replace

<version>

with the version of the Kratos Docker image you're using. You need to do the same for Hydra and Oathkeeper, just replace

oryd/kratos:<version>

with

oryd/hydra:<version>

and

oryd/oathkeeper:<version>

respectively. Once you've done all these steps, your Ory ecosystem should be connected to your PostgreSQL database.

high-magician-68236

06/24/2024, 8:24 AM

Don't I need to create kratos db for it? In docker-compose? @chilly-king-10285

chilly-king-10285

06/24/2024, 8:24 AM

A message from kapa.ai

chilly-king-10285

06/24/2024, 8:24 AM

Yes, you're correct. In your PostgreSQL setup, you would need to create a separate database for Kratos. However, in your current Docker Compose file, you're creating a single database named

test

. To create a separate database for Kratos, you can modify the

POSTGRES_DB

environment variable in your Docker Compose file. Here's an example:

Copy code

yaml version: '3.9'  services:   postgres:     image: postgres:14-alpine     ports:       - 5432:5432     volumes:       - ./db/data:/var/lib/postgresql/data     environment:       - POSTGRES_PASSWORD=test       - POSTGRES_USER=test       - POSTGRES_DB=kratos

In this example, the

POSTGRES_DB

environment variable is set to

kratos

, which means a database named

kratos

will be created when the PostgreSQL container is started. Then, in your Kratos configuration file (

kratos.yml

), you would set the DSN to point to this

kratos

database:

Copy code

bash dsn: <postgres://test:[email> protected]:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4

Please replace

localhost

with the IP address of your PostgreSQL container if it's running on a different host. Finally, you would run the Kratos migrations against this

kratos

database:

Copy code

bash docker run -e DSN="<postgres://test:[email> protected]:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4" oryd/kratos:<version> migrate sql -e

Replace

<version>

with the version of the Kratos Docker image you're using. [Source](https://www.ory.sh/docs/kratos/quickstart#next-steps)

7 Views

Open in Slack

Previous Next