https://www.ory.sh/ logo
Join Slack
Powered by
Hello, I’m currently evaluating Keto for a PoC. I’...
# ory-selfhosting
w
Hello, I’m currently evaluating Keto for a PoC. I’m experiencing the same issue described in this post. Even after testing with the latest version v0.14.0, TLS still doesn’t seem to be enabled. Could you help me understand why TLS isn’t activating?
s
Keto multiplexes grpc and http on one port (not the best idea in hindsight). It's possible that your client sends requests which are not correctly detected. Can you provide details on which http version the client uses?
w
The attached image shows the result of a request sent to the Keto API using curl. As you can see, the request is being made over HTTP/1.1, which appears to be the default.
Given all this, would it be correct to say that the current issue with the TLS option not working properly in Keto is fundamentally due to the architectural decision of multiplexing both HTTP and gRPC traffic on a single port? Or is there something that can be done to work around or resolve this issue?
I’m not very fluent in English, so please excuse me if my sentence sounds a bit awkward. I hope it’s still understandable.
s
It could be related, but doesn't have to. I'll have to investigate further. You can definitely use some reverse proxy as a side car deployment to handle TLS there, and lock down network configs so Keto is not reachable directly.
w
Given the current situation, I think it might be reasonable to use an Nginx sidecar for TLS termination until we identify the root cause and find a proper solution. Do you have any plans to address or improve this in a future release?
s
yes, we'll look into it
w
Great to hear that. thank you! Ory is truly an impressive and powerful platform, and I’m really looking forward to seeing this issue resolved in the future. I’ll be patiently waiting and continuing to explore what Ory has to offer in the meantime.
Open in Slack
PreviousNext
Powered by