Certainly! Below is an example Nginx configuration for proxying requests to Ory Network, with CORS handled correctly. This configuration is based on the best practices and examples from the Ory documentation for both Ory Kratos and Ory Hydra, adapted for Ory Network. Note that Ory Network itself provides built-in CORS support, and you should configure allowed origins in the Ory Console or via the CLI as described in the docs. However, if you need to handle CORS at the Nginx level (for example, for additional endpoints or static assets), you can use the following configuration:

nginx upstream ory_public_api {     server <ORY_NETWORK_PUBLIC_API_HOST>:443; # Replace with your Ory Network public API host and port }  server {     listen 80;     server_name <your-domain.com>;     return 301 https://$host$request_uri; }  server {     listen 443 ssl;     server_name <your-domain.com>;      ssl_certificate /etc/letsencrypt/live/<your-domain.com>/fullchain.pem;     ssl_certificate_key /etc/letsencrypt/live/<your-domain.com>/privkey.pem;     include /etc/letsencrypt/options-ssl-nginx.conf;     ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;      # CORS preflight handling     location / {         if ($request_method = 'OPTIONS') {             add_header 'Access-Control-Allow-Origin' '<your-allowed-origin>' always;             add_header 'Access-Control-Allow-Methods' 'GET, POST, PUT, PATCH, DELETE, OPTIONS' always;             add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type, Accept, Origin' always;             add_header 'Access-Control-Allow-Credentials' 'true' always;             add_header 'Access-Control-Max-Age' 86400 always;             add_header 'Content-Length' 0;             add_header 'Content-Type' 'text/plain charset=UTF-8';             return 204;         }          # Proxy all other requests to Ory Network         proxy_pass https://<ORY_NETWORK_PUBLIC_API_HOST>;         proxy_set_header Host $host;         proxy_set_header X-Real-IP $remote_addr;         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         proxy_set_header X-Forwarded-Proto $scheme;          # CORS headers for actual requests         add_header 'Access-Control-Allow-Origin' '<your-allowed-origin>' always;         add_header 'Access-Control-Allow-Credentials' 'true' always;         add_header 'Access-Control-Expose-Headers' 'Content-Type, Set-Cookie' always;     } }

Important notes: - Replace

<ORY_NETWORK_PUBLIC_API_HOST>

with your actual Ory Network public API host (e.g.,

<http://your-project-slug.projects.oryapis.com|your-project-slug.projects.oryapis.com>

). - Replace

<your-domain.com>

and

<your-allowed-origin>

with your actual domain and allowed CORS origin. - Ory Network's built-in CORS should be configured in the Ory Console or via CLI for best results. This Nginx config is for cases where you need to supplement or enforce CORS at the proxy level. - For production, always restrict CORS origins to trusted domains. Ory Network does not allow

*

,

null

, or

localhost/127.0.0.1

as CORS origins; use exact matches or wildcard subdomains as needed. For local development, use [Ory Tunnel or Ory Proxy](https://www.ory.sh/docs/guides/cli/proxy-and-tunnel) instead of Nginx for CORS handling [Set up CORS for Ory Network](https://www.ory.sh/docs/guides/cors), [Set up custom domains](https://www.ory.sh/docs/guides/custom-domains). This configuration ensures that CORS preflight and actual requests are handled correctly, and all traffic is proxied to Ory Network as required. For more advanced scenarios (e.g., multiple upstreams, admin APIs), refer to the Ory documentation for [Kratos](https://www.ory.sh/docs/kratos/guides/deploy-kratos-example#install-and-configure-nginx) and [Hydra](https://www.ory.sh/docs/hydra/self-hosted/deploy-hydra-example#install-and-configure-nginx).