Hi guys! I'm having an issue here using Ory Proxy ...
# ory-network
Hi guys! I'm having an issue here using Ory Proxy via Ory CLI. I'm taking a website to production, and at the moment using the Managed UI (though I'm busy on my own UI because of this problem). The ory proxy setup is as follows:
ory proxy <http://localhost>:<port> https://<domain>
After doing this, the proxy does tell me to access the website using https://<domain> However, when I get to the sign-in page, it is showing http://<domain> and not https://<domain> for the form-action. I am using NGINX as a proxy. Other than proxy_pass, the following is set:
Copy code
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
I also set proxy buffering to ON, as I saw the http context was breaking. However, it still caused this http://<domain> issue in the ManagedUI form regardless. Now, if I do enter my username and password, the browser asks me if I should still send it. If I send anyway, I get the "POST, PUT, PATCH" error appearing. Please can you kindly assist? Thank you and God bless!
Thank you for the report! I'm tagging @User as he has in depth knowledge of the proxy code. Maybe we are not setting the scheme properly? Also which version of ory cli are you using? Make sure to use the latest! :)
Thank you @User and @User! And it's a pleasure! The ORY CLI version is v0.1.28 Hash 2c512117115cd2a7fa448654ce5742e10ee55eee
Glad to see you made it to our slack channel @User šŸ˜‰ I will take a look quickly into this šŸ™‚
šŸ™Œ Thanks @User!! šŸ˜‰
I cannot reproduce this. Which settings do you have in your ory project? I set everything to its default and I also have no domain setup on my project - basically standard.
I set up a proxy like so
Copy code
ory proxy <> <https://exampleapp.ory:8080> --sdk-url https://<project-sdk> --cookie-domain <https://exampleapp.ory:8080>
Please take note here I use the port 8080 since this is a custom domain on my local machine
is pointing
. Then I have setup a reverse proxy through Caddy to add tls certificates.
A caddy file pointing my "domain"
to the proxy running on port 4000.
Copy code
exampleapp.ory:8080 {
  reverse_proxy exampleapp.ory:4000
  tls internal
Thanks for the response @User Are you asking about the Project Settings available in the managed UI? Such as Identity Schema, Browser Redirects etc? If so, could I message you directly? I'll be working on my custom UI due to deadlines, but I'll also try to use Caddy and see if that works better
yes, are they on the default?
caddy is just to run it locally quickly with TLS. nginx will also do the trick
@User mostly on default. I guess I can put them here unless it's actual addresses and ports. They are as follows: ā€¢ Identity Schema: ā—¦ Default Identity Schema (Email and Password) ā—¦ Not customized ā€¢ No social sign-ins ā€¢ User interface: currently untouched though I will update for my custom UI ā€¢ Browser redirects: ā—¦ "/" for Global, Post-Registration Redirect and Post-Logout Redirect ā—¦ http://localhost:<port>/ in allowed URL ā—¦ https://<domain>/ in allowed URL ā€¢ Authentication ā—¦ Checked for Enabled Registration, Enable Password Authentication and Sign In After Registration ā€¢ No Two-factor Authentication ā€¢ Session Settings ā—¦ Default hours for session lifespan ā—¦ Increased privileged session duration ā€¢ Enable Account Recovery checked ā€¢ Email verification: All checked ā€¢ Custom domains: not yet set I am using NGINX with TLS. However, I have been getting that issue (as specified in the original post). I am not sure if there is an issue with my forwarding settings.
@User as for the actual command I've been using ory proxy --port <port> http://localhost:<applicationPort> https://<domain> I have not specified any ports for the domain
quite strange, yeah i guess it has something to do with nginx then. Could you DM me your nginx config?
Sure @User šŸ‘
Thanks again for your support @User (and others @User @User). As you suggested, I needed to add
proxy_set_header X-Forwarded-Proto $scheme
so the https protocol could be forwarded. God bless! šŸ™ŒšŸ”„
@User maybe we could add this to our documentation as a guide? We could also add a Caddy guide for local development under a local domain
šŸ”„ 1
Thanks for creating an issue Alano! šŸ™Œ
šŸ‘ 1