I m using ory network with a custom kratos amp hydra UI I m Ory Community #ory-network

I'm using ory network with a custom kratos & h...

straight-actor-10624

02/07/2023, 11:29 PM

I'm using ory network with a custom kratos & hydra UI. I'm trying to host my UI over https, but the browser flow API keeps setting the scheme of the kratos

self-service/login?flow

URL (the

action

of the login form) to http. What sets this public URL for kratos? I can't seem to change it. It's correctly set to my custom domain, but the scheme is wrong (http).

straight-actor-10624

02/08/2023, 7:02 AM

Strangely, RequestUrl is also seen by kratos as http, even though the request/redirect is definitely being made over https.

straight-actor-10624

02/08/2023, 7:26 AM

When custom UI is set to

/ui/login

, flows give https urls as the

action

. When custom UI is set to https://auth.mycustomdomain.com/login,

action

is set to http://api.auth.mycustomdomain.com/self-service/login?flow=xyz

high-optician-2097

02/08/2023, 8:09 AM

that’s really strange

high-optician-2097

02/08/2023, 8:10 AM

Copy code

ory get identity-config --format yaml {preoject-id}

high-optician-2097

02/08/2023, 8:10 AM

what is

serve.public.url

for you?

straight-actor-10624

02/08/2023, 3:45 PM

It's set to my ory project URL

straight-actor-10624

02/08/2023, 3:46 PM

I'm using the tunnel like so:

ory tunnel --project $SLUG <https://auth.mycustomdomain.com>

<https://api.auth.mycustomain.com> --cookie-domain <http://auth.mycustomdomain.com|auth.mycustomdomain.com>

https://github.com/ory/cli/blob/master/cmd/cloudx/proxy/proxy.go#L282 The output here is correct (https)

straight-actor-10624

02/08/2023, 4:59 PM

I'm thinking it's maybe something in the tunnel. Whatever is rewriting URLs from my project URL to the tunnel URL.

straight-actor-10624

02/08/2023, 5:00 PM

Is the tunnel's functionality fully open source? I don't know what happens with https://github.com/ory/cli/blob/master/cmd/cloudx/proxy/proxy.go#L216

straight-actor-10624

02/08/2023, 5:01 PM

Is the rewriting of URLs something that happens within Ory network/closed source?

straight-actor-10624

02/08/2023, 5:19 PM

Ah, found https://github.com/ory/x/blob/00badca94211e98f8c0e407516e86331cea7bb5a/proxy/rewrites.go#L117

straight-actor-10624

02/08/2023, 5:26 PM

Geez, finally figured it out.

X-Forwarded-Proto

needed to be set to

https

. Not really sure why - the client is making the requests over https.

proud-plumber-24205

02/09/2023, 9:18 AM

Hi @straight-actor-10624 Are you deploying the Ory tunnel in production? And you have a custom domain on the project? If this is the case, please remove the ory tunnel an only rely on the custom domain. https://www.ory.sh/docs/guides/custom-domains

straight-actor-10624

02/09/2023, 7:14 PM

I am deploying in production, and chose to use tunnel rather than cname.

2 Views

Open in Slack

Previous Next