https://www.ory.sh/ logo
Join Slack
Powered by
This message was deleted.
# general
m
This message was deleted.
βž• 1
d
Yup I totally agree. I've come to feel like the self-hosted parts of Ory have a bad developer UX, but the nature of the hosted Ory solution seems counter to that improving at a fast rate πŸ˜•
c
oh damn - this is probably why I'm getting so confused quickstart and quickstart-standalone (https://www.ory.sh/docs/kratos/quickstart) has the config
Copy code
kratos-selfservice-ui-node:
    ports:
      - "4455:4455"
and
Copy code
kratos:
    depends_on:
      - kratos-migrate
    image: oryd/kratos:v0.11.1
    ports:
      - '4433:4433' # public
      - '4434:4434' # admin
as explained earlier, all configs have 
127.0.0.1:4455
etc so, 4455 is the selfservice UI. Not when you then throw oathkeeper into the mix. This is the oathkeeper config
Copy code
oathkeeper:
    image: oryd/oathkeeper:v0.40
    depends_on:
      - kratos
    ports:
      - 4455:4455
      - 4456:4456
port 4455 is now oathkeeper, not the ui Yes, with hindsight this is obvious, change the port of the ui, drop oathkeeper in and everything else is plug and play However, I wanted to put oathkeeper on port 8080, so did a search and replace for 4455 with 8080 .... πŸ˜•
m
Hello @curved-oxygen-35290 thanks a ton for this detailed writeup πŸ™ That helps a lot to improve this going forward. To clarify most of the challenge was adding oathkeeper to the mix after running the https://www.ory.sh/docs/kratos/quickstart ? I am working on a guide for kratos+oathkeeper, and we also have some examples here: https://github.com/ory/examples/tree/master/oathkeeper Would those have helped you? In any case I will revisit this thread soon and do a small writeup of it in the docs repo, so we can improve this guide. Unless you want to πŸ˜‰
c
over the next couple of days I can take the info shown in 
/examples/tree/master/oathkeeper
and my observations and put together a doc detailing it all if you'd like ?
m
I would be very grateful for that @curved-oxygen-35290 πŸ™
c
@magnificent-energy-493 I may have to ask a number of seemingly stupid questions though ... are you prepared for that ? 🀣
for example: quickstart.yml
Copy code
kratos-selfservice-ui-node:
    image: oryd/kratos-selfservice-ui-node:v0.11.1
    environment:
      - KRATOS_PUBLIC_URL=<http://kratos:4433/>
      - KRATOS_BROWSER_URL=<http://127.0.0.1:4433/>
is the PUBLIC_URL really 
kratos:4433
? isn't 
kratos
the docker container name and can only be referenced from a container in the same network as kratos ? If so, then it isn't really "public". πŸ™‚ Also trying to understand the difference between PUBLIC_URL AND BROWSER_URL .. maybe it's the naming of PUBLIC that is confusing
or is 
kratos:4433
meant for the ui container to redirect to (and therefore within the docker network)
for me, PUBLIC should be used to reference the service either directly from the browser Any other container that references the container directly should be named DOCKER or CONTAINER or something like that
m
isn’t 
kratos
the docker container name and can only be referenced from a container in the same network as kratos ?
That is correct yes. see the diagram for clarification. The public URL is the one you would expose to the general internet in a production setup. Its maybe a bit easier to understand in the guide without docker: https://www.ory.sh/docs/kratos/guides/deploy-kratos-example
BROWSER URL is the one you (as the user) put in your browser
Copy code
<http://127.0.0.1:4433/>
PUBLIC URL is the one that docker uses to route the request in the docker intranet
Copy code
KRATOS_PUBLIC_URL=<http://kratos:4433/>
no stupid questions btw, it helps me a lot to check my understanding of this example as well πŸ˜„
f
PUBLIC_URL is a very confusing name for it. PUBLIC meaning the public facing API endpoint here, not, as you might expect, the endpoint the public (users) might use.
πŸ‘ 1
6 Views
Open in Slack
PreviousNext
Powered by