Self Hosted - Ory Kratos - Integration Docker + Traefik

[ocontant]

I just started with Ory Kratos and I'm doing baby steps to learn the stack.

I'm hoping by opening this discussion, that sharing where I struggle could help others in similar position. And contribute to highlight opportunity where documentation could be enriched and new examples added to the existing collection.

Docker containers structures + CORS = trouble
Using docker, the first problem I encountered was that each components was using 127.0.0.1 with a different ports. Browser perceive each combination of 127.0.0.1 and ports as distinct domains and causing conflict with CORS policy.

Trying to implement browser flows from the Frontend (http) running on the Host side, to Ory Kratos-selfservice-ui (4480) and Ory Kratos (4433) running inside Docker space, resulted in multiple difficulties for me.

Unifying calls behind a unique domain
From there, I decided to add Traefik to my stack to unify calls behind a unique domain. From the documentation Guides, and Ory Awesome repo, I couldn't find an example to integrate Traefik with Ory Kratos standalone.

The only example I found, was an integration of Traefik with Ory Oathkeeper. But this documentation aimed at providing a quick pointer to what is possible, and didn't provide the glue to integrate with Ory Kratos altogether, or extend the Traefik configuration to include Ory Kratos.

Where I stand today
My initial approach has been to try to proxy with a path prefix structure.

• domain.com/auth/kratos-api/,
• domain.com/auth/kratos-admin-api,
• domain.com/{login,signup,recovery,reset-password}

But it seems that adding the prefix like auth/kratos-api reflected on the endpoint behind the reverse proxy, and Kratos returned 404 page not found, probably because the request translated into http://kratos:4433/auth/kratos-api/.

Result of Research
From there, I tried to research more about integrating Traefik + Ory Kratos, but with limited success.

I found a great thread by @ltouro and @Hbris from 2021: #1031 which explore using subdomain structure to configure public, admin and selfservice components. I plan to explore this path tomorrow.

The discussion doesn't go in-depth about the setup, and I think it could be a good starting point to evolve it into a documentation topic.

Wishful thoughts to improve documentation

1. I would welcome a progressive structured learning approach to the Ory stack. I find the documentation, examples and Quickstart interesting, but I found out that I was still missing fundamentals knowledge on many aspects, which led me to be unsuccessful so far.

2. I would welcome more examples of typical stack, such as:

• Docker + Traefik + Ory,
• Kubernetes/Kind + Traefik + Ory,
  but also other reverse proxy engines.

4. Maybe a developer boilerplate to get started that include useful components to facilitate developers investigations, and pre integrated in a docker-compose, helm, terraform, ...

Enabled with :

• traces (otlp/jaeger, ELK),
• metrics (prometheus),
• swagger dashboard,
• health dashboard for each API endpoints (Gatus).

I will extend in the coming days and reply to comments and feedback.
Feel free to engage even if it is just to say hello!

[ocontant]

https://archive.ory.sh/t/27033014/hey-i-ve-been-trying-to-set-up-the-ory-stack-but-i-m-having-

[vinckr]

hello @ocontant
funny that you should ask, I do have plans to create a new tutorial for this use case soon.
in the meantime take a look at this talk, it might be helpful: https://www.youtube.com/watch?v=ivK6igAWlBo

[ocontant]

Thank you very much for the pointer. I'll check this out in the next hour. :)