diff --git a/docker-compose.yml b/docker-compose.yml index edb8406a..5098dabd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -227,7 +227,7 @@ services: environment: - DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4 - LOG_LEVEL=trace - - SERVE_PUBLIC_BASE_URL=https://siasky.xyz/secure/.ory/kratos/public/ + - SERVE_PUBLIC_BASE_URL=https://secure.siasky.xyz/.ory/kratos/public/ - SQA_OPT_OUT=true command: serve -c /etc/config/kratos/kratos.yml volumes: @@ -256,8 +256,8 @@ services: - PORT=4435 - SECURITY_MODE=jwks - PROJECT_NAME=Skynet - - BASE_URL=https://siasky.xyz/secure/ - - KRATOS_BROWSER_URL=https://siasky.xyz/secure/.ory/kratos/public + - BASE_URL=https://secure.siasky.xyz + - KRATOS_BROWSER_URL=https://secure.siasky.xyz/.ory/kratos/public - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json - KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_ADMIN_URL=http://kratos:4434/ diff --git a/docker/kratos/config/kratos.yml b/docker/kratos/config/kratos.yml index 7d3f4434..6f60d681 100644 --- a/docker/kratos/config/kratos.yml +++ b/docker/kratos/config/kratos.yml @@ -4,7 +4,7 @@ dsn: memory serve: public: - base_url: https://siasky.xyz/secure/ + base_url: https://secure.siasky.xyz cors: enabled: true admin: @@ -21,33 +21,33 @@ selfservice: flows: error: - ui_url: https://siasky.xyz/secure/error + ui_url: https://secure.siasky.xyz/error settings: - ui_url: https://siasky.xyz/secure/settings + ui_url: https://secure.siasky.xyz/settings privileged_session_max_age: 15m recovery: enabled: true - ui_url: https://siasky.xyz/secure/recovery + ui_url: https://secure.siasky.xyz/recovery verification: enabled: true - ui_url: https://siasky.xyz/secure/verify + ui_url: https://secure.siasky.xyz/verify after: default_browser_return_url: https://siasky.xyz logout: after: - default_browser_return_url: https://siasky.xyz/secure/auth/login + default_browser_return_url: https://secure.siasky.xyz/auth/login login: - ui_url: https://siasky.xyz/secure/auth/login + ui_url: https://secure.siasky.xyz/auth/login lifespan: 10m registration: lifespan: 10m - ui_url: https://siasky.xyz/secure/auth/registration + ui_url: https://secure.siasky.xyz/auth/registration after: password: hooks: @@ -64,7 +64,7 @@ secrets: session: cookie: - domain: siasky.xyz + domain: secure.siasky.xyz hashers: argon2: diff --git a/docker/kratos/oathkeeper/access-rules.yml b/docker/kratos/oathkeeper/access-rules.yml index e6c5d395..b338fb00 100644 --- a/docker/kratos/oathkeeper/access-rules.yml +++ b/docker/kratos/oathkeeper/access-rules.yml @@ -1,5 +1,4 @@ -- - id: "ory:kratos:public" +- id: "ory:kratos:public" upstream: preserve_host: true url: "http://kratos:4433" @@ -13,15 +12,13 @@ - DELETE - PATCH authenticators: - - - handler: noop + - handler: noop authorizer: handler: allow mutators: - handler: noop -- - id: "ory:kratos-selfservice-ui-node:anonymous" +- id: "ory:kratos-selfservice-ui-node:anonymous" upstream: preserve_host: true url: "http://kratos-selfservice-ui-node:4435" @@ -30,16 +27,13 @@ methods: - GET authenticators: - - - handler: anonymous + - handler: anonymous authorizer: handler: allow mutators: - - - handler: noop + - handler: noop -- - id: "ory:kratos-selfservice-ui-node:protected" +- id: "ory:kratos-selfservice-ui-node:protected" upstream: preserve_host: true url: "http://kratos-selfservice-ui-node:4435" @@ -48,8 +42,7 @@ methods: - GET authenticators: - - - handler: cookie_session + - handler: cookie_session authorizer: handler: allow mutators: @@ -58,5 +51,4 @@ - handler: redirect config: #to: http://oathkeeper:4455/auth/login - to: https://siasky.xyz/secure/auth/login - + to: https://secure.siasky.xyz/auth/login diff --git a/docker/kratos/oathkeeper/oathkeeper.yml b/docker/kratos/oathkeeper/oathkeeper.yml index e31ef77c..196b0909 100644 --- a/docker/kratos/oathkeeper/oathkeeper.yml +++ b/docker/kratos/oathkeeper/oathkeeper.yml @@ -31,10 +31,9 @@ errors: enabled: true config: #to: http://oathkeeper:4455/auth/login - to: https://siasky.xyz/secure/auth/login + to: https://secure.siasky.xyz/auth/login when: - - - error: + - error: - unauthorized - forbidden request: @@ -88,4 +87,3 @@ mutators: { "session": {{ .Extra | toJson }} } -