From e2d7397d05de278299d3e1800c6d2ecbced0769c Mon Sep 17 00:00:00 2001 From: Karol Wypchlo Date: Tue, 15 Dec 2020 16:29:30 +0100 Subject: [PATCH] Revert "use secure subdomain" This reverts commit d8003fdd85f37049ac2c7074495f180f2fcfa1b5. --- docker-compose.yml | 6 +++--- docker/kratos/config/kratos.yml | 18 ++++++++--------- docker/kratos/oathkeeper/access-rules.yml | 24 +++++++++++++++-------- docker/kratos/oathkeeper/oathkeeper.yml | 6 ++++-- 4 files changed, 32 insertions(+), 22 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 5098dabd..edb8406a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -227,7 +227,7 @@ services: environment: - DSN=cockroach://root@cockroach:26257/defaultdb?sslmode=disable&max_conns=20&max_idle_conns=4 - LOG_LEVEL=trace - - SERVE_PUBLIC_BASE_URL=https://secure.siasky.xyz/.ory/kratos/public/ + - SERVE_PUBLIC_BASE_URL=https://siasky.xyz/secure/.ory/kratos/public/ - SQA_OPT_OUT=true command: serve -c /etc/config/kratos/kratos.yml volumes: @@ -256,8 +256,8 @@ services: - PORT=4435 - SECURITY_MODE=jwks - PROJECT_NAME=Skynet - - BASE_URL=https://secure.siasky.xyz - - KRATOS_BROWSER_URL=https://secure.siasky.xyz/.ory/kratos/public + - BASE_URL=https://siasky.xyz/secure/ + - KRATOS_BROWSER_URL=https://siasky.xyz/secure/.ory/kratos/public - JWKS_URL=http://oathkeeper:4456/.well-known/jwks.json - KRATOS_PUBLIC_URL=http://kratos:4433/ - KRATOS_ADMIN_URL=http://kratos:4434/ diff --git a/docker/kratos/config/kratos.yml b/docker/kratos/config/kratos.yml index 6f60d681..7d3f4434 100644 --- a/docker/kratos/config/kratos.yml +++ b/docker/kratos/config/kratos.yml @@ -4,7 +4,7 @@ dsn: memory serve: public: - base_url: https://secure.siasky.xyz + base_url: https://siasky.xyz/secure/ cors: enabled: true admin: @@ -21,33 +21,33 @@ selfservice: flows: error: - ui_url: https://secure.siasky.xyz/error + ui_url: https://siasky.xyz/secure/error settings: - ui_url: https://secure.siasky.xyz/settings + ui_url: https://siasky.xyz/secure/settings privileged_session_max_age: 15m recovery: enabled: true - ui_url: https://secure.siasky.xyz/recovery + ui_url: https://siasky.xyz/secure/recovery verification: enabled: true - ui_url: https://secure.siasky.xyz/verify + ui_url: https://siasky.xyz/secure/verify after: default_browser_return_url: https://siasky.xyz logout: after: - default_browser_return_url: https://secure.siasky.xyz/auth/login + default_browser_return_url: https://siasky.xyz/secure/auth/login login: - ui_url: https://secure.siasky.xyz/auth/login + ui_url: https://siasky.xyz/secure/auth/login lifespan: 10m registration: lifespan: 10m - ui_url: https://secure.siasky.xyz/auth/registration + ui_url: https://siasky.xyz/secure/auth/registration after: password: hooks: @@ -64,7 +64,7 @@ secrets: session: cookie: - domain: secure.siasky.xyz + domain: siasky.xyz hashers: argon2: diff --git a/docker/kratos/oathkeeper/access-rules.yml b/docker/kratos/oathkeeper/access-rules.yml index b338fb00..e6c5d395 100644 --- a/docker/kratos/oathkeeper/access-rules.yml +++ b/docker/kratos/oathkeeper/access-rules.yml @@ -1,4 +1,5 @@ -- id: "ory:kratos:public" +- + id: "ory:kratos:public" upstream: preserve_host: true url: "http://kratos:4433" @@ -12,13 +13,15 @@ - DELETE - PATCH authenticators: - - handler: noop + - + handler: noop authorizer: handler: allow mutators: - handler: noop -- id: "ory:kratos-selfservice-ui-node:anonymous" +- + id: "ory:kratos-selfservice-ui-node:anonymous" upstream: preserve_host: true url: "http://kratos-selfservice-ui-node:4435" @@ -27,13 +30,16 @@ methods: - GET authenticators: - - handler: anonymous + - + handler: anonymous authorizer: handler: allow mutators: - - handler: noop + - + handler: noop -- id: "ory:kratos-selfservice-ui-node:protected" +- + id: "ory:kratos-selfservice-ui-node:protected" upstream: preserve_host: true url: "http://kratos-selfservice-ui-node:4435" @@ -42,7 +48,8 @@ methods: - GET authenticators: - - handler: cookie_session + - + handler: cookie_session authorizer: handler: allow mutators: @@ -51,4 +58,5 @@ - handler: redirect config: #to: http://oathkeeper:4455/auth/login - to: https://secure.siasky.xyz/auth/login + to: https://siasky.xyz/secure/auth/login + diff --git a/docker/kratos/oathkeeper/oathkeeper.yml b/docker/kratos/oathkeeper/oathkeeper.yml index 196b0909..e31ef77c 100644 --- a/docker/kratos/oathkeeper/oathkeeper.yml +++ b/docker/kratos/oathkeeper/oathkeeper.yml @@ -31,9 +31,10 @@ errors: enabled: true config: #to: http://oathkeeper:4455/auth/login - to: https://secure.siasky.xyz/auth/login + to: https://siasky.xyz/secure/auth/login when: - - error: + - + error: - unauthorized - forbidden request: @@ -87,3 +88,4 @@ mutators: { "session": {{ .Extra | toJson }} } +