Skip to content

Commit

Permalink
Ft/reverse proxy (#121)
Browse files Browse the repository at this point in the history 
* safe: config nginx to run as a reverse proxy

* add quickstart docker compose with reverse proxy settings

* add changelog; prepare release 2.0.0
  • Loading branch information
@dfoxg
dfoxg authored Nov 13, 2023
1 parent 59cb9de commit 7b8ddc7
Show file tree
Hide file tree
Showing 19 changed files with 505 additions and 57 deletions.
40 changes: 40 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
# Changelog of kratos-admin-ui

## 2.xx

### 2.0.0
#### BREAKING CHANGE
- Configure nginx to act as a reverse proxy for the kratos endpoints
- **You have to change your environment variables!**

## 1.xx

### 1.2.0
- Support array schemas. see [#90](https://github.com/dfoxg/kratos-admin-ui/issues/90)
- notification popups
- rewrite identites overview to new fluentui DataGrid

### 1.1.0
- Support for ory/kratos v1.0.0

### 1.0.5
- Update Node.js to v20
- Support for ory/kratos v0.13.0

### 1.0.4
- Support for ory/kratos v0.11.0
- Support for viewing, deletion and extend sessions
- Update React -> 18; Upgrade packes by @dfoxg in [#66](https://github.com/dfoxg/kratos-admin-ui/pull/66)

### 1.0.3
- fix for [#63](https://github.com/dfoxg/kratos-admin-ui/issues/63) and [#64](https://github.com/dfoxg/kratos-admin-ui/issues/64) by @dfoxg in [65](https://github.com/dfoxg/kratos-admin-ui/pull/65)

### 1.0.2
- switched from @fluentui/react to @fluentui/react-components

### 1.0.1
- check undefined object by @rungthiwasrisaart in [#62](https://github.com/dfoxg/kratos-admin-ui/pull/62)
- Updated dependencies

### 1.0.0
- First stable release of kratos-admin-ui
74 changes: 69 additions & 5 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,23 +4,87 @@ A simple Admin-Interface for [ory/kratos](https://www.ory.sh/kratos/docs/). Made

## Run

On every commit on the main branch a new docker image is getting created on ghcr.io: ghcr.io/dfoxg/kratos-admin-ui.
To run the image, you have to provide two environemnt variables:
To run the image, you have to provide two environment variables:
- `KRATOS_ADMIN_URL`: the admin url of your kratos instance
- `KRATOS_PUBLIC_URL`: the public url of your kratos instance

You should follow the kratos best practices, [which recommends to never expore the admin-api to the internet, since there is no authentication](https://www.ory.sh/docs/kratos/guides/production#admin-api).

To run the admin-ui, which of course needs access to the admin-api, you should run the admin-ui in the same network as kratos.

In the following snipped the admin-ui gets deployed in the same docker network (`kratos_intranet`) as kratos - over the Docker-Compose-DNS resolution the nginx reverse proxy can call the admin

```
docker run -it \
--rm -p 3000:80 \
-e KRATOS_ADMIN_URL=http://localhost:4435 \
-e KRATOS_PUBLIC_URL=http://localhost:4430 \
-e KRATOS_ADMIN_URL=http://kratos:4434 \
-e KRATOS_PUBLIC_URL=http://kratos:4433 \
--network kratos_intranet \
ghcr.io/dfoxg/kratos-admin-ui
```

or like here, include it in the docker compose:

```
version: '3.7'
services:
kratos-migrate:
image: oryd/kratos:v1.0.0
environment:
- DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc
volumes:
- type: volume
source: kratos-sqlite
target: /var/lib/sqlite
read_only: false
- type: bind
source: ./contrib/quickstart/kratos/email-password
target: /etc/config/kratos
command: -c /etc/config/kratos/kratos.yml migrate sql -e --yes
restart: on-failure
networks:
- intranet
kratos:
image: oryd/kratos:v1.0.0
depends_on:
- kratos-migrate
ports:
- '4433:4433' # public
# - '4434:4434' # admin, do not expose!
restart: unless-stopped
environment:
- DSN=sqlite:///var/lib/sqlite/db.sqlite?_fk=true
- LOG_LEVEL=trace
command: serve -c /etc/config/kratos/kratos.yml --dev --watch-courier
volumes:
- type: volume
source: kratos-sqlite
target: /var/lib/sqlite
read_only: false
- type: bind
source: ./contrib/quickstart/kratos/email-password
target: /etc/config/kratos
networks:
- intranet
admin_ui:
image: ghcr.io/dfoxg/kratos-admin-ui:2.0.0
ports:
- '80:80'
restart: unless-stopped
environment:
- KRATOS_ADMIN_URL=http://kratos:4434
- KRATOS_PUBLIC_URL=http://kratos:4433
networks:
- intranet
networks:
intranet:
volumes:
kratos-sqlite:
```

## Start local

It is required, that a local instance of ory kratos is running. the latest tested version is `v0.13.0`.
It is required, that a local instance of ory kratos is running. the latest tested version is `v1.0.0`.

```
cd kratos-admin-ui
Expand Down
7 changes: 7 additions & 0 deletions RELEASE.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
# How to Release

- set version in config.ts
- set version in package.json
- set version in README.md
- push to master
- git tag `git tag -a v1.4 -m "1.4"`
49 changes: 49 additions & 0 deletions contrib/quickstart/kratos/email-password/identity.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json",
"$schema": "http://json-schema.org/draft-07/schema#",
"title": "Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"email": {
"type": "string",
"format": "email",
"title": "E-Mail",
"minLength": 3,
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
}
},
"verification": {
"via": "email"
},
"recovery": {
"via": "email"
}
}
},
"name": {
"type": "object",
"properties": {
"first": {
"title": "First Name",
"type": "string"
},
"last": {
"title": "Last Name",
"type": "string"
}
}
}
},
"required": [
"email"
],
"additionalProperties": false
}
}
}
101 changes: 101 additions & 0 deletions contrib/quickstart/kratos/email-password/kratos.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
version: v0.13.0

dsn: memory

serve:
public:
base_url: http://127.0.0.1:4433/
cors:
enabled: true
admin:
base_url: http://kratos:4434/

selfservice:
default_browser_return_url: http://127.0.0.1:4455/
allowed_return_urls:
- http://127.0.0.1:4455

methods:
password:
enabled: true
totp:
config:
issuer: Kratos
enabled: true
lookup_secret:
enabled: true
link:
enabled: true
code:
enabled: true

flows:
error:
ui_url: http://127.0.0.1:4455/error

settings:
ui_url: http://127.0.0.1:4455/settings
privileged_session_max_age: 15m
required_aal: highest_available

recovery:
enabled: true
ui_url: http://127.0.0.1:4455/recovery
use: code

verification:
enabled: true
ui_url: http://127.0.0.1:4455/verification
use: code
after:
default_browser_return_url: http://127.0.0.1:4455/

logout:
after:
default_browser_return_url: http://127.0.0.1:4455/login

login:
ui_url: http://127.0.0.1:4455/login
lifespan: 10m

registration:
lifespan: 10m
ui_url: http://127.0.0.1:4455/registration
after:
password:
hooks:
- hook: session
- hook: show_verification_ui

log:
level: debug
format: text
leak_sensitive_values: true

secrets:
cookie:
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
cipher:
- 32-LONG-SECRET-NOT-SECURE-AT-ALL

ciphers:
algorithm: xchacha20-poly1305

hashers:
algorithm: bcrypt
bcrypt:
cost: 8

identity:
default_schema_id: multi
schemas:
- id: default
url: file:///etc/config/kratos/identity.schema.json
- id: multi
url: file:///etc/config/kratos/multi.schema.json
- id: multi2
url: file:///etc/config/kratos/multi2.schema.json

courier:
smtp:
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true
44 changes: 44 additions & 0 deletions contrib/quickstart/kratos/email-password/multi.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
{
"$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
"title": "Multi-Mail Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"emails": {
"type": "array",
"items": [
{
"type": "string",
"format": "email",
"title": "E-Mail",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
},
"webauthn": {
"identifier": true
},
"totp": {
"account_name": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
},
"maxLength": 320
}
]
}
},
"required": ["emails"],
"additionalProperties": false
}
}
}
58 changes: 58 additions & 0 deletions contrib/quickstart/kratos/email-password/multi2.schema.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,58 @@
{
"$id": "https://schemas.ory.sh/presets/kratos/identity.email.schema.json",
"title": "Multi-Mail Person",
"type": "object",
"properties": {
"traits": {
"type": "object",
"properties": {
"emails": {
"type": "array",
"items": [
{
"type": "string",
"format": "email",
"title": "E-Mail",
"ory.sh/kratos": {
"credentials": {
"password": {
"identifier": true
},
"webauthn": {
"identifier": true
},
"totp": {
"account_name": true
}
},
"recovery": {
"via": "email"
},
"verification": {
"via": "email"
}
},
"maxLength": 320
}
]
},
"name": {
"type": "object",
"properties": {
"first": {
"title": "First Name",
"type": "string"
},
"last": {
"title": "Last Name",
"type": "string"
}
},
"required": ["first"]
}
},
"required": ["emails", "name"],
"additionalProperties": false
}
}
}
Loading

0 comments on commit 7b8ddc7

Please sign in to comment.