-
-
Save batazor/587c014db9c57707c73e98cafa271e57 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Kratos =============================================================================================================== | |
kratos: | |
enabled: true | |
image: | |
tag: v0.9.0-alpha.3 | |
ingress: | |
admin: | |
enabled: false | |
public: | |
enabled: true | |
annotations: | |
kubernetes.io/ingress.class: nginx | |
cert-manager.io/cluster-issuer: cert-manager-production | |
nginx.ingress.kubernetes.io/enable-modsecurity: "true" | |
nginx.ingress.kubernetes.io/enable-owasp-core-rules: "true" | |
nginx.ingress.kubernetes.io/enable-opentracing: "false" | |
kubernetes.io/tls-acme: "true" | |
nginx.ingress.kubernetes.io/rewrite-target: /$1 | |
nginx.ingress.kubernetes.io/use-regex: "true" | |
hosts: | |
- host: shortlink.ddns.net | |
paths: | |
- path: /api/auth\/(.*) | |
pathType: Prefix | |
tls: | |
- secretName: shortlink-ingress-tls | |
hosts: | |
- shortlink.ddns.net | |
kratos: | |
config: | |
dsn: memory | |
identity: | |
default_schema_id: default | |
schemas: | |
- id: default | |
url: file:///etc/config/identity.default.schema.json | |
serve: | |
public: | |
# Kratos uses cookies so you must always connect from "127.0.0.1" | |
base_url: http://shortlink-api-kratos-public.shortlink:4433 | |
cors: | |
enabled: true | |
debug: true | |
allowed_origins: | |
- http://127.0.0.1:3000 | |
- https://shortlink.ddns.net | |
allowed_methods: | |
- POST | |
- GET | |
- PUT | |
- PATCH | |
- DELETE | |
- OPTIONS | |
allowed_headers: | |
- Authorization | |
- Cookie | |
- Origin | |
- X-Session-Token | |
exposed_headers: | |
- Content-Type | |
- Set-Cookie | |
allow_credentials: true | |
admin: | |
base_url: http://127.0.0.1:4434/ | |
session: | |
# 30 days | |
lifespan: 720h | |
cookie: | |
domain: http://127.0.0.1:3000 | |
same_site: Lax | |
selfservice: | |
default_browser_return_url: http://127.0.0.1:3000/next/ | |
allowed_return_urls: | |
- http://127.0.0.1:3000 | |
methods: | |
password: | |
enabled: true | |
profile: | |
enabled: true | |
link: | |
enabled: true | |
oidc: | |
enabled: true | |
config: | |
providers: | |
# this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET! | |
- id: github | |
provider: github | |
# Replace this with the OAuth2 Client ID provided by GitHub | |
client_id: .... | |
# Replace this with the OAuth2 Client Secret provided by GitHub | |
client_secret: .... | |
mapper_url: file:///etc/config/kratos/oidc.github.jsonnet | |
scope: | |
- user:email | |
# this is `<provider-id>` in the Authorization callback URL. DO NOT CHANGE IT ONCE SET! | |
- id: gitlab | |
provider: gitlab | |
# Replace this with the OAuth2 Client ID provided by GitLab | |
client_id: .... | |
# Replace this with the OAuth2 Client Secret provided by GitLab | |
client_secret: .... | |
mapper_url: file:///etc/config/kratos/oidc.gitlab.jsonnet | |
scope: | |
- read_user | |
- openid | |
- profile | |
# These `ui_url` values are entirely dependant upon your setup. | |
# For this example, the React-app runs in development mode on the default port of 3000. | |
# You can see how this would change for a production environment or other solutions. | |
flows: | |
error: | |
ui_url: http://127.0.0.1:3000/next/error | |
settings: | |
ui_url: http://127.0.0.1:3000/next/auth/profile | |
# Sessions older than a minute requires the user to sign in again before | |
# the password is changed. | |
privileged_session_max_age: 15m | |
recovery: | |
enabled: true | |
ui_url: http://127.0.0.1:3000/next/auth/recovery | |
verification: | |
enabled: true | |
ui_url: http://127.0.0.1:3000/next/auth/verify | |
after: | |
default_browser_return_url: http://127.0.0.1:3000/next/ | |
logout: | |
after: | |
default_browser_return_url: http://127.0.0.1:3000/next/auth/login | |
login: | |
ui_url: http://127.0.0.1:3000/next/auth/login | |
lifespan: 10m | |
registration: | |
lifespan: 10m | |
ui_url: http://127.0.0.1:3000/next/auth/registration | |
after: | |
password: | |
hooks: | |
- hook: session | |
oidc: | |
hooks: | |
- hook: session | |
log: | |
level: debug | |
format: json | |
leak_sensitive_values: true | |
secrets: | |
cookie: | |
# This is an example; secret must be this length (32 chars). | |
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE | |
hashers: | |
argon2: | |
parallelism: 1 | |
memory: 128MB | |
iterations: 2 | |
salt_length: 16 | |
key_length: 16 | |
courier: | |
smtp: | |
connection_uri: smtps://test:test@mailslurper:1025/?skip_ssl_verify=true | |
from_address: no-reply@shortlink.com | |
development: true | |
# autoMigrate is relying on a simple initContainer mechanism | |
# Do not turn it on if the replicaCount > 1 | |
autoMigrate: false | |
# You can add multiple identity schemas here | |
identitySchemas: | |
"identity.default.schema.json": | | |
{ | |
"$id": "https://schemas.ory.sh/presets/kratos/quickstart/email-password/identity.schema.json", | |
"$schema": "http://json-schema.org/draft-07/schema#", | |
"title": "Person", | |
"type": "object", | |
"properties": { | |
"traits": { | |
"type": "object", | |
"properties": { | |
"email": { | |
"type": "string", | |
"format": "email", | |
"title": "E-Mail", | |
"minLength": 3, | |
"ory.sh/kratos": { | |
"credentials": { | |
"password": { | |
"identifier": true | |
} | |
}, | |
"verification": { | |
"via": "email" | |
}, | |
"recovery": { | |
"via": "email" | |
} | |
} | |
}, | |
"name": { | |
"type": "object", | |
"properties": { | |
"first": { | |
"title": "First Name", | |
"type": "string" | |
}, | |
"last": { | |
"title": "Last Name", | |
"type": "string" | |
} | |
} | |
} | |
}, | |
"required": [ | |
"email" | |
], | |
"additionalProperties": false | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment