135 lines
3.1 KiB
YAML
135 lines
3.1 KiB
YAML
#
|
|
# Documentation: https://www.ory.sh/docs/kratos/reference/configuration
|
|
# Configuration UI: https://www.ory.sh/docs/kratos/reference/configuration-editor
|
|
#
|
|
|
|
#
|
|
# Configure the Kratos logging
|
|
#
|
|
log:
|
|
level: info
|
|
format: text
|
|
leak_sensitive_values: true
|
|
|
|
#
|
|
# Configure the datasource. Alternative for development purposes is 'memory' (not persistent!)
|
|
#
|
|
dsn: postgres://postgres:postgres@ory-postgres:5432/kratos?sslmode=disable&max_conns=20&max_idle_conns=4
|
|
|
|
#
|
|
# Configure the base URLs for the public and admin API.
|
|
# The public URL is used in emails for verification links.
|
|
#
|
|
serve:
|
|
public:
|
|
base_url: http://localhost:4433
|
|
cors:
|
|
enabled: true
|
|
allowed_origins:
|
|
- http://localhost:3000
|
|
admin:
|
|
base_url: http://localhost:4434
|
|
|
|
#
|
|
# Configure the session cookie.
|
|
#
|
|
cookies:
|
|
domain: http://localhost
|
|
path: /
|
|
same_site: Lax
|
|
|
|
#
|
|
# Configure the self-service flows.session.
|
|
# Probably most interesting are ui urls, return urls and hooks.session.
|
|
# You can also activate authentication methods.
|
|
#
|
|
selfservice:
|
|
default_browser_return_url: http://localhost:3000
|
|
allowed_return_urls:
|
|
- http://localhost:3000
|
|
|
|
methods:
|
|
password:
|
|
enabled: true
|
|
totp:
|
|
enabled: true
|
|
config:
|
|
issuer: ORY Template
|
|
lookup_secret:
|
|
enabled: true
|
|
|
|
flows:
|
|
error:
|
|
ui_url: http://localhost:3000/flow/error
|
|
|
|
settings:
|
|
required_aal: highest_available
|
|
ui_url: http://localhost:3000
|
|
|
|
recovery:
|
|
enabled: true
|
|
ui_url: http://localhost:3000/flow/recovery
|
|
|
|
verification:
|
|
enabled: true
|
|
ui_url: http://localhost:3000/flow/verification
|
|
|
|
login:
|
|
ui_url: http://localhost:3000/flow/login
|
|
lifespan: 10m
|
|
after:
|
|
hooks:
|
|
- hook: require_verified_address
|
|
|
|
registration:
|
|
lifespan: 10m
|
|
ui_url: http://localhost:3000/flow/registration
|
|
# after:
|
|
# default_browser_return_url: http://localhost:3000
|
|
# password:
|
|
# hooks:
|
|
# - hook: session # automatically sign-in after registration
|
|
|
|
#
|
|
# Configure connection to hydra for oauth2 and oidc.
|
|
# If set, the login and registration flows will handle the Ory OAuth 2.0 & OpenID `login_challenge` query parameter to serve as an OpenID Connect Provider.
|
|
#
|
|
oauth2_provider:
|
|
override_return_to: false
|
|
url: http://ory-hydra:4445
|
|
|
|
#
|
|
# Configure secrets and key rotation.
|
|
# Documentation: https://www.ory.sh/docs/kratos/guides/secret-key-rotation
|
|
#
|
|
secrets:
|
|
cookie:
|
|
- PLEASE-CHANGE-ME-I-AM-VERY-INSECURE
|
|
cipher:
|
|
- 32-LONG-SECRET-NOT-SECURE-AT-ALL
|
|
|
|
ciphers:
|
|
algorithm: xchacha20-poly1305
|
|
|
|
hashers:
|
|
algorithm: bcrypt
|
|
bcrypt:
|
|
cost: 8
|
|
|
|
#
|
|
# The delivered identity schema shows how to use the schema system.
|
|
# Documentation: https://www.ory.sh/docs/kratos/manage-identities/identity-schema
|
|
#
|
|
identity:
|
|
default_schema_id: default
|
|
schemas:
|
|
- id: default
|
|
url: file:///etc/config/kratos/identity.schema.json
|
|
|
|
#
|
|
# Configure the mailing service.
|
|
# Documentation: https://www.ory.sh/docs/kratos/self-hosted/mail-courier-selfhosted
|
|
#
|
|
courier:
|
|
smtp:
|
|
connection_uri: smtps://test:test@ory-mailslurper:1025/?skip_ssl_verify=true
|