Config for ORY Hydra behind multiple proxies

As mentioned here, setting up Hydra behind an API Gateway will require adding the gateway’s ip under the allow_termination_from setting. However in my use-case, I have a Load Balancer between the API Gateway and Hydra. The flow looks something like this

API Gateway ----[http]----> Load Balancer ----[http]----> Hydra

As the request coming to the Load Balancer is a http call, the X-Forwarded-Proto header is always set to http and NOT https. So, if I have to support http calls to Hydra, I am forced to use the --dangerous-force-http setting which is not recommended for production environments.

Is there any configuration in Hydra to support this use-case ?

Hm this could be a bit tricky to implement at the moment unless your Load Balancer talks HTTPS or is able to not set the X-Forwarded-Proto. However, we’re thinking of disabling the X-Forwarded-Proto check to enable such environments, although it is of course a big downside for security enforcement.