Deploying to <domain>/hydra

I am trying to setup Hydra in a k8s cluster where the top level domain is shared by several applications and each application gets traffic at a directory path, e.g.

Any traffic to https://domain.com/web-application gets redirected to the web-application pod

I have similarly setup Hydra issuer_url to include a ‘/hydra/’ postfix.
However, Hydra application doesn’t seem to be able to correctly separate this part from the path and therefore returns 404. e.g. curl https://domain.com/hydra/.well-known/openid-configuration returns 404/

From the logs:

host:domain.com method:GET path:/hydra/.well-known/openid-configuration query:<nil> ...] http_response=map[status:404 text_status:Not Found took:299.925µs]

when I ssh to the pod and run curl http://localhost:4444/.well-known/openid-configuration
I see the correct URLs being generated:

{
"issuer":"https://domain.com/hydra/",
"authorization_endpoint":"https://<domain>/hydra/oauth2/auth",
...
}```
 similar to the example results here: https://www.ory.sh/hydra/docs/reference/api#200-response-1


Is there a different config that needs to be set in addition to the `URLS_SELF_ISSUER` for this setup to work?

You need to enable path stripping in your proxy/ingress!

That’s a good suggestion for a workaround; unfortunately gke ingress doesn’t support url-rewrite at the moment but there are probably similar solutions that I can look into.

Does this mean that Hydra does not support path prefixes?

No Ory Hydra does not support that. We replaced GKE ingress with NGinx as it has also many other shortcomings, despite vocal community pushback.