Hydra & SSL Certifactes

Faares · June 20, 2020, 4:27pm

Hi,
I’m trying to use Hydra, everything works well except some SSL problems.
I deploy this guide literally, but I’m facing some problems like:
“Client sent an HTTP request to an HTTPS server” appears when the client redirect the user to the OAuth2 server.
how can I fix issues like this in production? if you know that I will use all the stack behind Apache webserver, and use the proxy module in apache.

Faares · June 20, 2020, 6:31pm

I make this bash script to “test” Hydra…

docker network create hydraguide

docker run \
  --network hydraguide \
  --name ory-hydra-example--postgres \
  -e POSTGRES_USER=hydra \
  -e POSTGRES_PASSWORD=secret \
  -e POSTGRES_DB=hydra \
  -d postgres:9.6
  
  sleep 10s

export SECRETS_SYSTEM=$(export LC_CTYPE=C; cat /dev/urandom | tr -dc 'a-zA-Z0-9' | fold -w 32 | head -n 1)


 export DSN=postgres://hydra:secret@ory-hydra-example--postgres:5432/hydra?sslmode=disable


 docker pull oryd/hydra:v1.5.1


 docker run -it --rm --entrypoint hydra oryd/hydra:v1.5.1 help serve

sleep 10s
 docker run -it --rm \
  --network hydraguide \
  oryd/hydra:v1.5.1 \
  migrate sql --yes $DSN


sleep 10s

 docker run -d \
  --name ory-hydra-example--hydra \
  --network hydraguide \
  -p 9000:4444 \
  -p 9001:4445 \
  -e SECRETS_SYSTEM=$SECRETS_SYSTEM \
  -e DSN=$DSN \
  -e URLS_SELF_ISSUER=https://[MY_PUBLIC_IP]:9000/ \
  -e URLS_CONSENT=http://[MY_PUBLIC_IP]:9020/consent \
  -e URLS_LOGIN=http://[MY_PUBLIC_IP]:9020/login \
  oryd/hydra:v1.5.1 serve all

 docker logs ory-hydra-example--hydra


docker pull oryd/hydra-login-consent-node:v1.3.2

sleep 10s

docker run -d \
  --name ory-hydra-example--consent \
  -p 9020:3000 \
  --network hydraguide \
  -e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445 \
  -e NODE_TLS_REJECT_UNAUTHORIZED=0 \
  oryd/hydra-login-consent-node:v1.3.2
  
  
sleep 10s
  
  docker logs ory-hydra-example--consent
  
  docker run --rm -it \
  -e HYDRA_ADMIN_URL=https://ory-hydra-example--hydra:4445 \
  --network hydraguide \
  oryd/hydra:v1.5.1 \
  clients create --skip-tls-verify \
    --id facebook-photo-backup \
    --secret some-secret \
    --grant-types authorization_code,refresh_token,client_credentials,implicit \
    --response-types token,code,id_token \
    --scope openid,offline,photos.read \
    --callbacks http://127.0.0.1:9010/callback
    
sleep 10s    
    
docker run --rm -it \
  --network hydraguide \
  -p 9010:9010 \
  oryd/hydra:v1.5.1 \
  token user --skip-tls-verify \
    --port 9010 \
    --auth-url https://[MY_PUBLIC_IP]:9000/oauth2/auth \
    --token-url https://ory-hydra-example--hydra:4444/oauth2/token \
    --client-id facebook-photo-backup \
    --client-secret some-secret \
    --scope openid,offline,photos.read

but, always get this error message:
Unable to connect: dial tcp: lookup ory-hydra-example--hydra on 127.0.0.11:53: read udp 127.0.0.1:34699->127.0.0.11:53: read: connection refused

can anyone explain?

hackerman · June 21, 2020, 2:07pm

What does

docker logs ory-hydra-example--hydra

say after you run the command?