Set up HTTPS (TLS)
If you want to run Ory Kratos using self-signed TLS certificates, you can do the following:
openssl genrsa -out key.pem 4096
openssl req -new -x509 -sha256 -key key.pem -out cert.crt -days 365
SERVE_PUBLIC_TLS_CERT_BASE64=$(base64 -i cert.crt)
SERVE_PUBLIC_TLS_KEY_BASE64=$(base64 -i key.pem)
SERVE_ADMIN_TLS_CERT_BASE64=$(base64 -i cert.crt)
SERVE_ADMIN_TLS_KEY_BASE64=$(base64 -i key.pem)
# or
SERVE_PUBLIC_TLS_KEY_PATH=/path/to/key.pem
SERVE_PUBLIC_TLS_CERT_PATH=/path/to/cert.crt
SERVE_ADMIN_TLS_KEY_PATH=/path/to/key.pem
SERVE_ADMIN_TLS_CERT_PATH=/path/to/cert.crt
If you run Docker locally, you can then use
docker run ... \
-e SERVE_PUBLIC_TLS_CERT_BASE64="$SERVE_PUBLIC_TLS_CERT_BASE64" \
-e SERVE_PUBLIC_TLS_KEY_BASE64="$SERVE_PUBLIC_TLS_KEY_BASE64" \
-e SERVE_ADMIN_TLS_CERT_BASE64="$SERVE_ADMIN_TLS_CERT_BASE64" \
-e SERVE_ADMIN_TLS_KEY_BASE64="$SERVE_ADMIN_TLS_KEY_BASE64" \
...
or mount the files using --mount
and linking to the files.