Self-hosting keto returns "404 Page Not Found" when running a permission check

[antoniantonov]

Preflight checklist

• I could not find a solution in the existing issues, docs, nor discussions.
• I agree to follow this project's Code of Conduct.
• I have read and am following this repository's Contribution Guidelines.
• I have joined the Ory Community Slack.
• I am signed up to the Ory Security Patch Newsletter.

Ory Network Project

No response

Describe the bug

Deploying keto to Docker container and trying to hit it with GET verb on localhost:4466/relation-tuples/check/ to check permissions, I'm getting weird HTTP code 404 with text body: "404 Not Found". When using the Ory Network with the same path - https://blissful-leavitt-njmmzsufwj.projects.oryapis.com/relation-tuples/check/ I'm getting either allowed or not allowed in JSON format, regardless if the namespace or any other query parameter is found or not.
Another interesting fact is the the write API works on localhost:4467. I can create tuples. Also, GET on localhost:4466/relation-tuples/` dumps the database. So, keto service is up and running. But it can't check permissions.

Reproducing the bug

1. Docker compose file:

keto:
    depends_on:
      - keto-migrate
    image: oryd/keto:latest-sqlite
    ports:
      - "4466:4466"
      - "4467:4467"
    command: serve -c /home/ory/keto.yml
    restart: unless-stopped
    volumes:
      - type: volume
        source: keto-sqlite
        target: /var/lib/sqlite
        read_only: false
      - type: bind
        source: ./keto
        target: /home/ory
    environment:
      - LOG_LEVEL=debug
      - DSN=${DSN_STRING}
        # This is only for Development
      - LOG_LEAK_SENSITIVE_VALUES=true

volumes:
  kratos-sqlite:
  keto-sqlite:
  mongodb:

3. Keto config:

version: v0.11.1-alpha.1
debug: true

log:
  level: debug

namespaces:
  - id: 0
    name: Api
  - id: 1
    name: Group
  - id: 2
    name: User

serve:
  read:
    host: 0.0.0.0
    port: 4466
  write:
    host: 0.0.0.0
    port: 4467

dsn: sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc

Relevant log output

GET /relation-tuples/check/?namespace=videos&object=/cats/1.mp4&relation=view&subject_id=* HTTP/1.1
Authorization: bearer ory_pat_lrrKf5sCodLd1beIOyEf8srmFdSUXy5x
User-Agent: PostmanRuntime/7.36.1
Accept: */*
Postman-Token: 4b62d92b-fe5d-4344-82ef-b6abfcbfaccd
Host: localhost:4466
Connection: keep-alive
 
HTTP/1.1 404 Not Found
Content-Type: text/plain; charset=utf-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Feb 2024 16:13:23 GMT
Content-Length: 19
 
404 page not found

Relevant configuration

version: v0.11.1-alpha.1
debug: true

log:
  level: debug

namespaces:
  - id: 0
    name: Api
  - id: 1
    name: Group
  - id: 2
    name: User

serve:
  read:
    host: 0.0.0.0
    port: 4466
  write:
    host: 0.0.0.0
    port: 4467

dsn: sqlite:///var/lib/sqlite/db.sqlite?_fk=true&mode=rwc

Version

latest

On which operating system are you observing this issue?

macOS

In which environment are you deploying?

Docker Compose

Additional Context

No response

[pstemporowski]

I'm facing the same issue. Have you found any workaround? @antoniantonov

[nmapx]

Can't reproduce the issue. Works for me on both v0.11 and v0.12
Are you sure your infra config is correct? It looks like ports/proxies (public and admin/write APIs) are mixed at some point.