feat: Config identity server for ingress revers proxy

2026-04-15 22:04:05 +08:00 · 2023-02-13 16:56:23 +03:30 · 2023-02-13 16:56:23 +03:30 · 27ef1ee87d
commit 27ef1ee87d
parent 940c807c51
20 changed files with 77 additions and 33 deletions
--- a/deployments/docker-compose/docker-compose.yaml
+++ b/deployments/docker-compose/docker-compose.yaml
@ -252,7 +252,7 @@ services:
    #######################################################
  elasticsearch:
    container_name: elasticsearch
-    image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2
+    image: elasticsearch:7.17.9
    restart: unless-stopped
    ports:
      - 9200:9200
@ -271,7 +271,7 @@ services:
      #######################################################
  kibana:
    container_name: kibana
-    image: docker.elastic.co/kibana/kibana:7.9.2
+    image: kibana:7.17.9
    restart: unless-stopped
    ports:
      - 5601:5601
@ -285,7 +285,6 @@ services:

 networks:
  booking:
-    name: booking

 volumes:
  elasticsearch-data:
--- a/deployments/docker-compose/infrastracture.yaml
+++ b/deployments/docker-compose/infrastracture.yaml
@ -95,7 +95,7 @@ services:
    #######################################################
  elasticsearch:
   container_name: elasticsearch
-   image: docker.elastic.co/elasticsearch/elasticsearch:7.17.9
+   image: elasticsearch:7.17.9
   restart: unless-stopped
   ports:
    - 9200:9200
@ -114,7 +114,7 @@ services:
    #######################################################
  kibana:
   container_name: kibana
-   image: docker.elastic.co/kibana/kibana:7.17.9
+   image: kibana:7.17.9
   restart: unless-stopped
   ports:
    - 5601:5601
@ -141,8 +141,6 @@ services:

 networks:
  booking:
-    name: booking
-

 volumes:
  elasticsearch-data:
--- a/src/BuildingBlocks/Jwt/JwtExtensions.cs
+++ b/src/BuildingBlocks/Jwt/JwtExtensions.cs
@ -16,7 +16,7 @@ public static class JwtExtensions
            {
                options.Authority = jwtOptions.Authority;
                options.TokenValidationParameters.ValidateAudience = false;
-                options.RequireHttpsMetadata = false;
+                options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata;
            });

        if (!string.IsNullOrEmpty(jwtOptions.Audience))
--- a/src/Services/Booking/src/Booking.Api/Program.cs
+++ b/src/Services/Booking/src/Booking.Api/Program.cs
@ -20,7 +20,6 @@ var app = builder.Build();
 app.MapMinimalEndpoints();
 app.UseAuthentication();
 app.UseAuthorization();
-app.UseHttpsRedirection();
 app.UseInfrastructure();

 app.Run();
--- a/src/Services/Booking/src/Booking.Api/appsettings.docker.json
+++ b/src/Services/Booking/src/Booking.Api/appsettings.docker.json
@ -26,8 +26,9 @@
    "Port": 5672
  },
  "Jwt": {
-    "Authority": "identity:5005",
-    "Audience": "booking-api"
+    "Authority": "https://myidentityserver.com",
+    "Audience": "booking-api",
+    "RequireHttpsMetadata": false
  },
  "Grpc": {
    "FlightAddress": "flight:5003",
--- a/src/Services/Booking/src/Booking.Api/appsettings.json
+++ b/src/Services/Booking/src/Booking.Api/appsettings.json
@ -23,7 +23,8 @@
  },
  "Jwt": {
    "Authority": "https://localhost:5005",
-    "Audience": "booking-api"
+    "Audience": "booking-api",
+    "RequireHttpsMetadata": true
  },
  "RabbitMqOptions": {
    "HostName": "localhost",
--- a/src/Services/Booking/src/Booking/Extensions/Infrastructure/InfrastructureExtensions.cs
+++ b/src/Services/Booking/src/Booking/Extensions/Infrastructure/InfrastructureExtensions.cs
@ -12,7 +12,6 @@ using BuildingBlocks.MassTransit;
 using BuildingBlocks.Mongo;
 using BuildingBlocks.OpenTelemetry;
 using BuildingBlocks.PersistMessageProcessor;
-using BuildingBlocks.PersistMessageProcessor.Data;
 using BuildingBlocks.Swagger;
 using BuildingBlocks.Web;
 using Figgle;
--- a/src/Services/Flight/src/Flight.Api/Properties/launchSettings.json
+++ b/src/Services/Flight/src/Flight.Api/Properties/launchSettings.json
@ -10,6 +10,16 @@
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
+    },
+    "https": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "https://localhost:5003",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
    }
  }
 }
--- a/src/Services/Flight/src/Flight.Api/appsettings.docker.json
+++ b/src/Services/Flight/src/Flight.Api/appsettings.docker.json
@ -23,7 +23,7 @@
    "ConnectionString": "Server=postgres;Port=5432;Database=flight;User Id=postgres;Password=postgres;Include Error Detail=true"
  },
  "Jwt": {
-    "Authority": "http://myidentityserver.com",
+    "Authority": "https://myidentityserver.com",
    "Audience": "flight-api",
    "RequireHttpsMetadata": false
  },
--- a/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs
+++ b/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs
@ -16,7 +16,6 @@ using BuildingBlocks.Mongo;
 using BuildingBlocks.OpenTelemetry;
 using BuildingBlocks.PersistMessageProcessor;
 using BuildingBlocks.Swagger;
-using BuildingBlocks.Utils;
 using BuildingBlocks.Web;
 using Figgle;
 using Flight.Data;
--- a/src/Services/Identity/src/Identity.Api/Program.cs
+++ b/src/Services/Identity/src/Identity.Api/Program.cs
@ -20,7 +20,6 @@ var app = builder.Build();
 app.MapMinimalEndpoints();
 app.UseAuthentication();
 app.UseAuthorization();
-app.UseHttpsRedirection();
 app.UseInfrastructure();

 app.Run();
--- a/src/Services/Identity/src/Identity.Api/Properties/launchSettings.json
+++ b/src/Services/Identity/src/Identity.Api/Properties/launchSettings.json
@ -1,6 +1,24 @@
 {
  "$schema": "https://json.schemastore.org/launchsettings.json",
+  "iisSettings": {
+    "windowsAuthentication": false,
+    "anonymousAuthentication": true,
+    "iisExpress": {
+      "applicationUrl": "http://localhost:42478",
+      "sslPort": 44342
+    }
+  },
  "profiles": {
+    "http": {
+      "commandName": "Project",
+      "dotnetRunMessages": true,
+      "launchBrowser": true,
+      "launchUrl": "swagger",
+      "applicationUrl": "http://localhost:5009",
+      "environmentVariables": {
+        "ASPNETCORE_ENVIRONMENT": "Development"
+      }
+    },
    "https": {
      "commandName": "Project",
      "dotnetRunMessages": true,
--- a/src/Services/Identity/src/Identity.Api/appsettings.docker.json
+++ b/src/Services/Identity/src/Identity.Api/appsettings.docker.json
@ -15,10 +15,6 @@
    "Password": "guest",
    "Port": 5672
  },
-  "Jwt": {
-    "Authority": "identity:5005",
-    "Audience": "identity-api"
-  },
  "LogOptions": {
    "Level": "information",
    "LogTemplate": "{Timestamp:HH:mm:ss} [{Level:u4}] {Message:lj}{NewLine}{Exception}",
--- a/src/Services/Identity/src/Identity.Api/appsettings.json
+++ b/src/Services/Identity/src/Identity.Api/appsettings.json
@ -12,10 +12,6 @@
    "Password": "guest",
    "Port": 5672
  },
-  "Jwt": {
-    "Authority": "https://localhost:5005",
-    "Audience": "identity-api"
-  },
  "LogOptions": {
    "Level": "information",
    "LogTemplate": "{Timestamp:HH:mm:ss} [{Level:u4}] {Message:lj}{NewLine}{Exception}",
--- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
+++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs
@ -35,10 +35,8 @@ public static class IdentityServerExtensions
            .AddAspNetIdentity<User>()
            .AddResourceOwnerValidator<UserValidator>();

-        if (env.IsDevelopment())
-        {
-            identityServerBuilder.AddDeveloperSigningCredential();
-        }
+        //ref: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
+        identityServerBuilder.AddDeveloperSigningCredential();

        return services;
    }
--- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs
+++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs
@ -26,6 +26,9 @@ using Serilog;

 namespace Identity.Extensions.Infrastructure;

+using Duende.IdentityServer.Extensions;
+using Microsoft.AspNetCore.HttpOverrides;
+
 public static class InfrastructureExtensions
 {
    public static WebApplicationBuilder AddInfrastructure(this WebApplicationBuilder builder)
@ -76,6 +79,14 @@ public static class InfrastructureExtensions

        builder.Services.AddIdentityServer(env);

+        //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2
+        //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466
+        builder.Services.Configure<ForwardedHeadersOptions>(options =>
+        {
+            options.ForwardedHeaders =
+                ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
+        });
+
        return builder;
    }

@ -85,6 +96,10 @@ public static class InfrastructureExtensions
        var env = app.Environment;
        var appOptions = app.GetOptions<AppOptions>(nameof(AppOptions));

+        //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2
+        //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466
+        app.UseForwardedHeaders();
+
        app.UseProblemDetails();
        app.UseSerilogRequestLogging(options =>
        {
@ -100,6 +115,22 @@ public static class InfrastructureExtensions

        app.MapGet("/", x => x.Response.WriteAsync(appOptions.Name));

+        app.Use((httpContext, next) =>
+        {
+            httpContext.Request.Scheme = "https";
+            return next();
+        });
+
+        app.Use(async (ctx, next) =>
+        {
+            if (ctx.Request.Headers.ContainsKey("from-ingress"))
+            {
+                ctx.SetIdentityServerOrigin("https://myidentityserver.com");
+            }
+
+            await next();
+        });
+
        if (env.IsDevelopment())
        {
            app.UseCustomSwagger();
--- a/src/Services/Passenger/src/Passenger.Api/Program.cs
+++ b/src/Services/Passenger/src/Passenger.Api/Program.cs
@ -20,7 +20,6 @@ var app = builder.Build();
 app.MapMinimalEndpoints();
 app.UseAuthentication();
 app.UseAuthorization();
-app.UseHttpsRedirection();
 app.UseInfrastructure();

 app.Run();
--- a/src/Services/Passenger/src/Passenger.Api/appsettings.docker.json
+++ b/src/Services/Passenger/src/Passenger.Api/appsettings.docker.json
@ -9,8 +9,9 @@
    "ConnectionString": "Server=postgres;Port=5432;Database=persist_message;User Id=postgres;Password=postgres;Include Error Detail=true"
  },
  "Jwt": {
-    "Authority": "identity:5005",
-    "Audience": "passenger-api"
+    "Authority": "https://myidentityserver.com",
+    "Audience": "passenger-api",
+    "RequireHttpsMetadata": false
  },
  "MongoOptions": {
    "ConnectionString": "mongodb://mongo:27017",
--- a/src/Services/Passenger/src/Passenger.Api/appsettings.json
+++ b/src/Services/Passenger/src/Passenger.Api/appsettings.json
@ -11,7 +11,8 @@
  },
  "Jwt": {
    "Authority": "https://localhost:5005",
-    "Audience": "passenger-api"
+    "Audience": "passenger-api",
+    "RequireHttpsMetadata": "true"
  },
  "RabbitMqOptions": {
    "HostName": "localhost",
--- a/src/Services/Passenger/src/Passenger/Extensions/Infrastructure/InfrastructureExtensions.cs
+++ b/src/Services/Passenger/src/Passenger/Extensions/Infrastructure/InfrastructureExtensions.cs
@ -12,7 +12,6 @@ using BuildingBlocks.Mongo;
 using BuildingBlocks.OpenTelemetry;
 using BuildingBlocks.PersistMessageProcessor;
 using BuildingBlocks.Swagger;
-using BuildingBlocks.Utils;
 using BuildingBlocks.Web;
 using Figgle;
 using FluentValidation;