From 27ef1ee87d3b7dc398005cd4277e5d54e28b5ac4 Mon Sep 17 00:00:00 2001 From: meysamhadeli Date: Mon, 13 Feb 2023 16:56:23 +0330 Subject: [PATCH] feat: Config identity server for ingress revers proxy --- .../docker-compose/docker-compose.yaml | 5 ++- .../docker-compose/infrastracture.yaml | 6 ++-- src/BuildingBlocks/Jwt/JwtExtensions.cs | 2 +- .../Booking/src/Booking.Api/Program.cs | 1 - .../src/Booking.Api/appsettings.docker.json | 5 +-- .../Booking/src/Booking.Api/appsettings.json | 3 +- .../InfrastructureExtensions.cs | 1 - .../Flight.Api/Properties/launchSettings.json | 10 ++++++ .../src/Flight.Api/appsettings.docker.json | 2 +- .../InfrastructureExtensions.cs | 1 - .../Identity/src/Identity.Api/Program.cs | 1 - .../Properties/launchSettings.json | 18 +++++++++++ .../src/Identity.Api/appsettings.docker.json | 4 --- .../src/Identity.Api/appsettings.json | 4 --- .../IdentityServerExtensions.cs | 6 ++-- .../InfrastructureExtensions.cs | 31 +++++++++++++++++++ .../Passenger/src/Passenger.Api/Program.cs | 1 - .../src/Passenger.Api/appsettings.docker.json | 5 +-- .../src/Passenger.Api/appsettings.json | 3 +- .../InfrastructureExtensions.cs | 1 - 20 files changed, 77 insertions(+), 33 deletions(-) diff --git a/deployments/docker-compose/docker-compose.yaml b/deployments/docker-compose/docker-compose.yaml index c474b5f..d0fafcd 100644 --- a/deployments/docker-compose/docker-compose.yaml +++ b/deployments/docker-compose/docker-compose.yaml @@ -252,7 +252,7 @@ services: ####################################################### elasticsearch: container_name: elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:7.9.2 + image: elasticsearch:7.17.9 restart: unless-stopped ports: - 9200:9200 @@ -271,7 +271,7 @@ services: ####################################################### kibana: container_name: kibana - image: docker.elastic.co/kibana/kibana:7.9.2 + image: kibana:7.17.9 restart: unless-stopped ports: - 5601:5601 @@ -285,7 +285,6 @@ services: networks: booking: - name: booking volumes: elasticsearch-data: diff --git a/deployments/docker-compose/infrastracture.yaml b/deployments/docker-compose/infrastracture.yaml index 12c78ad..1da5b3e 100644 --- a/deployments/docker-compose/infrastracture.yaml +++ b/deployments/docker-compose/infrastracture.yaml @@ -95,7 +95,7 @@ services: ####################################################### elasticsearch: container_name: elasticsearch - image: docker.elastic.co/elasticsearch/elasticsearch:7.17.9 + image: elasticsearch:7.17.9 restart: unless-stopped ports: - 9200:9200 @@ -114,7 +114,7 @@ services: ####################################################### kibana: container_name: kibana - image: docker.elastic.co/kibana/kibana:7.17.9 + image: kibana:7.17.9 restart: unless-stopped ports: - 5601:5601 @@ -141,8 +141,6 @@ services: networks: booking: - name: booking - volumes: elasticsearch-data: diff --git a/src/BuildingBlocks/Jwt/JwtExtensions.cs b/src/BuildingBlocks/Jwt/JwtExtensions.cs index be56cd3..d92a23a 100644 --- a/src/BuildingBlocks/Jwt/JwtExtensions.cs +++ b/src/BuildingBlocks/Jwt/JwtExtensions.cs @@ -16,7 +16,7 @@ public static class JwtExtensions { options.Authority = jwtOptions.Authority; options.TokenValidationParameters.ValidateAudience = false; - options.RequireHttpsMetadata = false; + options.RequireHttpsMetadata = jwtOptions.RequireHttpsMetadata; }); if (!string.IsNullOrEmpty(jwtOptions.Audience)) diff --git a/src/Services/Booking/src/Booking.Api/Program.cs b/src/Services/Booking/src/Booking.Api/Program.cs index ad0f0ce..514f063 100644 --- a/src/Services/Booking/src/Booking.Api/Program.cs +++ b/src/Services/Booking/src/Booking.Api/Program.cs @@ -20,7 +20,6 @@ var app = builder.Build(); app.MapMinimalEndpoints(); app.UseAuthentication(); app.UseAuthorization(); -app.UseHttpsRedirection(); app.UseInfrastructure(); app.Run(); diff --git a/src/Services/Booking/src/Booking.Api/appsettings.docker.json b/src/Services/Booking/src/Booking.Api/appsettings.docker.json index 19fad71..1e80d8d 100644 --- a/src/Services/Booking/src/Booking.Api/appsettings.docker.json +++ b/src/Services/Booking/src/Booking.Api/appsettings.docker.json @@ -26,8 +26,9 @@ "Port": 5672 }, "Jwt": { - "Authority": "identity:5005", - "Audience": "booking-api" + "Authority": "https://myidentityserver.com", + "Audience": "booking-api", + "RequireHttpsMetadata": false }, "Grpc": { "FlightAddress": "flight:5003", diff --git a/src/Services/Booking/src/Booking.Api/appsettings.json b/src/Services/Booking/src/Booking.Api/appsettings.json index 2792c24..5bc91a3 100644 --- a/src/Services/Booking/src/Booking.Api/appsettings.json +++ b/src/Services/Booking/src/Booking.Api/appsettings.json @@ -23,7 +23,8 @@ }, "Jwt": { "Authority": "https://localhost:5005", - "Audience": "booking-api" + "Audience": "booking-api", + "RequireHttpsMetadata": true }, "RabbitMqOptions": { "HostName": "localhost", diff --git a/src/Services/Booking/src/Booking/Extensions/Infrastructure/InfrastructureExtensions.cs b/src/Services/Booking/src/Booking/Extensions/Infrastructure/InfrastructureExtensions.cs index bc2f4d8..76d1cfb 100644 --- a/src/Services/Booking/src/Booking/Extensions/Infrastructure/InfrastructureExtensions.cs +++ b/src/Services/Booking/src/Booking/Extensions/Infrastructure/InfrastructureExtensions.cs @@ -12,7 +12,6 @@ using BuildingBlocks.MassTransit; using BuildingBlocks.Mongo; using BuildingBlocks.OpenTelemetry; using BuildingBlocks.PersistMessageProcessor; -using BuildingBlocks.PersistMessageProcessor.Data; using BuildingBlocks.Swagger; using BuildingBlocks.Web; using Figgle; diff --git a/src/Services/Flight/src/Flight.Api/Properties/launchSettings.json b/src/Services/Flight/src/Flight.Api/Properties/launchSettings.json index bedb9f7..d73af91 100644 --- a/src/Services/Flight/src/Flight.Api/Properties/launchSettings.json +++ b/src/Services/Flight/src/Flight.Api/Properties/launchSettings.json @@ -10,6 +10,16 @@ "environmentVariables": { "ASPNETCORE_ENVIRONMENT": "Development" } + }, + "https": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "launchUrl": "swagger", + "applicationUrl": "https://localhost:5003", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } } } } diff --git a/src/Services/Flight/src/Flight.Api/appsettings.docker.json b/src/Services/Flight/src/Flight.Api/appsettings.docker.json index 1a70dc4..469ea11 100644 --- a/src/Services/Flight/src/Flight.Api/appsettings.docker.json +++ b/src/Services/Flight/src/Flight.Api/appsettings.docker.json @@ -23,7 +23,7 @@ "ConnectionString": "Server=postgres;Port=5432;Database=flight;User Id=postgres;Password=postgres;Include Error Detail=true" }, "Jwt": { - "Authority": "http://myidentityserver.com", + "Authority": "https://myidentityserver.com", "Audience": "flight-api", "RequireHttpsMetadata": false }, diff --git a/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs b/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs index 12ee124..5c13489 100644 --- a/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs +++ b/src/Services/Flight/src/Flight/Extensions/Infrastructure/InfrastructureExtensions.cs @@ -16,7 +16,6 @@ using BuildingBlocks.Mongo; using BuildingBlocks.OpenTelemetry; using BuildingBlocks.PersistMessageProcessor; using BuildingBlocks.Swagger; -using BuildingBlocks.Utils; using BuildingBlocks.Web; using Figgle; using Flight.Data; diff --git a/src/Services/Identity/src/Identity.Api/Program.cs b/src/Services/Identity/src/Identity.Api/Program.cs index 459d4ee..4d655a0 100644 --- a/src/Services/Identity/src/Identity.Api/Program.cs +++ b/src/Services/Identity/src/Identity.Api/Program.cs @@ -20,7 +20,6 @@ var app = builder.Build(); app.MapMinimalEndpoints(); app.UseAuthentication(); app.UseAuthorization(); -app.UseHttpsRedirection(); app.UseInfrastructure(); app.Run(); diff --git a/src/Services/Identity/src/Identity.Api/Properties/launchSettings.json b/src/Services/Identity/src/Identity.Api/Properties/launchSettings.json index 5e419f6..613df80 100644 --- a/src/Services/Identity/src/Identity.Api/Properties/launchSettings.json +++ b/src/Services/Identity/src/Identity.Api/Properties/launchSettings.json @@ -1,6 +1,24 @@ { "$schema": "https://json.schemastore.org/launchsettings.json", + "iisSettings": { + "windowsAuthentication": false, + "anonymousAuthentication": true, + "iisExpress": { + "applicationUrl": "http://localhost:42478", + "sslPort": 44342 + } + }, "profiles": { + "http": { + "commandName": "Project", + "dotnetRunMessages": true, + "launchBrowser": true, + "launchUrl": "swagger", + "applicationUrl": "http://localhost:5009", + "environmentVariables": { + "ASPNETCORE_ENVIRONMENT": "Development" + } + }, "https": { "commandName": "Project", "dotnetRunMessages": true, diff --git a/src/Services/Identity/src/Identity.Api/appsettings.docker.json b/src/Services/Identity/src/Identity.Api/appsettings.docker.json index 0042496..15ef267 100644 --- a/src/Services/Identity/src/Identity.Api/appsettings.docker.json +++ b/src/Services/Identity/src/Identity.Api/appsettings.docker.json @@ -15,10 +15,6 @@ "Password": "guest", "Port": 5672 }, - "Jwt": { - "Authority": "identity:5005", - "Audience": "identity-api" - }, "LogOptions": { "Level": "information", "LogTemplate": "{Timestamp:HH:mm:ss} [{Level:u4}] {Message:lj}{NewLine}{Exception}", diff --git a/src/Services/Identity/src/Identity.Api/appsettings.json b/src/Services/Identity/src/Identity.Api/appsettings.json index af84e36..9207177 100644 --- a/src/Services/Identity/src/Identity.Api/appsettings.json +++ b/src/Services/Identity/src/Identity.Api/appsettings.json @@ -12,10 +12,6 @@ "Password": "guest", "Port": 5672 }, - "Jwt": { - "Authority": "https://localhost:5005", - "Audience": "identity-api" - }, "LogOptions": { "Level": "information", "LogTemplate": "{Timestamp:HH:mm:ss} [{Level:u4}] {Message:lj}{NewLine}{Exception}", diff --git a/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs b/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs index c22ab9e..e447267 100644 --- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs +++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/IdentityServerExtensions.cs @@ -35,10 +35,8 @@ public static class IdentityServerExtensions .AddAspNetIdentity() .AddResourceOwnerValidator(); - if (env.IsDevelopment()) - { - identityServerBuilder.AddDeveloperSigningCredential(); - } + //ref: https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html + identityServerBuilder.AddDeveloperSigningCredential(); return services; } diff --git a/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs b/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs index 3b2a449..29abf9e 100644 --- a/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs +++ b/src/Services/Identity/src/Identity/Extensions/Infrastructure/InfrastructureExtensions.cs @@ -26,6 +26,9 @@ using Serilog; namespace Identity.Extensions.Infrastructure; +using Duende.IdentityServer.Extensions; +using Microsoft.AspNetCore.HttpOverrides; + public static class InfrastructureExtensions { public static WebApplicationBuilder AddInfrastructure(this WebApplicationBuilder builder) @@ -76,6 +79,14 @@ public static class InfrastructureExtensions builder.Services.AddIdentityServer(env); + //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2 + //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466 + builder.Services.Configure(options => + { + options.ForwardedHeaders = + ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; + }); + return builder; } @@ -85,6 +96,10 @@ public static class InfrastructureExtensions var env = app.Environment; var appOptions = app.GetOptions(nameof(AppOptions)); + //ref: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-7.0&viewFallbackFrom=aspnetcore-2.2 + //ref: https://medium.com/@christopherlenard/identity-server-and-nginx-ingress-controller-in-kubernetes-7146c22a2466 + app.UseForwardedHeaders(); + app.UseProblemDetails(); app.UseSerilogRequestLogging(options => { @@ -100,6 +115,22 @@ public static class InfrastructureExtensions app.MapGet("/", x => x.Response.WriteAsync(appOptions.Name)); + app.Use((httpContext, next) => + { + httpContext.Request.Scheme = "https"; + return next(); + }); + + app.Use(async (ctx, next) => + { + if (ctx.Request.Headers.ContainsKey("from-ingress")) + { + ctx.SetIdentityServerOrigin("https://myidentityserver.com"); + } + + await next(); + }); + if (env.IsDevelopment()) { app.UseCustomSwagger(); diff --git a/src/Services/Passenger/src/Passenger.Api/Program.cs b/src/Services/Passenger/src/Passenger.Api/Program.cs index 7f85306..bf17e88 100644 --- a/src/Services/Passenger/src/Passenger.Api/Program.cs +++ b/src/Services/Passenger/src/Passenger.Api/Program.cs @@ -20,7 +20,6 @@ var app = builder.Build(); app.MapMinimalEndpoints(); app.UseAuthentication(); app.UseAuthorization(); -app.UseHttpsRedirection(); app.UseInfrastructure(); app.Run(); diff --git a/src/Services/Passenger/src/Passenger.Api/appsettings.docker.json b/src/Services/Passenger/src/Passenger.Api/appsettings.docker.json index 73e5410..d49806e 100644 --- a/src/Services/Passenger/src/Passenger.Api/appsettings.docker.json +++ b/src/Services/Passenger/src/Passenger.Api/appsettings.docker.json @@ -9,8 +9,9 @@ "ConnectionString": "Server=postgres;Port=5432;Database=persist_message;User Id=postgres;Password=postgres;Include Error Detail=true" }, "Jwt": { - "Authority": "identity:5005", - "Audience": "passenger-api" + "Authority": "https://myidentityserver.com", + "Audience": "passenger-api", + "RequireHttpsMetadata": false }, "MongoOptions": { "ConnectionString": "mongodb://mongo:27017", diff --git a/src/Services/Passenger/src/Passenger.Api/appsettings.json b/src/Services/Passenger/src/Passenger.Api/appsettings.json index f73aaa3..01ed508 100644 --- a/src/Services/Passenger/src/Passenger.Api/appsettings.json +++ b/src/Services/Passenger/src/Passenger.Api/appsettings.json @@ -11,7 +11,8 @@ }, "Jwt": { "Authority": "https://localhost:5005", - "Audience": "passenger-api" + "Audience": "passenger-api", + "RequireHttpsMetadata": "true" }, "RabbitMqOptions": { "HostName": "localhost", diff --git a/src/Services/Passenger/src/Passenger/Extensions/Infrastructure/InfrastructureExtensions.cs b/src/Services/Passenger/src/Passenger/Extensions/Infrastructure/InfrastructureExtensions.cs index 0041942..c8cd27a 100644 --- a/src/Services/Passenger/src/Passenger/Extensions/Infrastructure/InfrastructureExtensions.cs +++ b/src/Services/Passenger/src/Passenger/Extensions/Infrastructure/InfrastructureExtensions.cs @@ -12,7 +12,6 @@ using BuildingBlocks.Mongo; using BuildingBlocks.OpenTelemetry; using BuildingBlocks.PersistMessageProcessor; using BuildingBlocks.Swagger; -using BuildingBlocks.Utils; using BuildingBlocks.Web; using Figgle; using FluentValidation;