Open Closed

Handling tenant specific remote endpoints #1499


User avatar
0
kirtik created

Hello,

We are developing ABP.io commercial micro service + Angular architecture based multitenant application, and will be hosting on AKS. We were reffering your documentation - https://docs.abp.io/en/abp/latest/UI/Angular/Multi-Tenancy#tenant-specific-remote-endpoints. In the "Tenant Specific Remote Endpoints" section in this link, you are suggesting to have - baseUrl: "https://{0}.mydomain.com/" issuer: "https://{0}.ids.mydomain.com" url: "https://{0}.api.mydomain.com" url: "https://{0}.identity.mydomain.com"

According to above configuration for each tenant, either we need to have 4 different wildcard cartificate or one multidomain certificate (which is limited to specific number for domains - lets say up to 100 domains/certificate) whats your recommendation on this - shall we go with four different wildcard certificates (*.mydomain.com, *.ids.mydomain.com, *.api.mydomain.com & *.identity.mydomain.com) or go with single multidomain certificate ?

Apart from this, rather than going with multiple wildcard certificates or a multidomain certificate approach, we are also planning to go with an approach, wherein, we can use -{0}.mydomain.com, ids.mydomain.com, api.mydomain.com, & identity.mydomain.com by handling the configurations from the code, so that we can go with single wildcard certificate for unlimited sub-domains?

Whats your recommendation on this ?

Thanks


7 Answer(s)
  • User Avatar
    0
    kirtik created

    @maliming

    Can you please provide some pointers on this ?

  • User Avatar
    0
    alper created
    Support Team Director

    if there'll be 100 tenants then using a wildcard certificate that supports all subdomains of your tenant1.website.com is good to go . but if your tenants are limited and known before then you can setup individual SSL certificates. for example we use this

  • User Avatar
    0
    kirtik created

    Thanks for your response. My next question is, whether the Wildcard certificate for a {0}.mydomain.com will also work for the following :

    oAuthConfig.issuer "https://{0}.ids.mydomain.com" apis.default.url url: "https://{0}.api.mydomain.com" apis.AbpIdentity.url url: "https://{0}.identity.mydomain.com"

    OR Do we need to buy separate wildcard certificate for each of the above API Urls ?

    In short to run the above application with respective configuration (https://docs.abp.io/en/abp/latest/UI/Angular/Multi-Tenancy#tenant-specific-remote-endpoints) , do we need four wildcard certificates ?

  • User Avatar
    0
    kirtik created

    @maliming

    Can you please provide some pointers on this ?

    Awaiting your early response for this customer.

    Thanks

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I can't provide professional advice on SSL.

    We have examples of using domain to resolve tenants.

    https://github.com/abpframework/abp-samples/tree/master/DomainTenantResolver#angular

  • User Avatar
    0
    alper created
    Support Team Director

    @kirtik we are not experienced on SSL issues. this is more like devops issue rather than ABP. maybe you can ask to experienced DevOps guys

  • User Avatar
    0
    ServiceBot created
    Support Team Automatic process manager

    This question has been automatically marked as stale because it has not had recent activity.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09