Handling tenant specific remote endpoints #1499 | Support

kirtik created 3 years ago

Hello,

We are developing ABP.io commercial micro service + Angular architecture based multitenant application, and will be hosting on AKS. We were reffering your documentation - https://docs.abp.io/en/abp/latest/UI/Angular/Multi-Tenancy#tenant-specific-remote-endpoints. In the "Tenant Specific Remote Endpoints" section in this link, you are suggesting to have - baseUrl: "https://{0}.mydomain.com/" issuer: "https://{0}.ids.mydomain.com" url: "https://{0}.api.mydomain.com" url: "https://{0}.identity.mydomain.com"

According to above configuration for each tenant, either we need to have 4 different wildcard cartificate or one multidomain certificate (which is limited to specific number for domains - lets say up to 100 domains/certificate) whats your recommendation on this - shall we go with four different wildcard certificates (*.mydomain.com, *.ids.mydomain.com, *.api.mydomain.com & *.identity.mydomain.com) or go with single multidomain certificate ?

Apart from this, rather than going with multiple wildcard certificates or a multidomain certificate approach, we are also planning to go with an approach, wherein, we can use -{0}.mydomain.com, ids.mydomain.com, api.mydomain.com, & identity.mydomain.com by handling the configurations from the code, so that we can go with single wildcard certificate for unlimited sub-domains?

Whats your recommendation on this ?

Thanks

7 Answer(s)

0

kirtik created 3 years ago

@maliming

Can you please provide some pointers on this ?
0

alper created 3 years ago
Support Team Director

if there'll be 100 tenants then using a wildcard certificate that supports all subdomains of your tenant1.website.com is good to go . but if your tenants are limited and known before then you can setup individual SSL certificates. for example we use this
0

kirtik created 3 years ago

Thanks for your response. My next question is, whether the Wildcard certificate for a {0}.mydomain.com will also work for the following :

oAuthConfig.issuer "https://{0}.ids.mydomain.com" apis.default.url url: "https://{0}.api.mydomain.com" apis.AbpIdentity.url url: "https://{0}.identity.mydomain.com"

OR Do we need to buy separate wildcard certificate for each of the above API Urls ?

In short to run the above application with respective configuration (https://docs.abp.io/en/abp/latest/UI/Angular/Multi-Tenancy#tenant-specific-remote-endpoints) , do we need four wildcard certificates ?

1
0

kirtik created 3 years ago

@maliming

Can you please provide some pointers on this ?

Awaiting your early response for this customer.

Thanks
0

maliming created 3 years ago
Support Team Fullstack Developer

hi

I can't provide professional advice on SSL.

We have examples of using domain to resolve tenants.

https://github.com/abpframework/abp-samples/tree/master/DomainTenantResolver#angular
0

alper created 3 years ago
Support Team Director

@kirtik we are not experienced on SSL issues. this is more like devops issue rather than ABP. maybe you can ask to experienced DevOps guys
0

ServiceBot created 3 years ago
Support Team Automatic process manager

This question has been automatically marked as stale because it has not had recent activity.

Have an answer to this question? Log in and write your answer.