How to bind the domain to microservice-pro template? #5987 | Support

niall created one year ago

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

ABP Framework version: v7.3.2 commercial
UI Type: MVC
Database System: EF Core (MySQL.)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:

I use the microservice-pro template, now i need to deployment them in my cloud.

i want to use console.mydomain.com access the web, use www.mydomain.com access the publicweb, use auth.mydomain.com access the authserver.

I saw the appsettings.json of every service, but i dont sure which filed should bind the domain, i try modify some fields, but throw exceptions :(

AuthServer/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8000",
    "CorsOrigins": "*",
    "RedirectAllowedUrls": "http://10.1.100.11:8000",
    "DisablePII": "false"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
 }

IdentityService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8001",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
}

AdministrationService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8002",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  "RemoteServices": {
    "AbpIdentity": {
      "BaseUrl": "http://10.1.100.11:8001/",
      "UseCurrentAccessToken": "false"
    }
  },
  "IdentityClients": {
    "Default": {
      "GrantType": "client_credentials",
      "ClientId": "AdministrationService",
      "ClientSecret": "1q2w3e*",
      "Authority": "http://10.1.100.11:8000",
      "Scope": "IdentityService",
      "RequireHttps": "false",
      "ValidateIssuerName": "false",
      "ValidateEndpoints ": "false"
    }
  },
  ...
}

SaasService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8003",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
  }

WebGateway/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8080",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger",
    ...
    }
    ...
}

WebGateway/ocelot.json

{
  "GlobalConfiguration": {
    "BaseUrl": "http://10.1.100.11:8080"
  },
  "Routes": [
    {
      "ServiceKey": "Account Service",
      "ServiceDns": "http://10.1.100.11:8000",
      "DownstreamPathTemplate": "/api/account/{everything}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "10.1.100.11",
          "Port": 8000
        }
      ],
      "UpstreamPathTemplate": "/api/account/{everything}",
      "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ]
    },
    ...
    ]
}

Web/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8081"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "ClientId": "Web",
    "ClientSecret": "1q2w3e*",
    "IsOnK8s": "false",
    "MetaAddress": "http://10.1.100.11:8000",
  },
  "RemoteServices": {
    "Default": {
      "BaseUrl": "http://10.1.100.11:8080"
    }
  },
  ...
 }

14 Answer(s)

0
liangshiwei created one year ago
Support Team Fullstack Developer
Hi,

This has nothing to do with ABP.

You should use a DNS provider to resolve your domain name.

https://www.cloudflare.com/learning/dns/what-is-dns/
0

niall created one year ago

I add a route in gateway, redirect the console.mydomain.com to 10.1.100.11:8081, if i use browser to access console.mydomain.com, the microservice-pro/Web will open the auth page, but the uri is 10.1.100.11:8000, this url is in lan not wlan.

I need let the microservice-pro/Web open auth.mydomain.com when click login. and the auth page return to console.mydomain.com after auth success.
0

liangshiwei created one year ago
Support Team Fullstack Developer

You should use the internal URL in the gateway config.

They should be set as public URL when deployed to production.

For example:

https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml
0

niall created one year ago

Hi,

If every service need a public URL, I think it is a terrible design.

I need use reverse proxy access the auth, web, webgateway. and them need redirect to the correct public domainname. other times, each services use lan ip to communicate. like this:

I split my question, the first one:

If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?
0

liangshiwei created one year ago
Support Team Fullstack Developer

Hi,

If every service need a public URL, I think it is a terrible design

It's up to you. you can use the internal URL for the service.

If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?

I think it's clear, you can see everything you need here:

https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml
0

niall created one year ago

Hi,

If every service need a public URL, I think it is a terrible design

It's up to you. you can use the internal URL for the service.

If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?

I think it's clear, you can see everything you need here:

https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml

Hi, thank you for reply.

Yes, it is clear for k8s, and I believe it works fine.

but i run all services at a single windows machine, so i can't use a public or internal URL for every services, just use ip:port to communicate in lan and use reverse proxy bind domainname to my auth,web and publicweb.

Is there somethings references about use reverse proxy, like as nginx?
0

niall created one year ago

Haa, I found it.

https://github.com/abpframework/eShopOnAbp/blob/main/etc/docker/docker-compose.yml

I try it now.
0
niall created one year ago
Hi,

My web will redirect to the login page if not authenticated.

Web/Pages/Index.html

public class IndexModel : AbpPageModel { public ActionResult OnGet() { if (Request.Query["ex"] == "yes") { throw new DivideByZeroException("This is a test exception!"); } if (!CurrentUser.IsAuthenticated) { return Redirect("~/Account/Login"); } else { return Page(); } } }

and it open this url

http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

Can I construct this url myself?

By the way, I use the microservice-pro template.
0
niall created one year ago
Hi,

My web will redirect to the login page if not authenticated.

Web/Pages/Index.html

public class IndexModel : AbpPageModel { public ActionResult OnGet() { if (Request.Query["ex"] == "yes") { throw new DivideByZeroException("This is a test exception!"); } if (!CurrentUser.IsAuthenticated) { return Redirect("~/Account/Login"); } else { return Page(); } } }

and it open this url

http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

Can I construct this url myself?

By the way, I use the microservice-pro template.
0
niall created one year ago
Hi,

My web will redirect to the login page if not authenticated.

Web/Pages/Index.html

public class IndexModel : AbpPageModel { public ActionResult OnGet() { if (Request.Query["ex"] == "yes") { throw new DivideByZeroException("This is a test exception!"); } if (!CurrentUser.IsAuthenticated) { return Redirect("~/Account/Login"); } else { return Page(); } } }

and it open this url

http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

Can I construct this url myself?

By the way, I use the microservice-pro template.
0

liangshiwei created one year ago
Support Team Fullstack Developer

Can I construct this url myself?

Sorry, I didn't get it. could you explain it in detail?
0
niall created one year ago
OK,

Run WebHost at http://localhost:8081

Run AuthServer at http://localhost:8000

Access WebHost(http://localhost:8081) from Browser.

Click login

the Browser auto redirect to http://localhost:8000/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Flocalhost:8081%252Fsignin-oidc%26response_type....

I want to modify this url, replace some parameters and sign it.

liangshiwei created one year ago

Support Team Fullstack Developer

Hi,

These are the standard OIDC parameters, and I don't recommend you change them.

Anyway, You can change it in the following:

context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
{

    var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
    options.Events.OnRedirectToIdentityProvider = async ctx =>
    {
        ctx.ProtocolMessage.IssuerAddress = "...../connect/authorize";
        //...

        if (previousOnRedirectToIdentityProvider != null)
        {
            await previousOnRedirectToIdentityProvider(ctx);
        }
    };
});

0

niall created one year ago

Yes, I need this, Thank you ~~

Have an answer to this question? Log in and write your answer.