Open Closed

Multi tenancy URL configuration with tired architecture. #8439


User avatar
0
Anjaneyulu created
  • ABP Framework version: v8.3.3
  • UI Type: MVC
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:
    1. Currently i have my server with using ABP framework which in not Tiered(No seperate auth server and api Host)
  • I able to configure multitenancy using *.myproduct.com
  • But now i want to move to tired architecture and im confused about handling multi tenenacy. And how does tenant url be formatted?

Should i take three different certiifcate like *.apimyproduct.com , *.authmyproduct.com etc.

Can you help us what should be the preffered way to host the applications in the multi tenant context.


5 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Should i take three different certiifcate like *.apimyproduct.com , *.authmyproduct.com etc.

    HTTPS certificate supports wildcard. You can use one certificate for multiple domains.

    eg: https://github.com/abpframework/abp-samples/tree/master/DomainTenantResolver

  • User Avatar
    0
    Anjaneyulu created

    I have configured the widl card i.e., *.xyz.com to my server as follows

    API Host - api.xyz.com AuthServer - auth.xyz.com WebServer - web.xyz.com

    I have observerd two issues here

    1. When add tenant lets say 'test1' - I couldn't login to test1.web.xyz.com as the openid client credentials are not created in the tenant ,so it is redirecting to auth.xyz.com rather than t1.auth.xyz.com
    2. Also when i do t1.web.xyz.com the certificate is showing invalid certificate but it is showing as valid certificate for web.xyx.com
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    openid client credentials are not created in the tenant

    The openiddict application/client should always store on Host database.

    showing invalid certificate but it is showing as valid certificate for web.xyx.com

    Your HTTPS certification should contain the *.web.xyx.com.

    acme.sh --issue --dns dns_cf -d getabp.net -d '*.getabp.net' -d '*.api.getabp.net' -d '*.ids.getabp.net' -d '*.ng.getabp.net' -d '*.web.getabp.net'

  • User Avatar
    0
    Anjaneyulu created

    hi

    openid client credentials are not created in the tenant

    The openiddict application/client should always store on Host database.

    Tommorow if i create a tenant for customer, Should i not give the tenant admin provision to add openid applications/clients ??

    showing invalid certificate but it is showing as valid certificate for web.xyx.com

    Your HTTPS certification should contain the *.web.xyx.com.

    Rather than having multilevel subdomains, if i use three certificates for api,authserver and web and create a tenant test, will abp support test.api.com -> test.authserver.com -> test.web.com tenant resolution?

    acme.sh --issue --dns dns_cf -d getabp.net -d '*.getabp.net' -d '*.api.getabp.net' -d '*.ids.getabp.net' -d '*.ng.getabp.net' -d '*.web.getabp.net'

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    Tommorow if i create a tenant for customer, Should i not give the tenant admin provision to add openid applications/clients ??

    The Tenant usually doesn't to maintain the OAuth2 applications/clients. This is the default design.

    Rather than having multilevel subdomains, if i use three certificates for api,authserver and web and create a tenant test, will abp support test.api.com -> test.authserver.com -> test.web.com tenant resolution?

    The HTTPS certificates are unrelated to abp. abp framework support resolves tenant from URL.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 26, 2024, 06:07