docker-compose.infrastructure.yml
and the docker-compose.infrastructure.override.yml
to setup the infra.
I've built the applications into docker images using the provided build-images.ps1
file.
In addition using the tye.yaml
file as a reference, I have also created one more docker-compose.yml
for deploying the backend services. I also have an internal SSL certificate to run HTTPS.
I am able to bring up the services and am able to run the Angular application, but once I click on login in the Angular app, it takes me to the Authserver login page and after entering the correct credentials, it redirects me back to the Angular app, but it doesn't log me in. I had faced similar issue after upgrading to 8.2.0 which was resolved by adding some additional Microsoft nuget packages. I applied the same fix here as well but no luck.I think the issue is with the way in which I have setup communication between the containers on the internal network. I have tried all different possibilities, but am still not able to resolve this issue.
From what I can observe, I see 3 WARNs in the logs.
In AuthServer log:
2024-07-24 16:31:03 [11:01:03 WRN] Could not find a session with ID: cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4
2024-07-24 16:31:03 [11:01:03 WRN] SessionId(cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4) not found for user: a2fa870a-428f-036b-123a-3a13e61d8eab, log out.
In AdministrationService log:
2024-07-24 16:31:05 [11:01:05 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.
2024-07-24 16:31:05 [11:01:05 INF] Failed to validate the token.
2024-07-24 16:31:05 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
This is my docker-compose.yml
file
name: caliber-test
services:
authserver:
container_name: authserver
image: caliber/app-authserver:latest
ports:
- 44322:44322
environment:
- ASPNETCORE_URLS=http://+:44321;https://+:44322
- App__SelfUrl=https://test01.aurelius.com:44322
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325,https://administration-service:44367,https://identity-service:44388,https://saas-service:44381
- App__RedirectAllowedUrls=https://test01.aurelius.com:4200
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- OpenIddict__Applications__Angular__RootUrl=https://test01.aurelius.com:4200/
- OpenIddict__Applications__WebGateway__RootUrl=https://test01.aurelius.com:44325/
- OpenIddict__Resources__AccountService__RootUrl=https://test01.aurelius.com:44322
- OpenIddict__Resources__AdministrationService__RootUrl=https://test01.aurelius.com:44367
- OpenIddict__Resources__IdentityService__RootUrl=https://test01.aurelius.com:44388
- OpenIddict__Resources__SaasService__RootUrl=https://test01.aurelius.com:44381
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
administration-service:
container_name: administration-service
image: caliber/service-administration:latest
environment:
- ASPNETCORE_URLS=http://+:44366;https://+:44367
- App__SelfUrl=https://test01.aurelius.com:44367
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- IdentityClients__Default__Authority=http://authserver:44321
- IdentityClients__Default__ClientId=AdministrationService
- IdentityClients__Default__ClientSecret=1q2w3e*
- IdentityClients__Default__GrantType=client_credentials
- IdentityClients__Default__RequireHttps=false
- IdentityClients__Default__Scope=IdentityService
- IdentityClients__Default__ValidateEndpoints=true
- IdentityClients__Default__ValidateIssuerName=true
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- RemoteServices__AbpIdentity__BaseUrl=http://identity-service:44387/
- RemoteServices__AbpIdentity__UseCurrentAccessToken=false
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
identity-service:
container_name: identity-service
image: caliber/service-identity:latest
environment:
- ASPNETCORE_URLS=http://+:44387;https://+:44388
- App__SelfUrl=https://test01.aurelius.com:44388
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
saas-service:
container_name: saas-service
image: caliber/service-saas:latest
environment:
- ASPNETCORE_URLS=http://+:44380;https://+:44381
- App__SelfUrl=https://test01.aurelius.com:44381
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
web-gateway:
container_name: web-gateway
image: caliber/gateway-web:latest
ports:
- 44325:44325
environment:
- ASPNETCORE_URLS=https://+:44325
- App__SelfUrl=https://test01.aurelius.com:44325
- App__CorsOrigins=https://test01.aurelius.com:4200
- AuthServer__Authority=https://test01.aurelius.com:44322
- AuthServer__MetadataAddress=http://authserver:44321
- AuthServer__RequireHttpsMetadata=false
- ElasticSearch__Url=http://elasticsearch:9200
- Redis__Configuration=redis:6379
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
- ../gateways/web/yarp.json:/app/yarp.json:ro
networks:
- caliber.test-network
networks:
caliber.test-network:
external: true
And this is how I have modified the yarp.json
file in the web-gateway:
...
"Clusters": {
"AuthServer": {
"Destinations": {
"AuthServer": {
"Address": "http://authserver:44321/"
}
}
},
"Administration": {
"Destinations": {
"Administration": {
"Address": "http://administration-service:44366/"
}
}
},
"Identity": {
"Destinations": {
"Identity": {
"Address": "http://identity-service:44387/"
}
}
},
"Saas": {
"Destinations": {
"Saas": {
"Address": "http://saas-service:44380/"
}
}
}
}
...
As per my understanding, only the authserver and the web-gateway need to run on HTTPS exposed to the external network and the gateway talks to the 3 microservices over HTTP.
I've tried out all possibilities and am not able to resolve this.
Request you to please check this out and guide.
Regards, Chandrahas
P.S. I wanted to attach the complete logs, but there isn't an option here to do it. Let me know if there is another way to send the logs.