Open Closed

How to bind the domain to microservice-pro template? #5987


User avatar
0
niall created

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

  • ABP Framework version: v7.3.2 commercial
  • UI Type: MVC
  • Database System: EF Core (MySQL.)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Exception message and full stack trace:
  • Steps to reproduce the issue:

I use the microservice-pro template, now i need to deployment them in my cloud.

i want to use console.mydomain.com access the web, use www.mydomain.com access the publicweb, use auth.mydomain.com access the authserver.

I saw the appsettings.json of every service, but i dont sure which filed should bind the domain, i try modify some fields, but throw exceptions :(

AuthServer/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8000",
    "CorsOrigins": "*",
    "RedirectAllowedUrls": "http://10.1.100.11:8000",
    "DisablePII": "false"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
 }

IdentityService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8001",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
}

AdministrationService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8002",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  "RemoteServices": {
    "AbpIdentity": {
      "BaseUrl": "http://10.1.100.11:8001/",
      "UseCurrentAccessToken": "false"
    }
  },
  "IdentityClients": {
    "Default": {
      "GrantType": "client_credentials",
      "ClientId": "AdministrationService",
      "ClientSecret": "1q2w3e*",
      "Authority": "http://10.1.100.11:8000",
      "Scope": "IdentityService",
      "RequireHttps": "false",
      "ValidateIssuerName": "false",
      "ValidateEndpoints ": "false"
    }
  },
  ...
}

SaasService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8003",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
  }

WebGateway/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8080",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger",
    ...
    }
    ...
}

WebGateway/ocelot.json

{
  "GlobalConfiguration": {
    "BaseUrl": "http://10.1.100.11:8080"
  },
  "Routes": [
    {
      "ServiceKey": "Account Service",
      "ServiceDns": "http://10.1.100.11:8000",
      "DownstreamPathTemplate": "/api/account/{everything}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "10.1.100.11",
          "Port": 8000
        }
      ],
      "UpstreamPathTemplate": "/api/account/{everything}",
      "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ]
    },
    ...
    ]
}

Web/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8081"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "ClientId": "Web",
    "ClientSecret": "1q2w3e*",
    "IsOnK8s": "false",
    "MetaAddress": "http://10.1.100.11:8000",
  },
  "RemoteServices": {
    "Default": {
      "BaseUrl": "http://10.1.100.11:8080"
    }
  },
  ...
 }

14 Answer(s)
  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    This has nothing to do with ABP.

    You should use a DNS provider to resolve your domain name.

    • https://www.cloudflare.com/learning/dns/what-is-dns/
  • User Avatar
    0
    niall created

    I add a route in gateway, redirect the console.mydomain.com to 10.1.100.11:8081, if i use browser to access console.mydomain.com, the microservice-pro/Web will open the auth page, but the uri is 10.1.100.11:8000, this url is in lan not wlan.

    I need let the microservice-pro/Web open auth.mydomain.com when click login. and the auth page return to console.mydomain.com after auth success.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    You should use the internal URL in the gateway config.

    They should be set as public URL when deployed to production.

    For example:

    https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml

  • User Avatar
    0
    niall created

    Hi,

    If every service need a public URL, I think it is a terrible design.

    I need use reverse proxy access the auth, web, webgateway. and them need redirect to the correct public domainname. other times, each services use lan ip to communicate. like this:

    I split my question, the first one:

    If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    If every service need a public URL, I think it is a terrible design

    It's up to you. you can use the internal URL for the service.

    If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?

    I think it's clear, you can see everything you need here:

    https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml

  • User Avatar
    0
    niall created

    Hi,

    If every service need a public URL, I think it is a terrible design

    It's up to you. you can use the internal URL for the service.

    If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?

    I think it's clear, you can see everything you need here:

    https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml

    Hi, thank you for reply.

    Yes, it is clear for k8s, and I believe it works fine.

    but i run all services at a single windows machine, so i can't use a public or internal URL for every services, just use ip:port to communicate in lan and use reverse proxy bind domainname to my auth,web and publicweb.

    Is there somethings references about use reverse proxy, like as nginx?

  • User Avatar
    0
    niall created

    Haa, I found it.

    https://github.com/abpframework/eShopOnAbp/blob/main/etc/docker/docker-compose.yml

    I try it now.

  • User Avatar
    0
    niall created

    Hi,

    My web will redirect to the login page if not authenticated.

    Web/Pages/Index.html

    public class IndexModel : AbpPageModel
    {
        public ActionResult OnGet()
        {
            if (Request.Query["ex"] == "yes")
            {
                throw new DivideByZeroException("This is a test exception!");
            }
        
            if (!CurrentUser.IsAuthenticated)
            {
                return Redirect("~/Account/Login");
            }
            else
            {
                return Page();
            }
        }
    }
    

    and it open this url

    http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

    Can I construct this url myself?

    By the way, I use the microservice-pro template.

  • User Avatar
    0
    niall created

    Hi,

    My web will redirect to the login page if not authenticated.

    Web/Pages/Index.html

    public class IndexModel : AbpPageModel
    {
        public ActionResult OnGet()
        {
            if (Request.Query["ex"] == "yes")
            {
                throw new DivideByZeroException("This is a test exception!");
            }
        
            if (!CurrentUser.IsAuthenticated)
            {
                return Redirect("~/Account/Login");
            }
            else
            {
                return Page();
            }
        }
    }
    

    and it open this url

    http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

    Can I construct this url myself?

    By the way, I use the microservice-pro template.

  • User Avatar
    0
    niall created

    Hi,

    My web will redirect to the login page if not authenticated.

    Web/Pages/Index.html

    public class IndexModel : AbpPageModel
    {
        public ActionResult OnGet()
        {
            if (Request.Query["ex"] == "yes")
            {
                throw new DivideByZeroException("This is a test exception!");
            }
        
            if (!CurrentUser.IsAuthenticated)
            {
                return Redirect("~/Account/Login");
            }
            else
            {
                return Page();
            }
        }
    }
    

    and it open this url

    http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

    Can I construct this url myself?

    By the way, I use the microservice-pro template.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Can I construct this url myself?

    Sorry, I didn't get it. could you explain it in detail?

  • User Avatar
    0
    niall created

    OK,

    1. Run WebHost at http://localhost:8081
    2. Run AuthServer at http://localhost:8000
    3. Access WebHost(http://localhost:8081) from Browser.
    4. Click login
    5. the Browser auto redirect to http://localhost:8000/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Flocalhost:8081%252Fsignin-oidc%26response_type....

    I want to modify this url, replace some parameters and sign it.

  • User Avatar
    0
    liangshiwei created
    Support Team Fullstack Developer

    Hi,

    These are the standard OIDC parameters, and I don't recommend you change them.

    Anyway, You can change it in the following:

    context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
    {
    
        var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
        options.Events.OnRedirectToIdentityProvider = async ctx =>
        {
            ctx.ProtocolMessage.IssuerAddress = "...../connect/authorize";
            //...
    
            if (previousOnRedirectToIdentityProvider != null)
            {
                await previousOnRedirectToIdentityProvider(ctx);
            }
        };
    });
    
  • User Avatar
    0
    niall created

    Yes, I need this, Thank you ~~

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09