Open Closed

Containerised Deployment - Docker Compose #790


User avatar
0
ihugo created
  • ABP Framework version: v4.0.2
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Seperated (Angular): yes

I have a tiered solution which createds 3 separate docker images

  1. Identity Server
  2. API
  3. Web Site

I have them running on 3 seperate VMs hosted behind an NGINX reverse proxy (4 VMs in total). My domain name points to the nginx server, which routes them 4 subdomains to their various components.

  1. identity.domain.com.au
  2. api.domain.com.au
  3. web.domain.com.au

The reverse proxy forces SSL infront of the proxy, but communicates over port 80 to the various site components. Both the Identity Server and API work perfectly and are able to login correctly and return data, but the website fails when I click the login button.

Initially it had compolained about an obscure microsoft issue relating to enforcing the scheme to be https for each request. I added the code as suggested by microsoft but it is still failing somewhere in the pipeline. Any ideas?


3 Answer(s)
  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    Hello @ihugo,

    It is probably related with IdentityServer published on http instead of https. IdentityServer must be deployed to https. Can you check issuer under /.well-known/openid-configuration?

    You can check here about how to set it.

    If that is not the case, can you share the logs under your Logs folder by executing into your container?

  • User Avatar
    0
    ihugo created

    This is a snippet of the identity server logs (formatted)

    First log entry When clicking the login button 2021-01-12 00:36:10.160 +00:00 [INF] Request starting HTTP/1.0 GET http://identityserver.mydomain.com.au/connect/authorize? client_id=ACME_Swagger &redirect_uri=https%3A%2F%2Fwebsite.mydomain.com.au%2Fsignin-oidc &response_type=code%20id_token &scope=openid%20profile%20role%20email%20phone%20ACME &response_mode=form_post &nonce=637460085700247970.NTdiZWFkNWYtMTY0MS00MjY2LWE1NjMtMGYyMmZiMWQwZDUxMjBmNmY2ODctZDEyZS00NDAwLTgzMTUtZjI1M2I4NjRkZGM1 &state=CfDJ8M1sREtLfp9HtU4hP4gPDTVW3bvsBw6HcSYKun2hru60z84PnY2jB9vcXp1WVS3_EyZ5AHhMmhrJGfe2jddyZiXdqhz6tDpEeIfbCOrP11N5K4waG_tB-mMulgdbjD0QefAy2RWJ8lJ1JbN8lH2Jj6HHa1eEhZPa7I8Yk254gCXPjTDZNcTUagetAY2YKlA2JE_CBOW9YGs9CALfTWRKAVVGLCFUdLRKIvBNfgZYnbF0IGyKDYgNEXwFAjRqJCNmiliche-k9EsbFSRij1LusJKpLCR1Wv2wTzoYt-mlDUOgFWIdHen0se_ymmr8iePo2hpCtrJ18Ng3SxkpJP_7ChM &x-client-SKU=ID_NETSTANDARD2_0 &x-client-ver=6.7.1.0 - -

    second log entry 2021-01-12 00:36:10.177 +00:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeEndpoint for /connect/authorize

    third log entry 2021-01-12 00:36:10.281 +00:00 [ERR] Invalid redirect_uri: https://website.mydomain.com.au/signin-oidc { "ClientId":"ACME_Swagger", "ClientName":"ACME_Swagger", "RedirectUri":null, "AllowedRedirectUris":["https://api.mydomain.com.au/swagger/oauth2-redirect.html","https://localhost:44358/swagger/oauth2-redirect.html"], "SubjectId":"anonymous", "ResponseType":null, "ResponseMode":null, "GrantType":null, "RequestedScopes":"", "State":null, "UiLocales":null, "Nonce":null, "AuthenticationContextReferenceClasses":null, "DisplayMode":null, "PromptMode":"", "MaxAge":null, "LoginHint":null, "SessionId":null, "Raw": { "client_id":"ACME_Swagger", "redirect_uri":"https://website.mydomain.com.au/signin-oidc", "response_type":"code id_token", "scope":"openid profile role email phone ACME", "response_mode":"form_post", "nonce":"637460085700247970.NTdiZWFkNWYtMTY0MS00MjY2LWE1NjMtMGYyMmZiMWQwZDUxMjBmNmY2ODctZDEyZS00NDAwLTgzMTUtZjI1M2I4NjRkZGM1", "state":"CfDJ8M1sREtLfp9HtU4hP4gPDTVW3bvsBw6HcSYKun2hru60z84PnY2jB9vcXp1WVS3_EyZ5AHhMmhrJGfe2jddyZiXdqhz6tDpEeIfbCOrP11N5K4waG_tB-mMulgdbjD0QefAy2RWJ8lJ1JbN8lH2Jj6HHa1eEhZPa7I8Yk254gCXPjTDZNcTUagetAY2YKlA2JE_CBOW9YGs9CALfTWRKAVVGLCFUdLRKIvBNfgZYnbF0IGyKDYgNEXwFAjRqJCNmiliche-k9EsbFSRij1LusJKpLCR1Wv2wTzoYt-mlDUOgFWIdHen0se_ymmr8iePo2hpCtrJ18Ng3SxkpJP_7ChM", "x-client-SKU":"ID_NETSTANDARD2_0", "x-client-ver":"6.7.1.0" }, "$type":"AuthorizeRequestValidationLog" }

    fourth log entry 2021-01-12 00:36:10.281 +00:00 [ERR] Request validation failed

  • User Avatar
    0
    gterdem created
    Senior .NET Developer

    third log entry 2021-01-12 00:36:10.281 +00:00 [ERR] Invalid redirect_uri: https://website.mydomain.com.au/signin-oidc { "ClientId":"ACME_Swagger", "ClientName":"ACME_Swagger", "RedirectUri":null, "AllowedRedirectUris":["https://api.mydomain.com.au/swagger/oauth2-redirect.html","https://localhost:44358/swagger/oauth2-redirect.html"], "SubjectId":"anonymous", "ResponseType":null, "ResponseMode":null, ...

    Your redirect uri doesn't match. You should add https://website.mydomain.com.au/signin-oidc to your redirect uri for that client.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 10, 2024, 06:38