Hi liangshiwei,
Finally was able to get it working.
After adding the ValidIssuers, I got one more exception IDX10500: Signature validation failed. No security keys were provided to validate the signature.
But I found out that similar issue was posted on GitHub and user wangyue20075 provided a solution in his comment.
I still don't understand how this is working when it is being run locally but is failing when I deploy it using Docker Compose.
Thanks for your support!
4220 is the port of the AdministrationService, not the AuthServer. Shouldn't the AuthServer be the issuer of the token?
Also, if I do this for AdministrationService, I'll have to do the same for all other services as well.
Shouldn't we instead fix the place where ValidIssuers is getting populated?
Something like this in JwtBearerConfigurationHelper?
context.Services.AddAuthentication(JwtBearerDefaults.AuthenticationScheme)
.AddAbpJwtBearer(options =>
{
options.Authority = configuration["AuthServer:Authority"];
options.RequireHttpsMetadata = configuration.GetValue<bool>("AuthServer:RequireHttpsMetadata");
options.Audience = audience;
options.TokenValidationParameters.ValidIssuer = configuration["AuthServer:Authority"];
});
Hi @liangshiwei,
I applied the middleware and checked the headers. They look fine to me:
2024-07-26 11:55:30 [06:25:30 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - null null
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept: application/json, text/plain, */*----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Accept-Language: en----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: traceparent: 00-db6439da47a5f9a3a68c416e9ca0df42-991e3a84d77fd408-00----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-site: same-site----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-mode: cors----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: sec-fetch-dest: empty----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: priority: u=1, i----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-correlation-id: e28192efa89942d3b91d4fb3fe66cc75----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
2024-07-26 11:55:30 [06:25:30 INF] ----------Request header: x-forwarded-proto: https----------
2024-07-26 11:55:31 [06:25:31 INF] CORS policy execution successful.
2024-07-26 11:55:31 [06:25:31 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:31 [06:25:31 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationRequestOptions) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
2024-07-26 11:55:34 [06:25:34 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
2024-07-26 11:55:35 [06:25:35 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 3115.8941ms
2024-07-26 11:55:35 [06:25:35 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:35 [06:25:35 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 4779.9261ms
2024-07-26 11:55:35 [06:25:35 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-localization?cultureName=en&onlyDynamics=false - null null
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept: application/json, text/plain, */*----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Accept-Language: en----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: traceparent: 00-b696772ca4486b51c742f9c99f0518cd-64f4727199b68749-00----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-site: same-site----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-mode: cors----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: sec-fetch-dest: empty----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: priority: u=1, i----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-correlation-id: dc7508954b15423ea1e5ec66a3e3fd55----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
2024-07-26 11:55:35 [06:25:35 INF] ----------Request header: x-forwarded-proto: https----------
2024-07-26 11:55:35 [06:25:35 INF] CORS policy execution successful.
2024-07-26 11:55:35 [06:25:35 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:35 [06:25:35 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationLocalization", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationRequestDto) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController (Volo.Abp.AspNetCore.Mvc).
2024-07-26 11:55:36 [06:25:36 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationLocalizationDto'.
2024-07-26 11:55:36 [06:25:36 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 865.8153ms
2024-07-26 11:55:36 [06:25:36 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationLocalizationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:55:36 [06:25:36 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-localization?cultureName=en&onlyDynamics=false - 200 null application/json; charset=utf-8 904.8717ms
2024-07-26 11:56:19 [06:26:19 INF] Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - null null
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept: application/json, text/plain, */*----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Host: iitvdi-01.aurelius.com:4220----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept-Encoding: gzip, deflate, br, zstd----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Accept-Language: en----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Authorization: Bearer eyJhbGciOiJSUzI1NiIsImtpZCI6IjNDQTIzRUFCODk2NzM4OEJGMThGMEY0ODkwODhFODZBMDM1RUU4RUQiLCJ4NXQiOiJQS0ktcTRsbk9JdnhqdzlJa0lqb2FnTmU2TzAiLCJ0eXAiOiJhdCtqd3QifQ.eyJpc3MiOiJodHRwczovL2lpdHZkaS0wMS5hdXJlbGl1cy5jb206NDIxMC8iLCJleHAiOjE3MjE5Nzg3NzgsImlhdCI6MTcyMTk3NTE3OCwiYXVkIjpbIkFjY291bnRTZXJ2aWNlIiwiSWRlbnRpdHlTZXJ2aWNlIiwiQWRtaW5pc3RyYXRpb25TZXJ2aWNlIiwiU2Fhc1NlcnZpY2UiXSwic2NvcGUiOiJvZmZsaW5lX2FjY2VzcyBvcGVuaWQgcHJvZmlsZSBlbWFpbCBwaG9uZSBBY2NvdW50U2VydmljZSBJZGVudGl0eVNlcnZpY2UgQWRtaW5pc3RyYXRpb25TZXJ2aWNlIFNhYXNTZXJ2aWNlIiwianRpIjoiZGRkMDAxODktYmU5Zi00YzI5LTk1OGYtZDAyNTYxNWNjZDIwIiwic3ViIjoiMjc0ZTRlNTEtMGI3ZS1jNTZiLTg4ZWItM2ExM2ZhNGJmMDY5Iiwic2Vzc2lvbl9pZCI6ImM1YmU3Mzc1LTQzMDYtNGQyOC05NDMxLWMzN2RlNTAzZGE0NCIsInVuaXF1ZV9uYW1lIjoiYWRtaW4iLCJvaV9wcnN0IjoiQW5ndWxhciIsIm9pX2F1X2lkIjoiMzA1NzAyNTMtZWRlMC03ZmIxLWJiMDctM2ExM2ZhN2YzMmRhIiwicHJlZmVycmVkX3VzZXJuYW1lIjoiYWRtaW4iLCJnaXZlbl9uYW1lIjoiYWRtaW4iLCJyb2xlIjoiYWRtaW4iLCJlbWFpbCI6ImFkbWluQGFicC5pbyIsImVtYWlsX3ZlcmlmaWVkIjoiRmFsc2UiLCJwaG9uZV9udW1iZXJfdmVyaWZpZWQiOiJGYWxzZSIsImNsaWVudF9pZCI6IkFuZ3VsYXIiLCJvaV90a25faWQiOiI1OTQ1YzdkNy00ZmRlLWZhNDItMjQ3NC0zYTEzZmZlNGRkZTYifQ.T3uwmWj_Li1X8WTxJDN9rmPXv3IhDJqn_vTWLLgd1f7usrPLspz4iw-hwWN6dsy5ySTBSCzwdKQLUS5TzmbBWDBy2UKDNwhkGxCdphHI4MuhFIetvtPBcZf7o6W6sgEjgoWkxCs1QJdbE6LCaE4zW2DhlmBg4ui_-4xYKkexhGNmMpztNIqSeSU-64gfECQyCHMBsxjWiIZrTqEkZEp4XfEpEDBXyvEz_VyhAxBpYvhOWNGfZuarYSX0Tm7eNZUKSUy4seD74RKozrlM53SroAT26Bo9oRjpDP_u9C6PL5PYVGpUt7R1wAaHuTcDDkWC23AlCSuIcxJ2A4IoCDYqIw----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Origin: https://iitvdi-01.aurelius.com:4200----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: Referer: https://iitvdi-01.aurelius.com:4200/----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: traceparent: 00-a702f850d9d803ccf7f8f442022f01c2-54e4309c0331a141-00----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua: "Not/A)Brand";v="8", "Chromium";v="126", "Google Chrome";v="126"----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua-mobile: ?0----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: X-Requested-With: XMLHttpRequest----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-ch-ua-platform: "Windows"----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-site: same-site----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-mode: cors----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: sec-fetch-dest: empty----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: priority: u=1, i----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-correlation-id: 43ab9156761a45f68515e05a1131336e----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-for: ::ffff:172.18.0.1----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-host: iitvdi-01.aurelius.com:4250----------
2024-07-26 11:56:19 [06:26:19 INF] ----------Request header: x-forwarded-proto: https----------
2024-07-26 11:56:19 [06:26:19 INF] CORS policy execution successful.
2024-07-26 11:56:19 [06:26:19 INF] Failed to validate the token.
2024-07-26 11:56:19 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
2024-07-26 11:56:19 at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuerAsync(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19 at Microsoft.IdentityModel.Tokens.Validators.ValidateIssuer(String issuer, SecurityToken securityToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19 at Microsoft.IdentityModel.Tokens.InternalValidators.ValidateAfterSignatureFailed(SecurityToken securityToken, Nullable`1 notBefore, Nullable`1 expires, IEnumerable`1 audiences, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19 at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignature(JsonWebToken jwtToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19 at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateSignatureAndIssuerSecurityKey(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19 at Microsoft.IdentityModel.JsonWebTokens.JsonWebTokenHandler.ValidateJWSAsync(JsonWebToken jsonWebToken, TokenValidationParameters validationParameters, BaseConfiguration configuration)
2024-07-26 11:56:19 [06:26:19 INF] Bearer was not authenticated. Failure message: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
2024-07-26 11:56:19 [06:26:19 INF] Executing endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:56:19 [06:26:19 INF] Route matched with {area = "abp", action = "Get", controller = "AbpApplicationConfiguration", page = ""}. Executing controller action with signature System.Threading.Tasks.Task`1[Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto] GetAsync(Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationRequestOptions) on controller Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController (Volo.Abp.AspNetCore.Mvc).
2024-07-26 11:56:19 [06:26:19 INF] Executing ObjectResult, writing value of type 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.ApplicationConfigurationDto'.
2024-07-26 11:56:19 [06:26:19 INF] Executed action Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc) in 231.1951ms
2024-07-26 11:56:19 [06:26:19 INF] Executed endpoint 'Volo.Abp.AspNetCore.Mvc.ApplicationConfigurations.AbpApplicationConfigurationController.GetAsync (Volo.Abp.AspNetCore.Mvc)'
2024-07-26 11:56:19 [06:26:19 INF] Request finished HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false - 200 null application/json; charset=utf-8 576.7826ms
I have a doubt however. In one of the referenced tickets you have mentioned:
validationParameters.ValidIssuer will be set as request.Scheme + Uri.SchemeDelimiter + host + request.PathBase
Is this set by some module in ABP Framework or will it be set by the .NET 8.0 or some other library?
I also see that the same request (Request starting HTTP/2 GET https://iitvdi-01.aurelius.com:4220/api/abp/application-configuration?includeLocalizationResources=false) is successful, but then called again, it is throwing an exception.
How and where should I add this middleware? Could you please provide some more info?
Hi @liangshiwei,
I checked those before and had added the ForwardedHeaders in Gateway project. Do I need to add them to all the projects?
docker-compose.infrastructure.yml and the docker-compose.infrastructure.override.yml to setup the infra.
I've built the applications into docker images using the provided build-images.ps1 file.
In addition using the tye.yaml file as a reference, I have also created one more docker-compose.yml for deploying the backend services. I also have an internal SSL certificate to run HTTPS.
I am able to bring up the services and am able to run the Angular application, but once I click on login in the Angular app, it takes me to the Authserver login page and after entering the correct credentials, it redirects me back to the Angular app, but it doesn't log me in. I had faced similar issue after upgrading to 8.2.0 which was resolved by adding some additional Microsoft nuget packages. I applied the same fix here as well but no luck.I think the issue is with the way in which I have setup communication between the containers on the internal network. I have tried all different possibilities, but am still not able to resolve this issue.
From what I can observe, I see 3 WARNs in the logs.
In AuthServer log:
2024-07-24 16:31:03 [11:01:03 WRN] Could not find a session with ID: cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4
2024-07-24 16:31:03 [11:01:03 WRN] SessionId(cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4) not found for user: a2fa870a-428f-036b-123a-3a13e61d8eab, log out.
In AdministrationService log:
2024-07-24 16:31:05 [11:01:05 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.
2024-07-24 16:31:05 [11:01:05 INF] Failed to validate the token.
2024-07-24 16:31:05 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.
This is my docker-compose.yml file
name: caliber-test
services:
authserver:
container_name: authserver
image: caliber/app-authserver:latest
ports:
- 44322:44322
environment:
- ASPNETCORE_URLS=http://+:44321;https://+:44322
- App__SelfUrl=https://test01.aurelius.com:44322
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325,https://administration-service:44367,https://identity-service:44388,https://saas-service:44381
- App__RedirectAllowedUrls=https://test01.aurelius.com:4200
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- OpenIddict__Applications__Angular__RootUrl=https://test01.aurelius.com:4200/
- OpenIddict__Applications__WebGateway__RootUrl=https://test01.aurelius.com:44325/
- OpenIddict__Resources__AccountService__RootUrl=https://test01.aurelius.com:44322
- OpenIddict__Resources__AdministrationService__RootUrl=https://test01.aurelius.com:44367
- OpenIddict__Resources__IdentityService__RootUrl=https://test01.aurelius.com:44388
- OpenIddict__Resources__SaasService__RootUrl=https://test01.aurelius.com:44381
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
administration-service:
container_name: administration-service
image: caliber/service-administration:latest
environment:
- ASPNETCORE_URLS=http://+:44366;https://+:44367
- App__SelfUrl=https://test01.aurelius.com:44367
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- IdentityClients__Default__Authority=http://authserver:44321
- IdentityClients__Default__ClientId=AdministrationService
- IdentityClients__Default__ClientSecret=1q2w3e*
- IdentityClients__Default__GrantType=client_credentials
- IdentityClients__Default__RequireHttps=false
- IdentityClients__Default__Scope=IdentityService
- IdentityClients__Default__ValidateEndpoints=true
- IdentityClients__Default__ValidateIssuerName=true
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- RemoteServices__AbpIdentity__BaseUrl=http://identity-service:44387/
- RemoteServices__AbpIdentity__UseCurrentAccessToken=false
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
identity-service:
container_name: identity-service
image: caliber/service-identity:latest
environment:
- ASPNETCORE_URLS=http://+:44387;https://+:44388
- App__SelfUrl=https://test01.aurelius.com:44388
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
saas-service:
container_name: saas-service
image: caliber/service-saas:latest
environment:
- ASPNETCORE_URLS=http://+:44380;https://+:44381
- App__SelfUrl=https://test01.aurelius.com:44381
- App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
- AuthServer__Authority=https://test01.aurelius.com:44322
- ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
- ElasticSearch__Url=http://elasticsearch:9200
- RabbitMQ__Connections__Default__HostName=rabbitmq
- Redis__Configuration=redis:6379
- StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
networks:
- caliber.test-network
web-gateway:
container_name: web-gateway
image: caliber/gateway-web:latest
ports:
- 44325:44325
environment:
- ASPNETCORE_URLS=https://+:44325
- App__SelfUrl=https://test01.aurelius.com:44325
- App__CorsOrigins=https://test01.aurelius.com:4200
- AuthServer__Authority=https://test01.aurelius.com:44322
- AuthServer__MetadataAddress=http://authserver:44321
- AuthServer__RequireHttpsMetadata=false
- ElasticSearch__Url=http://elasticsearch:9200
- Redis__Configuration=redis:6379
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
volumes:
- ../certs:/certs:ro
- ../gateways/web/yarp.json:/app/yarp.json:ro
networks:
- caliber.test-network
networks:
caliber.test-network:
external: true
And this is how I have modified the yarp.json file in the web-gateway:
...
"Clusters": {
"AuthServer": {
"Destinations": {
"AuthServer": {
"Address": "http://authserver:44321/"
}
}
},
"Administration": {
"Destinations": {
"Administration": {
"Address": "http://administration-service:44366/"
}
}
},
"Identity": {
"Destinations": {
"Identity": {
"Address": "http://identity-service:44387/"
}
}
},
"Saas": {
"Destinations": {
"Saas": {
"Address": "http://saas-service:44380/"
}
}
}
}
...
As per my understanding, only the authserver and the web-gateway need to run on HTTPS exposed to the external network and the gateway talks to the 3 microservices over HTTP.
I've tried out all possibilities and am not able to resolve this.
Request you to please check this out and guide.
Regards, Chandrahas
P.S. I wanted to attach the complete logs, but there isn't an option here to do it. Let me know if there is another way to send the logs.