Activities of "chandra.lk"

All Question Answer
Newest Oldest
Need help in deploying microservice template using docker-compose #7548
Question
  • ABP Framework version: v8.2.0
  • UI Type: Angular
  • Database System: EF Core (SQL Server)
  • Tiered (for MVC) or Auth Server Separated (for Angular): yes
  • Steps to reproduce the issue: I have created a microservice application with the commercial template and I'm trying to deploy the same using docker-compose on one of our internal test servers. It has 3 microservices, 1 web-gateway, 1 AuthServer and 1 Angular application. I'm using the existing docker-compose.infrastructure.yml and the docker-compose.infrastructure.override.yml to setup the infra. I've built the applications into docker images using the provided build-images.ps1 file. In addition using the tye.yaml file as a reference, I have also created one more docker-compose.yml for deploying the backend services. I also have an internal SSL certificate to run HTTPS. I am able to bring up the services and am able to run the Angular application, but once I click on login in the Angular app, it takes me to the Authserver login page and after entering the correct credentials, it redirects me back to the Angular app, but it doesn't log me in. I had faced similar issue after upgrading to 8.2.0 which was resolved by adding some additional Microsoft nuget packages. I applied the same fix here as well but no luck.

I think the issue is with the way in which I have setup communication between the containers on the internal network. I have tried all different possibilities, but am still not able to resolve this issue.

From what I can observe, I see 3 WARNs in the logs.

In AuthServer log:

2024-07-24 16:31:03 [11:01:03 WRN] Could not find a session with ID: cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4
2024-07-24 16:31:03 [11:01:03 WRN] SessionId(cdb5c4d8-d01a-4380-add2-ca9f17bb9ca4) not found for user: a2fa870a-428f-036b-123a-3a13e61d8eab, log out.

In AdministrationService log:

2024-07-24 16:31:05 [11:01:05 WRN] The cookie 'XSRF-TOKEN' has set 'SameSite=None' and must also set 'Secure'.
2024-07-24 16:31:05 [11:01:05 INF] Failed to validate the token.
2024-07-24 16:31:05 Microsoft.IdentityModel.Tokens.SecurityTokenInvalidIssuerException: IDX10204: Unable to validate issuer. validationParameters.ValidIssuer is null or whitespace AND validationParameters.ValidIssuers is null or empty.

This is my docker-compose.yml file

name: caliber-test
services:
  authserver:
    container_name: authserver
    image: caliber/app-authserver:latest
    ports:
      - 44322:44322
    environment:
      - ASPNETCORE_URLS=http://+:44321;https://+:44322
      - App__SelfUrl=https://test01.aurelius.com:44322
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325,https://administration-service:44367,https://identity-service:44388,https://saas-service:44381
      - App__RedirectAllowedUrls=https://test01.aurelius.com:4200
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - OpenIddict__Applications__Angular__RootUrl=https://test01.aurelius.com:4200/
      - OpenIddict__Applications__WebGateway__RootUrl=https://test01.aurelius.com:44325/
      - OpenIddict__Resources__AccountService__RootUrl=https://test01.aurelius.com:44322
      - OpenIddict__Resources__AdministrationService__RootUrl=https://test01.aurelius.com:44367
      - OpenIddict__Resources__IdentityService__RootUrl=https://test01.aurelius.com:44388
      - OpenIddict__Resources__SaasService__RootUrl=https://test01.aurelius.com:44381
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  administration-service:
    container_name: administration-service
    image: caliber/service-administration:latest
    environment:
      - ASPNETCORE_URLS=http://+:44366;https://+:44367
      - App__SelfUrl=https://test01.aurelius.com:44367
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - IdentityClients__Default__Authority=http://authserver:44321
      - IdentityClients__Default__ClientId=AdministrationService
      - IdentityClients__Default__ClientSecret=1q2w3e*
      - IdentityClients__Default__GrantType=client_credentials
      - IdentityClients__Default__RequireHttps=false
      - IdentityClients__Default__Scope=IdentityService
      - IdentityClients__Default__ValidateEndpoints=true
      - IdentityClients__Default__ValidateIssuerName=true
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - RemoteServices__AbpIdentity__BaseUrl=http://identity-service:44387/
      - RemoteServices__AbpIdentity__UseCurrentAccessToken=false
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  identity-service:
    container_name: identity-service
    image: caliber/service-identity:latest
    environment:
      - ASPNETCORE_URLS=http://+:44387;https://+:44388
      - App__SelfUrl=https://test01.aurelius.com:44388
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__IdentityService=Server=sql-server-db;Database=test_Identity;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  saas-service:
    container_name: saas-service
    image: caliber/service-saas:latest
    environment:
      - ASPNETCORE_URLS=http://+:44380;https://+:44381
      - App__SelfUrl=https://test01.aurelius.com:44381
      - App__CorsOrigins=https://test01.aurelius.com:4200,https://web-gateway:44325
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - ConnectionStrings__AdministrationService=Server=sql-server-db;Database=test_Administration;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ConnectionStrings__SaasService=Server=sql-server-db;Database=test_Saas;User Id=sa;password=myPassw0rd;MultipleActiveResultSets=true;TrustServerCertificate=True
      - ElasticSearch__Url=http://elasticsearch:9200
      - RabbitMQ__Connections__Default__HostName=rabbitmq
      - Redis__Configuration=redis:6379
      - StringEncryption__DefaultPassPhrase=fRKOy9bNW4W9PLME
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
    networks:
      - caliber.test-network
  web-gateway:
    container_name: web-gateway
    image: caliber/gateway-web:latest
    ports:
      - 44325:44325
    environment:
      - ASPNETCORE_URLS=https://+:44325
      - App__SelfUrl=https://test01.aurelius.com:44325
      - App__CorsOrigins=https://test01.aurelius.com:4200
      - AuthServer__Authority=https://test01.aurelius.com:44322
      - AuthServer__MetadataAddress=http://authserver:44321
      - AuthServer__RequireHttpsMetadata=false
      - ElasticSearch__Url=http://elasticsearch:9200
      - Redis__Configuration=redis:6379
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/certs/certificate.pfx
    volumes:
      - ../certs:/certs:ro
      - ../gateways/web/yarp.json:/app/yarp.json:ro
    networks:
      - caliber.test-network
networks:
  caliber.test-network:
    external: true

And this is how I have modified the yarp.json file in the web-gateway:

...
    "Clusters": {
      "AuthServer": {
        "Destinations": {
          "AuthServer": {
            "Address": "http://authserver:44321/"
          }
        }
      },
      "Administration": {
        "Destinations": {
          "Administration": {
            "Address": "http://administration-service:44366/"
          }
        }
      },
      "Identity": {
        "Destinations": {
          "Identity": {
            "Address": "http://identity-service:44387/"
          }
        }
      },
      "Saas": {
        "Destinations": {
          "Saas": {
            "Address": "http://saas-service:44380/"
          }
        }
      }
    }
...

As per my understanding, only the authserver and the web-gateway need to run on HTTPS exposed to the external network and the gateway talks to the 3 microservices over HTTP.

I've tried out all possibilities and am not able to resolve this.

Request you to please check this out and guide.

Regards, Chandrahas

P.S. I wanted to attach the complete logs, but there isn't an option here to do it. Let me know if there is another way to send the logs.

Showing 1 to 1 of 1 entries
Made with ❤️ on ABP v9.0.0-preview Updated on September 20, 2024, 08:30