From 263401128f9e29b16bf5a790f55591059aa04d1e Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Sat, 26 Sep 2020 15:35:59 +0100 Subject: [PATCH 1/7] webstatus, internal catalog, identity and webshoppingapigw working --- .gitignore | 7 ++++ .../certificates/create-docker-certificate.sh | 22 +++++++++++++ deploy/certificates/import-certificate.ps1 | 8 +++++ .../media/root-ca-import-warning.png | Bin 0 -> 15699 bytes .../Envoy/config/webshopping/envoy.yaml | 13 ++++++++ src/docker-compose.certificates.sample.yaml | 31 ++++++++++++++++++ src/docker-compose.override.yml | 6 ++-- src/start.ps1 | 8 +++++ 8 files changed, 93 insertions(+), 2 deletions(-) create mode 100644 deploy/certificates/create-docker-certificate.sh create mode 100644 deploy/certificates/import-certificate.ps1 create mode 100644 deploy/certificates/media/root-ca-import-warning.png create mode 100644 src/docker-compose.certificates.sample.yaml create mode 100644 src/start.ps1 diff --git a/.gitignore b/.gitignore index 2be2528096..483d813f24 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,13 @@ ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. +# docker-compose secrets +src/docker-compose.certificates.yml + +# local history +.history +.vshistory + # User-specific files *.suo *.user diff --git a/deploy/certificates/create-docker-certificate.sh b/deploy/certificates/create-docker-certificate.sh new file mode 100644 index 0000000000..f29edc1ce3 --- /dev/null +++ b/deploy/certificates/create-docker-certificate.sh @@ -0,0 +1,22 @@ +echo "creating base certificate (.pem) and private key (.key) files..." +openssl req \ + -x509 \ + -days 365 \ + -out docker-self-signed.pem \ + -keyout docker-self-signed.key \ + -newkey rsa:2048 -nodes -sha256 \ + -subj '/CN=localhost' \ + -extensions EXT \ + -config <( \ + printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName='DNS.1:localhost,DNS.2:host.docker.internal'\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") + +echo "printing text version..." +openssl x509 -in docker-self-signed.pem -text -noout > docker-self-signed.txt + +echo "generating certificate container file (.pfx)..." +openssl pkcs12 -export \ + -inkey docker-self-signed.key \ + -in docker-self-signed.pem \ + -out docker-self-signed.pfx \ + -name "Docker development certificate" \ + -password pass:$1 diff --git a/deploy/certificates/import-certificate.ps1 b/deploy/certificates/import-certificate.ps1 new file mode 100644 index 0000000000..c9f1a50134 --- /dev/null +++ b/deploy/certificates/import-certificate.ps1 @@ -0,0 +1,8 @@ +param ( + [Parameter(Mandatory = $true)] + [string]$Password +) + +$CertPassword = ConvertTo-SecureString -String "$Password" -Force -AsPlainText + +Import-PfxCertificate -Exportable -FilePath .\docker-self-signed.pfx -CertStoreLocation Cert:\CurrentUser\Root\ -Password $CertPassword diff --git a/deploy/certificates/media/root-ca-import-warning.png b/deploy/certificates/media/root-ca-import-warning.png new file mode 100644 index 0000000000000000000000000000000000000000..23fc2140b7bd6dd09236e66e6d9ca587b1e9e447 GIT binary patch literal 15699 zcmc(GWmH^Ev}HpC3y`3}9RdUhZUKV3yE~1$dlDqLJB_=$O9*a_JB@4O?l7J2d-G=2 zygxH*&8+!xyVtF*+f~)or_MQh?-QaRCyt7Yj|>0+P$eZqlmGy@RM_Q>2oG!V@PL-W z-r$^+#DxGAV8VUa&1;~btRMhT9fk5}_y%^5WG|uV1OT9Q|GnV)?TSnQfUkR!B7!RJ zdPg8DYu&koRdoGWs-+m~1qY-4c!pRtlQgM=;#Ue5g_$}5p%Zi@IliBu`!vXiUyP9@ z3MAh96~9e!W&4zZ1rmD46A@^!=*WY~q1XeE>r193?{i6)6w<8o##=a}ud&vwS=l&n zEq~&9NN*o&-sN}qIN5nY5L^Zd%<6f8oMsnxtB;RAE zIW&H$a+{iITuJc*WW_Rp6pM>E^2Z4A^;jyU}u zhNtY573cVP5l)tzuSV6uZH;Z)UApMjx;&h2&~gGH4QJp>VZ&+-p$o+Q;j)*3_atoP z-gLi>?u>TarN4m}r$VpEGuKJl&hG_6bOPeJ3aS!pxrzD=ni3tMaed0Q2?P3alPu|? zZ$(U1g0z<(&pL>1uDtEfw>j<1r<`r)o3dLew6xl)NrQF`7NTQse9o(F!YW@Z^=S1O zlX4>nJi(djOCShDmxw+rjNVasY5_8Z$H2s}ut22J$V$h=G^GbU%rV{!(zDf*Q3K2^5PZ(PiB`5KX9xyUF9uVdk{7m}?B@1aicyB$icuI*7y5V3{F5 zDh@BNH=kDMHu2a-V=3ViLkHi+K?zb|)tx9-j*d5t+wnLp*> zNeQi^)FPOS9U*w5VRGTmdY1P+jTXgAV=9S!yDS!Rgk0aQib6;7UT)+>Xv7dcoe)rx zby(HCdH2Hwv1 z2qa`e`N8BaWTLyz#&TH+e`haugX3Yr+)+pc9#F@Hy=r|fT;OQ&xTUu~(UVJ`A^*XP zX1;$sU|(eN&ZLIsr0u@eYr#KZQ_! zn&hltmZJ?*^LW}azheSqNhW*AIL#F!(tj*x{*&dUgb zu`YKykwzayZ{GfBtA)4`!&QnC)ZVA8TkY3pzYb3gPo{hr2_U@q#S0&cnVES?NYZ;N zKWoUwDARbmmD=(Swr`kW`tPjqKU5CoZg(QP@5Q%O9`||dgfk7m7Tny-y_6)GC!R}Q50Vwv*I#|~zBioIV)n^0w$vB4Gdu{^ zcS*n33Zs1kkf`=~xHcLCr@j*4knVh~;Z%Sg)km@l2hd8!aR6@6SAHLS8fzE`zP~SJ z^;PE~x2uH%FvwX!tYL;~Q#U_K4FF8T{ii8@2mGh$lK!<^c(~(tfcJ>@K!E=@|G!oX z|NpzI(8cn?(9qB_%6qk7Dl#U6D6o^*I!*R$HS-R*c? zTy!!f4bwI92i-)-$eih=32@*Y`PJy}REP&f#Yep>b@no3%gjjqh)?M1LVXT0Hnw$PAUj@E6E2ViHT||UXVF!BOQB3z zhhLDPmUJl+1c5}Eia%jJziEm-`|n=p4{>0Zy z8-qps^Nr)5+yH;N!my_HghDH}DXb8+j(D72$*6JHfMrcqTaGc1*UeGmn48G1*U5d@ z!vomW`!cWLNB?#tlQL{HBef2!sMmM+9$Qg?4;tD1aFa!WZhvK@2c&_Y!o z#qj$?j~*Qn7Z)q5I)=wv{qAa}FeLt~3KlD+L3szo3j9~CLDbh~e9~v{DAPuUHl8J} zhuvj?@3hn7=e=#(L7vra)pI4}wSKz>Y;{)tXe?4(kor2>cPX!&(PH0gxVZJ%0e18j zs@AWy6QBDlvQciXn3jF!R#!0Ey{{p|C!H@HB`WAU$)#{Sq-aN>mFmPJ+l+UgavZx8 zbNntvn(Gb}f*;(QO1`UbLf=iz2#-FLuGf91ouw!}27}YNo%SakfxFtgZiI2%tuKT5 z3Fyz>2eVP_kLQF(s3{AGWu@}ovN<6k9hB#$lZN&*bLTiA4Joyx^1`YfzK_wz?bHd6 z?xL!KFMAW!WUDS*WAJDx3Caya?7G-oj+QI>zR)U5>9juzCx%mcWfi=w9v6Mf%cXA1 z4r4)9e$|_9wql&*&$yyD-k13i+nAiT*KHTqyg5e3ANd`~%JpFwUM3IX`$qYuV2AxVNcg9dyyD95E{PjG9V-6ABBOKZA0h?vDuR1T za_2-4PC`XlHZ%8R$Bd1=zLfXJkJp_Zv?6I>U@? zbWEMiG~#gsx0B25xQ~Ir*WqMmg5>3J;_i-@r$vp!4thVA`Le&j`UJ}4^4wfR=zM6+ z+=oJyPyv7}>IS>jj?mg#6kNu~>&BB+mz%zfgVlxSfzc#=kHcv@j**WWUJnqaU*jf9zSC{5GneH!c z)2j=#U9R_r?Y8D@o9|x--|NvoZCU+n_1m2;PEutB0E!Y+9e~5b!?m?c0_Ou1VI*H4 zLWoYpIFB`2CTi=vw>Nsja2a*ly!Vyr+CD;b7F_$K`mgq-f%+PBH*8;`F#%Qln%Hix z_m}(HcC8Pbl>&Yzi7!q|HfcG%5sKVeEgn~ocj%0|_x7fDW;CN<92~X87UH(u!=+B1 z$H8EJZcaB(Q&Z7;yRTD&d&}@AF_Q}PcUmPHPP~+Q9qL#;48=lis+9ixh5EVLXrfRP zMe6|uktN!9_`;izg#>za--|w8biT{Adbelq{_eS)KxN(MC}$1 zSB4lb?dImHBk(rEHc682J+RSw<+_i+?$d{I2^Z$}so*Q|56)&s5i;*XkiKUKaBy?6 z6bVp3Nqo#s*VeV#Wyv73Rx&Ia@@y-h_RGoDo9koGqnS?Mwc|{Yu*Qnd&LW(NNleau zr_T#>dc01@%dK;jx|$uXru&nBHm-Wp=5mNgbZ@gR^^ZGWa)EkY#)gK1lC;S3j}C{9h+r=AW7#bAwOW+Z$^zSs;l>zAq^ zF|=zq8Q|X>yGeQ<2ZJ3*B zt6au)516+(nRD5x2jXZ=6e9D#*rXJYI^!RL!I=VnNB2fExzlG zoQ&zZP0s6+fj71~0&drbUcT* z-;7^v>Kjf6lgr_^CcFo3VF8>3)Ffu~N8UVgbg~0`YXJfyBsB_6J*zfy6Yr&srFvg` zbPM3iQg^b*Ycq8#1kD?%D33@>8`lOqw>MeQ|6(gdl6SJf+#1H}c5vg=U}BpDF)%T` z90CPat2g89MxOh1Gu@w|3xNcP9WanWYn&VaLNL249jeL=TYBIY4q4mf4{pEG10r(`-7}HNbt3S?M2IxJIXF8=u zYaXuMZLqL64eH6mX4`(&M<6}SSJ}zoBtQ4Eyxd;Xgq4t#V@^fKBo5J?m|ZHCx+&0Z zv{|mI&Kgl9- zM|-Zx_M+89?6a>gw)%1-y?XzIEB>+&b-YKn+J;wNCPF`ac$kQj+uHDX)%PkmN&n@! zmtJ}o3{n;fi$?3&mVlVOajz9fOG}mZV!bv}3S4KJveEYz=irl*jJ13EjRkQ*@)Nr$ ztcfJ!b#7KTbWqjsQGKtytf2R#8i}26w@Ffi{Wa4j?(^xPHQ&S+x9c0fm#~O5{`+;W zF+ZcJGgJcgTRq2=7sZ^m_b!ZL(!&##V`2i_&FfDn6N$1DLqD2Ub#k;-uFX-xCfXaB zR&PgNT3jw>l?!*`$3w>l6VQ4Xh}S?__Ib8KSlksMA)32wd9`wotMS8}IzOd8k~kq= z@rQ-95MEiNsBfcVc}Xmk!jY&MWOGs2)JGrEJ~|o-dk9zZDc-8}g{SC9Rk z<-MMdfUrGe9a~fz(h;15;I-dh2i-LCL7ZMXT6Z13mb1Ddn=CSa5yfl!+AKI-L5X3ZI-{iv~XTKThE_{cqQ_VJzWKv z8y;U)?jNfn+o|4S{s`B6yJ`YfJCl*|9$WW;u6`bwBhjRQ&$_bseRv3Q8_VE2tF4H< zaASPB89U^!t*Ro^Vhr=Zt)5ie>FGO8cyV*w9_|-o>+qAl&hZ4hl9y}Ybl|Qf7aWe@+xgMYvi-qU_$jupzp)xmHYr;D?jOF}MV%&2WRVM+i7NLL!yZn=H(A>m*< zqVpjtxWN{ZGXwyTru8+|o{&6r@!fb^E05KjN)r(&0>x=o8?4(*DIiL=ZKld@ZjH%5 z6hC-s>oJj&+2i3!8UpPydAq|rApg@o>=*(72J)GY z55)!UC$#O_eKz}KuQKA>@F!^7@MXKqYg=>E_=tGf?z>lHn(9pNg&Xs?y4=5GJ$DnA z>)@!WH(1{djE}!B9)MvY(bC4tcxR>hPg42#L&uO-RT#ABXps!dqx|awmo<&~rvU(e zc7*@a6zk|1To4x~q!wnOSDVg*4FIsc8-c+n-`~gb=7z-fWH9c_=zZ#b{NdaeP%=Kb zCx$GUH#v>G4jYPs&}~N-l*UpX*h61NqGxU4?4@h_xe4_f%7<{?S{$D()4?sH@bnZ7 zB@x+%$AjSAGF00^LWzoDRDe15>{Ko5xhblKz_M-<0bm^C^(J^@KaRcF5off*_Q}3d zrcdi{J6!-P??pKnq$82urkrpP{9rQlpjykw+4{8&8IXnjJId-6KnNgEfeJuG_zMyJ zU(YiGu3dps2#0SZ%;}qjsO_jqw_>bU-cA=(S!~zKM2`G`EX-J%8x;x4+2rvkab#nW zA#aRGVNKUI{r-&XYGRzKVk^ylIlmMR`x7lpuHEvjzu9*nf# zaET7g93Q0dOSY8>Y>RLj+xV_sb1N&Ok}R#1rHqBGJ$7y-*jUUsWWQ_8s#En%r_!{1 z$i^)uz?)z%mjM~)<;5Av8bM`L5>c?0KCY|eSoOA}C|V@6r3B#QpN|yi2Dd6mAu{Ke z$tAp=Qjrdeh_>8w1*XpblvBmj&FfcEWKk4B%PwsWlE-aM6NV*@6XVgdz0jgO`cf#1 za-H-*@u-N%XN53{8T%W2!@LQ8r9EF+hB#NMWb%|Xca=|p)IJQV4 zom^C-auYdf8rFo`FP=Q6@rD6I7@4F}`KB$XGeH9psO8nA)lE(HQh0UYBACLa z+%4^;KXt<#EFGI|g)Lesl)FZ;Mn6~M4<$Cc(#NG4lTUpKYl6=&YY`KY(=wt=CQtYh z9Ga^yl_l>}}r4K1{FY*GiSGSs4|4$S>R z7Mo&}FAFu3KrG;0d>SiaoH?@IY1uQH)H6hNRj0~X^E@Qhkhe8-zHm+bV-@fiG);*S z_J~TDo{~aetV7ZPr=~X8YZdpINGb7Vc3QaNNBsQbcPwVb>(G0PLAg2XViOamBEqyw z5Iu9BLYc64dJjVOKpra-{v!J~N80t1YNWcSG}-;Jf_zR)SL#OLpd^&nobT!{7Si~* zWpu#_8{Jv+Eql)H>;|aUQXicpAeP51l(73bUv6h{g=!CLjB*>KcDT#isq#Sciu z!c>ThFT$wR>S(lf)Q<~?*}|9$^a&-29NPLc6S4=E3C9W(%`RE`GG8Rc?C3vw z)x|P`H)D>8#J=0?x~v78^rD*YS>b>=zvMU3xivgs)E;`4~CWn?uKcPKsU z&Q19ywarqMVopD*#eTxZui~k;nM73)S3?acmn^vIDIm5L!lU4zXMM=1G*{QBdI%V{d+ zbCf#Sf7Q#x>kpaW=MCN-D(EymlBtW-gGdDOyaq!LY@@GA5M{>-!QUG{8G^yy)iv0g z!Sri!w1v;q0m)H{L?3nD_}W04Hj-63eM@kyL}k6CF%`%4?qq*+I2I5gA0!HFg}y@t z^HH(=$_-@MXt8R@VAmTHOvBKAL@aY!V?h3q4luySj)HvRmd!oF0>cZ+8MF)2u#PFj zvX*HX8XjTHLB_u~A}7OeS|LC!%$0Ke1KDPeLKeJvgR+Ki9D?w96O?L}K7Ln~o>k~h zKao!THk!I?+^5xgX2_~v*fFDtzPuC{iE)my{|iIzgz(ks75pI-4|#+wA& z^4*1Hc~L-n=Oo#;tScv=jQc#d^{dCdz&2-O$gE8^{2T9R$SZ{T z@Vau!#h)`A)#oYUE7HpHU3H%$`fjna?&!9 z67H_3f}(OK`>#GHrsM0TVeA}Q-~V3G#8dWyfl|t5b4Q@)^+s<&a=&g##m%Z(6d)S- z2s4m^wPl*d>Hf4!kRgWA+47I-LHOXRMGsMYpBZ|Jv67C8s{Z*Rl&CUHJE9XcNfCZZ zxmMVS-9%1~YhB&rEjPaGJwN>o+n|A&>zpFKk+Z!)s8)R67V>D#03vf&3V#|RQX&K; ziXP?WwCbk5)uPBYTXp>`u0KYHp3iWI+oyv4PQ>Q36cnadm$J z`x9jEPbH2H%5?Sbq75J#c}U7kO%F9if4~du1YVStcn4PtctmAZ1V8k!I$EUEwp)t9 z3@6ZI25GpoX>P``^_ayu&DM_JWP&Z_ddZ#hBP~htUUHr zr?gJB9g8bg8}tPTeBL`yLlqngLa&mdw_ts)4T&kgvb14z@6 zzV&wUpl_n{)>ZR#-xvNejsN(A|3NYS%WDL*1VaNe*CDr4P!Lh*cbY<#E=R{Um_}`0ft`#;T||b-5b@V1f0Y(E`kTYfSk;rL%Um zkF^3N+}JS$b{nu+GDsqFrX5R7b0l<61Qtq(u@7^;!rqL4@iQW=2;4Eb+;u3`ZGbW_ z*n(lPazNJKxcPsW`TreeW_;yXhAE3SX4qWrVkqtE*y5X z3zzV8Z;B^TWJCLEcPTW@({;27SGGl~tz5gA8y+V?Nzh1gB%aouDmhe3JkAi>%&im+ zN?M7O+@t2LuK7Hy(JUm9L$;mFNLiDs(%Hd7{D#dT#yVrbF=1v#CefnTepT`;J+5d2 z5tnOb*1w~Jzdk^*)zQ00D|m3BEFuU|ay?11*|BSk@(uQ<2vpID@$u-G7_vy(h=|^V z&+9^B%c00qs%3TRI` zg=K!snX?9U)9)n6e`Wo|k-Y9h;dn+19VbSa5a20MLm-;(MU!C>c%EKnb^c1f(~mwH znV>ZMi>LjzRI`X#vxoblpBmwYXn}LD0+b*h8L(d*@}Zed_9gD2*HQb}07A%&=v7a+ zf@jI_B^Gm=maArr^IFPGlG(@IQK0fVb*{1^uCLO6>|E1562VOz^UaNVd24+(%=2xy zOaRe{y^6Ps@fANp1Z0+NNKj#$wYA6D_?Q%G^+BtVR1}*6XbY z^6j6j4-p55I&ZLu>GPe9+bnNoOg2~bBkld_%`o$LFDk;0MRlLlY%1R zSQVaTY`d^W8IQ3?N6J;rq%>uQ?k#RrTA__wm*IaB#UQ_Z#HmU{UGCpk@BNhpo%m|r#taFTgF(gMlEG?(4vIPib1mFD;;!yf_Y#p#JeOZ}@c47* z-~l6@pG{TB+z-+yl?vq^usKpQYM(=yv9Z$@-Eq|`t2R6ty=ij?qpv>y%)(T>XL1w} zvIh$tc;AOGt9<<7r`A>I&jJ^xLJ?#ZlK&KUk2gFGerNM_W(yG!zsJELk&C++Gaez{ zZw)v8+ah69&pb>KaS`c&a6r&e|IOD~XGGE2&yzRA_gVxr&c`!mL+NnzV^;d>k+Jtv z!NGgUH!21FQd=cD5G5>b;>TIn0QGilb=0z2O+p?^M-tZQ*GTzy9WK_h;y-)g#yJc? zqxHeZ@@53Cw7F>!>0Xooc!a+PGopbjO!)FIs_}XQd<%(u(uMEzu3nuD!bHL>-?UbtW8#JysU*Fk4J94{0WltsIwZXmHn27gG=3a z0|yH*F2ZBidc=`nExh9+IE^<^)p5HNdTaC(0dP$fZ!~8$A9W2_tak!i$fpzkf68mFZ9x7E-^x zNlO?SRgyU?q4ccin`(H4aQ(}MIgmhoIBgzVWKvs7p<^VQB}Nu6c?_;KAwm9VGlpGC;P&AgpV8E9*4oy{#F7< za~{xJQs?0~w|A`7d+UliT7=*%Mx6nI8;7s!#Jq2uDDZ~ z&RWp?%QEj}Y4EihvcLgQ0i{`U;QzqCucY7rRfz`Jms(#kecus=_eK6mf*Ys%XR}~o z7XYySj{@ayq;^Jwac-qak5x>ja)tC(6}-P1-!gMZSowZPCxS_^%|}&K%E?V1Yp#vQ zG}bZBW@gsXMVCa3e#&CBom0(5J5{lU{3%rsgVz=E6sl7UO-67UH6R z-)&x0YbffPg}Nef(?0Z+JKMC@L=AQF8?@kr9A;v`ge&=QR_7TQnk5<*sdj$0=13pxh1ILEbOf&qhRtydn^;?t2}wfS#SC%8HjnC7TG(@#{Li3#)k6c{2a!RF@8+koSVv#;=pn~z|&%1L7MzA@3Gm(l-`6IRS znrg1@1#c#wU-hY#qEV8$gx~#ZDvAj80yRcQJf@aGHe<=6Rk+h6dqOlMg=ei$eXPp6 zn(l~atC=FFy@M|MWPz`O+5Gd;~HG>ex>G!S5=sb~! zEOM0=LX@bDE|x_-lt!0Wu$9$tv6zd42BOO=J)Ysl>3;R7U8M7$l zlP~Qldh?_^8^_kO;S@Au{JlKbK)IDl^esb|4+m@Yv3onk!dt2485dj63&q_bNLhAn zD&|Tlbq*R!%ei&8&ofv&{H2Rl7{skEumw~>Qkq_+yhlhdxJ86qgzcTR*Yfa(_|?mZ z6|0jd$*I#Dt*x!G3gM6_K@I7sN)de;@zqFYa!FQU(^&Df=*zY`Pwz%@nCYCX<@rwoX_Xs2gk_RB(bdQ=0IBQP@ zDs?>vg?fz&L-VYtzawyuQb>J89I%l&vRW=@)R3Kp=ArNogskHIZQffc*vmsHqqXv$ zBzsK+cn^;#hyV!qH$7W~fbLe^v2!yTP`lLpC!y_R`G|_|foeHx8lfm6nwycQT6oXbnL4^-#-Nn4LuYI3nL&(nXeAVpBp6x&dg_^P%RW*4+)OQ^W> zY{=$vG^yd?7|FO+gzR5fH16mdW^!h%SJEkLBK8grlpi`#nMpc-$qz(DiTnl8jebtu z*Pe6f;uB!Zh(~H?vZr~%>r#PnNBdP=Vg_AI2(@!a0uu@6By6Opf}I7F{IUKMZSSDTw;CDkPN%Ml5#Kcau#1bv#r_EJ$$qO5Y7m3v+}Tzh-_(GhqVVxYMI zPO^}iS8F_IN*;;iqzNOG$`je6LuTkz*>Z#gOcvBjda;VKN|y!Im{vfBwmj=u z+vhiyWjoPmt3z0%;oyM1iy5<8dUL2B|x^gWTE4+xq3)E2PDH9 zNlcz|9XTp&fs1$$qr~*!w+72c-R_S+hU>YeLO|DMp=SFPi2niHn?4l?9e=J$8+}}h z{NDD<;iq>_G-8b`!j~Ih-$E#oH$jhGp^Rb=ONGX)R74=drqZ%4?IbEg=#dEO%T^%v z1TCwRLo4`**-pHv>5nl%Ul?@BWJsO}V+FK=EUu-jsXhiq?y;K!(_^F#Pq4q)wB9UL z>n4^{QL8a3q*cbMdZ&D&QBtLigID6H67%3al5V%*{ds4MuqHzJ)Vw$ay4AQ7Gpi!x z0(2IgNkZYzGp6gc!+kfpeKCm(9DdRQs#?~X5psJ-;T*Ab~}x@GQ)A?wGWMf)wb z4GAlJ7*A(DdyM-1I_PlHLFSgc57k?qJazl+0tTK#gEN&~`>hQ+t#Tem`>a#17Pqex zDhv!14RoEB4uXWHk>^{!TPT9D*-&xhBf=w~omsC~^@3$erYQ+W29Y8|Gsj5WDkJQt z5sX%jAZ=>rFlhX2kirAIvng{(w^@R3^)SdqG)TGcI)o`W;s1h!fBuCG;96@fp7=8` zb`l~%w&+`4?AdjAio*7?6ZXP0)Rcb7dMS6Zso{zRi|fFMoL}ip4EdLEwVodnpcBn! zuMfe0ewBcBD(hZ_VOD%Y?Y5>Jo-UIS7BeLIBAZnoIS3=oW~oS1wormbvR`hfal>5a zK5`~E%1Bmcys4v7D|Fx~McPKez*QutC7XzLj6ctbDavXcx5|Ja-a-U2-t8)Q9fV%{ zc0bPP@k1Xb1F1(ttlt=s@yN4Hch|8VeZU*kd>g~gRuHlf*zh)>6=v0=;Q1wd?$jI8u}!TY?l&DT>(JXSV_p$}YHo2C`r1)B7d}DAP{aBuL&4%DRInr^{pp~i&EUuVNEp0)HU+5@|L7-7dZV% z^T_;lfTFu0qiE|R@GP-u^1DhcwzG!gJ9+OzP5-CKr(>zPY3X{wO%7GMO-27OZ=uJO z*=Q6Xt|zht*u0N5BZ}3}*_x1QFMB|4u8UbtZ<;IVBBjAC z+HbDx-S&0{gdLcXu<(T|cAPKD@uqBsa?V@^RgCoZTRGh|KX+*MlQ;}4;mjgYj`5Pa zKS0j&ydn0z+jJa_{Zk%2*^F1$%Dc&%CN(U30d^uLe#i=ijfbl*2&!mQGhuR3ok^Wx z-w;F8<|YoL$1k~cN6q+j89wr3i=Nhw76iCz<4d#LVAZ0VZ!P+OQ4;#Ic5QL(S@9jo z2eNC`J7(Dux7GC|fr?AG!?j9RXk&;9VntDweeE*Sz~<&Q#O!E^{k z_fxL;EeQ3YR(SKmfigJUlKBGQ+hyEv6okyE?y{-*17{;Mt*I6XB1t~YT^{1kDjM`Y z7PF?}q6{267@#4<8Ga!fN#t6=BDxBbAu$N1$gR1#I(z;BGwWnKRL=t35%(AHm}EIT zZcp=WZ^w}+!N_tPmz?BENz0V#jlv+5fE~{t?U0Ji$_CcWBRt?*;wSpUWfNFBax|i% z{hiRCuF5+$`=^oR5^L%%*nsw)v_jr98| zR7~iI5MAI-%lFxgiipY<-tm5QDOo zQ*Id$ST!ZzU|h5fb|%(;hZy?Av}_I2Aym)dr`Y>rnOzHMUilrPO8}q*08Fo zK$-zHfA2Y`9RPE1d+>uQ z@UZMm-PRE{)3>j=sgm{m=oKrw$$pXwM#rK0u~zx2{r&xY0F$}$v||Il*VJcJ zpgJi`0TH9qH&=43CKn=wSltjOnK*nNS0e&qp7}YDM;J&oH_FDX#t;}im{MUcMlXn* z-(yw;6rqI^DamfkZ3>w&MrNSl@U(O?H!=Byk3Z?D2}y7^RsA=MDi-YhCyV;7g=dj< zw10GjIs!T~WQdw?B311zF+l_Bo3?6d1wc?iK^A1lLtk3rY*V92a1nq zMSpF7?`gAzp3TyRSmj20-dD8SHD_#TdL_nCcRVmi02?31hr5^J5pE5usnqDM&opmG zh`|KNFGg*pzX+hZM>-OxOcHW>pW5HI;9jeNTQ)*Q9?7=I?b=768;SEdP{}qaPsuBD z2?qGg+HoGmw$?n2u`FvCasLBGZyi`0?b`w1jeRO=n>*Ba5e%OEVVpgH?4Q?vbNc`C zKmUJNRk9Yiujjc>RS&DmJQ{>4ubBV$Ygc{)>quWWSTE!#k)8K4`JP3++(yj=^(J*( zQY9eA3p`B;s20N?uCx;zzY72~*EX(rO4|hVM)^H%;_A7R4TF3Rv{#h~3g88AxV`8<UP&?47wRE{+Hm)mt(lOYzvCAKi&}mB`UIiNAAY-JH6U# zU47hfBf0BlI?lSdMVZi_e7&)&uRfKy+i^D|&b7I5i&=BOSdCm;`w9B6LBfANV@Iva zj<>#D`I3(CloaJXvv~;3`FAP(kz>C6_t%XicZ7GPyS}GKdrSIRNIk~-K4-n^ezJi+ z=zPydOl40a;l)mRalM$Eet1;JT!V;FrAxM{EgiQI5{~Ii!@tX|Ff3bG z6Z&;GAIZe;cD9TDBuT$)9V + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + + webstatus: + environment: + - ASPNETCORE_URLS=https://+:443 + - ASPNETCORE_Kestrel__Certificates__Default__Password= + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + + webmvc: + environment: + - ASPNETCORE_URLS=https://+:443 + - ASPNETCORE_Kestrel__Certificates__Default__Password= + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + + webshoppingapigw: + volumes: + - ~/.aspnet/https:/https:ro diff --git a/src/docker-compose.override.yml b/src/docker-compose.override.yml index 8ec8426ec0..ca3940fcc4 100644 --- a/src/docker-compose.override.yml +++ b/src/docker-compose.override.yml @@ -57,8 +57,10 @@ services: - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} + - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - - "5105:80" + - "80" # We need HTTP access for inter-service communications + - "5105:443" basket-api: environment: @@ -336,7 +338,7 @@ services: - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} ports: - - "5107:80" + - "5107:443" webspa: environment: diff --git a/src/start.ps1 b/src/start.ps1 new file mode 100644 index 0000000000..28a4019e2a --- /dev/null +++ b/src/start.ps1 @@ -0,0 +1,8 @@ + +if ($args.Count -eq 0) { + docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d +} elseif ($args.Count -eq 1 -and $args[0] -eq "infra") { + docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d seq sqldata nosqldata basketdata rabbitmq +} else { + docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d $args +} From 6b702e08e377db4c1aaf1845c824bfd985585f76 Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Sat, 26 Sep 2020 16:04:21 +0100 Subject: [PATCH 2/7] Ordering.Api working --- src/.env | 4 +-- src/docker-compose.certificates.sample.yaml | 8 ++++++ src/docker-compose.override.yml | 31 +++++++++++---------- 3 files changed, 26 insertions(+), 17 deletions(-) diff --git a/src/.env b/src/.env index 96b8016507..fbeaf495d2 100644 --- a/src/.env +++ b/src/.env @@ -6,8 +6,8 @@ # Use this values to run the app locally in Windows ESHOP_EXTERNAL_DNS_NAME_OR_IP=host.docker.internal -ESHOP_STORAGE_CATALOG_URL=http://host.docker.internal:5202/c/api/v1/catalog/items/[0]/pic/ -ESHOP_STORAGE_MARKETING_URL=http://host.docker.internal:5110/api/v1/campaigns/[0]/pic/ +ESHOP_STORAGE_CATALOG_URL=https://host.docker.internal:5202/c/api/v1/catalog/items/[0]/pic/ +ESHOP_STORAGE_MARKETING_URL=https://host.docker.internal:5110/api/v1/campaigns/[0]/pic/ # Use this values to run the app locally in Mac # ESHOP_EXTERNAL_DNS_NAME_OR_IP=docker.for.mac.localhost diff --git a/src/docker-compose.certificates.sample.yaml b/src/docker-compose.certificates.sample.yaml index 4e43fd0f29..b7d4af1120 100644 --- a/src/docker-compose.certificates.sample.yaml +++ b/src/docker-compose.certificates.sample.yaml @@ -10,6 +10,14 @@ services: volumes: - ~/.aspnet/https:/https:ro + ordering-api: + environment: + - ASPNETCORE_URLS=https://+:443;http://+:80 + - ASPNETCORE_Kestrel__Certificates__Default__Password= + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + webstatus: environment: - ASPNETCORE_URLS=https://+:443 diff --git a/src/docker-compose.override.yml b/src/docker-compose.override.yml index ca3940fcc4..5619e1ebd0 100644 --- a/src/docker-compose.override.yml +++ b/src/docker-compose.override.yml @@ -41,25 +41,25 @@ services: identity-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - SpaClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104 - - XamarinCallback=http://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback + - ASPNETCORE_URLS=http://+:80 + - SpaClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104 + - XamarinCallback=https://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word} - - MvcClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 - - LocationApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109 - - MarketingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110 - - BasketApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103 - - OrderingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102 - - MobileShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 - - WebShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 - - WebhooksApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113 - - WebhooksWebClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114 + - MvcClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 + - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109 + - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110 + - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103 + - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102 + - MobileShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 + - WebShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 + - WebhooksApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113 + - WebhooksWebClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114 - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - - "80" # We need HTTP access for inter-service communications + - "80" # We need internal HTTP access for inter-service communications - "5105:443" basket-api: @@ -111,7 +111,7 @@ services: - ASPNETCORE_URLS=http://0.0.0.0:80 - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -127,7 +127,8 @@ services: - GRPC_PORT=81 - PORT=80 ports: - - "5102:80" + - "80" # We need internal HTTP access for inter-service communications + - "5102:443" - "9102:81" ordering-backgroundtasks: From 83c1e7909f68e42568add77c80f9b52c1f050450 Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Mon, 28 Sep 2020 17:58:39 +0100 Subject: [PATCH 3/7] Inital working version with HTTPS --- .../Envoy/config/webshopping/envoy.yaml | 105 ++++++++++++++++-- .../Web.Bff.Shopping/aggregator/Startup.cs | 2 +- .../Identity.API/Configuration/Config.cs | 2 +- .../Tasks/GracePeriodManagerTask.cs | 2 +- src/Web/WebMVC/Program.cs | 15 +-- src/docker-compose.override.yml | 72 ++++++------ src/docker-compose.yml | 4 +- 7 files changed, 150 insertions(+), 52 deletions(-) diff --git a/src/ApiGateways/Envoy/config/webshopping/envoy.yaml b/src/ApiGateways/Envoy/config/webshopping/envoy.yaml index e1780c47d3..b3c6082512 100644 --- a/src/ApiGateways/Envoy/config/webshopping/envoy.yaml +++ b/src/ApiGateways/Envoy/config/webshopping/envoy.yaml @@ -6,10 +6,11 @@ admin: port_value: 8001 static_resources: listeners: - - address: + - name: listener_https + address: socket_address: address: 0.0.0.0 - port_value: 80 + port_value: 443 filter_chains: - filters: - name: envoy.http_connection_manager @@ -22,13 +23,9 @@ static_resources: - name: eshop_backend domains: - "*" + # - "localhost" # - "host.docker.internal" routes: - # - match: - # prefix: "/" - # redirect: - # path_redirect: "/" - # https_redirect: true - name: "c-short" match: prefix: "/c/" @@ -112,6 +109,100 @@ static_resources: filename: "/https/docker-self-signed.pem" private_key: filename: "/https/docker-self-signed.key" + - name: listener_http + address: + socket_address: + address: 0.0.0.0 + port_value: 80 + filter_chains: + - filters: + - name: envoy.http_connection_manager + config: + codec_type: auto + stat_prefix: ingress_http + route_config: + name: eshop_backend_route + virtual_hosts: + - name: eshop_backend + domains: + - "webshoppingapigw" + routes: + - name: "c-short" + match: + prefix: "/c/" + route: + auto_host_rewrite: true + prefix_rewrite: "/catalog-api/" + cluster: catalog + - name: "c-long" + match: + prefix: "/catalog-api/" + route: + auto_host_rewrite: true + cluster: catalog + - name: "o-short" + match: + prefix: "/o/" + route: + auto_host_rewrite: true + prefix_rewrite: "/ordering-api/" + cluster: ordering + - name: "o-long" + match: + prefix: "/ordering-api/" + route: + auto_host_rewrite: true + cluster: ordering + - name: "h-long" + match: + prefix: "/hub/notificationhub" + route: + auto_host_rewrite: true + cluster: signalr-hub + timeout: 300s + upgrade_configs: + upgrade_type: "websocket" + enabled: true + - name: "b-short" + match: + prefix: "/b/" + route: + auto_host_rewrite: true + prefix_rewrite: "/basket-api/" + cluster: basket + - name: "b-long" + match: + prefix: "/basket-api/" + route: + auto_host_rewrite: true + cluster: basket + - name: "agg" + match: + prefix: "/" + route: + auto_host_rewrite: true + prefix_rewrite: "/" + cluster: shoppingagg + http_filters: + - name: envoy.router + access_log: + - name: envoy.file_access_log + filter: + not_health_check_filter: {} + config: + json_format: + time: "%START_TIME%" + protocol: "%PROTOCOL%" + duration: "%DURATION%" + request_method: "%REQ(:METHOD)%" + request_host: "%REQ(HOST)%" + path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" + response_flags: "%RESPONSE_FLAGS%" + route_name: "%ROUTE_NAME%" + upstream_host: "%UPSTREAM_HOST%" + upstream_cluster: "%UPSTREAM_CLUSTER%" + upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%" + path: "/tmp/access.log" clusters: - name: shoppingagg connect_timeout: 0.25s diff --git a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs index 1ea6c0f4f1..143a204009 100644 --- a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs +++ b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs @@ -64,7 +64,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerF app.UseDeveloperExceptionPage(); } - app.UseHttpsRedirection(); + // app.UseHttpsRedirection(); app.UseSwagger().UseSwaggerUI(c => { diff --git a/src/Services/Identity/Identity.API/Configuration/Config.cs b/src/Services/Identity/Identity.API/Configuration/Config.cs index 04a9aa0432..72599c322b 100644 --- a/src/Services/Identity/Identity.API/Configuration/Config.cs +++ b/src/Services/Identity/Identity.API/Configuration/Config.cs @@ -41,7 +41,7 @@ public static IEnumerable GetClients(Dictionary clientsU // JavaScript Client new Client { - ClientId = "js", + ClientId = "spa", ClientName = "eShop SPA OpenId Client", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, diff --git a/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs b/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs index 247ed9d67e..53753a6ffc 100644 --- a/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs +++ b/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs @@ -72,7 +72,7 @@ private IEnumerable GetConfirmedGracePeriodOrders() conn.Open(); orderIds = conn.Query( @"SELECT Id FROM [ordering].[orders] - WHERE DATEDIFF(minute, [OrderDate], GETDATE()) >= @GracePeriodTime + WHERE DATEDIFF(second, [OrderDate], GETDATE()) >= @GracePeriodTime AND [OrderStatusId] = 1", new { _settings.GracePeriodTime }); } diff --git a/src/Web/WebMVC/Program.cs b/src/Web/WebMVC/Program.cs index eb99cd42e0..414fe81ed9 100644 --- a/src/Web/WebMVC/Program.cs +++ b/src/Web/WebMVC/Program.cs @@ -52,18 +52,15 @@ private static Serilog.ILogger CreateSerilogLogger(IConfiguration configuration) { var seqServerUrl = configuration["Serilog:SeqServerUrl"]; var logstashUrl = configuration["Serilog:LogstashgUrl"]; - var cfg = new LoggerConfiguration() + return new LoggerConfiguration() .ReadFrom.Configuration(configuration) .Enrich.WithProperty("ApplicationContext", AppName) .Enrich.FromLogContext() - .WriteTo.Console(); - if (!string.IsNullOrWhiteSpace(seqServerUrl)) { - cfg.WriteTo.Seq(seqServerUrl); - } - if (!string.IsNullOrWhiteSpace(logstashUrl)) { - cfg.WriteTo.Http(logstashUrl); - } - return cfg.CreateLogger(); + .WriteTo.Console() + .WriteTo.Seq(string.IsNullOrWhiteSpace(seqServerUrl) ? "http://seq" : seqServerUrl) + .WriteTo.Http(string.IsNullOrWhiteSpace(logstashUrl) ? "http://logstash:8080" : logstashUrl) + .ReadFrom.Configuration(configuration) + .CreateLogger(); } private static IConfiguration GetConfiguration() diff --git a/src/docker-compose.override.yml b/src/docker-compose.override.yml index 5619e1ebd0..f3475fc439 100644 --- a/src/docker-compose.override.yml +++ b/src/docker-compose.override.yml @@ -46,10 +46,10 @@ services: - XamarinCallback=https://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word} - MvcClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 - - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109 - - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110 - - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103 - - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102 + - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109/locations-api + - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110/marketing-api + - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103/basket-api + - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102/ordering-api - MobileShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 - WebShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 - WebhooksApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113 @@ -57,6 +57,7 @@ services: - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} + - Serilog__MinimumLevel__Override__IdentityServer4=Verbose - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - "80" # We need internal HTTP access for inter-service communications @@ -65,10 +66,10 @@ services: basket-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_REDIS_BASKET_DB:-basketdata} - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -80,7 +81,8 @@ services: - GRPC_PORT=81 - PORT=80 ports: - - "5103:80" + - "80" # We need internal HTTP access for inter-service communications + - "5103:443" - "9103:81" catalog-api: @@ -98,17 +100,19 @@ services: - AzureStorageEnabled=False - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} + - Serilog__MinimumLevel__Override__Microsoft=Warning - GRPC_PORT=81 - PORT=80 - PATH_BASE=/catalog-api ports: - - "5101:80" + - "80" # We need internal HTTP access for inter-service communications + - "5101:443" - "9101:81" ordering-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - identityUrl=http://identity-api - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 @@ -134,7 +138,7 @@ services: ordering-backgroundtasks: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} @@ -142,7 +146,7 @@ services: - UseCustomizationData=True - AzureServiceBusEnabled=False - CheckUpdateTime=30000 - - GracePeriodTime=1 + - GracePeriodTime=15 - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - UseLoadTest=${USE_LOADTEST:-False} @@ -173,12 +177,13 @@ services: - UseLoadTest=${USE_LOADTEST:-False} - PATH_BASE=/marketing-api ports: - - "5110:80" + - "80" # We need internal HTTP access for inter-service communications + - "5110:443" payment-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -186,6 +191,7 @@ services: - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - Serilog__MinimumLevel__Override__payment-api.IntegrationEvents.EventHandling=Verbose + - Serilog__MinimumLevel__Override__Microsoft=Warning - Serilog__MinimumLevel__Override__Microsoft.eShopOnContainers.BuildingBlocks.EventBusRabbitMQ=Verbose ports: - "5108:80" @@ -193,11 +199,11 @@ services: locations-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_COSMOSDB:-mongodb://nosqldata} - Database=LocationsDb - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -240,7 +246,7 @@ services: volumes: - ./ApiGateways/Envoy/config/webshopping:/etc/envoy ports: - - "5202:80" + - "5202:443" - "15202:8001" webmarketingapigw: @@ -267,7 +273,7 @@ services: - MarketingUrlHC=http://marketing-api/hc - PaymentUrlHC=http://payment-api/hc - LocationUrlHC=http://locations-api/hc - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 ports: - "5120:80" @@ -288,14 +294,15 @@ services: - MarketingUrlHC=http://marketing-api/hc - PaymentUrlHC=http://payment-api/hc - LocationUrlHC=http://locations-api/hc - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 ports: - - "5121:80" + - "80" # We need internal HTTP access for inter-service communications + - "5121:443" ordering-signalrhub: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -344,37 +351,40 @@ services: webspa: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - - PurchaseUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - - MarketingUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 + - ASPNETCORE_URLS=http://+:80 + - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - PurchaseUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - MarketingUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 - IdentityUrlHC=http://identity-api/hc - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 ports: - - "5104:80" + - "80" # We need internal HTTP access for healthchecks + - "5104:443" webmvc: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - PurchaseUrl=http://webshoppingapigw - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - MarketingUrl=http://webmarketingapigw - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - IdentityUrlHC=http://identity-api/hc - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - UseLoadTest=${USE_LOADTEST:-False} + - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - - "5100:80" + - "80" # We need internal HTTP access for healthchecks + - "5100:443" webhooks-client: environment: - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - Token=6168DB8D-DC58-4094-AF24-483278923590 # Webhooks are registered with this token (any value is valid) but the client won't check it - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - CallBackUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114 diff --git a/src/docker-compose.yml b/src/docker-compose.yml index b51c656210..ebad591106 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -186,7 +186,7 @@ services: - webhooks-api webshoppingapigw: - image: envoyproxy/envoy:v1.11.1 + image: envoyproxy/envoy:v1.14.4 webmarketingapigw: - image: envoyproxy/envoy:v1.11.1 + image: envoyproxy/envoy:v1.14.4 From d0f6a04b3f60e4b990351ab3ba94061b028b6bb7 Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Mon, 28 Sep 2020 23:35:30 +0100 Subject: [PATCH 4/7] Final working version (docker-compose) --- deploy/certificates/.gitignore | 4 +++ deploy/certificates/README.md | 34 ++++++++++++++++++ .../certificates/create-docker-certificate.sh | 4 +-- deploy/certificates/import-certificate.ps1 | 8 ----- .../install-docker-certificate.ps1 | 17 +++++++++ .../media/root-ca-import-warning.png | Bin 15699 -> 0 bytes src/.gitignore | 1 + .../Web.Bff.Shopping/aggregator/Dockerfile | 4 ++- .../Identity.API/Configuration/Config.cs | 2 +- src/Web/WebMVC/Dockerfile | 4 ++- src/docker-compose.certificates.sample.yaml | 12 +++---- src/docker-compose.override.yml | 8 ++--- 12 files changed, 75 insertions(+), 23 deletions(-) create mode 100644 deploy/certificates/.gitignore create mode 100644 deploy/certificates/README.md delete mode 100644 deploy/certificates/import-certificate.ps1 create mode 100644 deploy/certificates/install-docker-certificate.ps1 delete mode 100644 deploy/certificates/media/root-ca-import-warning.png create mode 100644 src/.gitignore diff --git a/deploy/certificates/.gitignore b/deploy/certificates/.gitignore new file mode 100644 index 0000000000..bddb2cc221 --- /dev/null +++ b/deploy/certificates/.gitignore @@ -0,0 +1,4 @@ +*.key +*.pem +*.pfx +*.txt diff --git a/deploy/certificates/README.md b/deploy/certificates/README.md new file mode 100644 index 0000000000..44416bb0ce --- /dev/null +++ b/deploy/certificates/README.md @@ -0,0 +1,34 @@ +# Dev certificates for Docker + +1. Create a self-signed certificate +2. Install certificates +3. Configure the services + +## 1 - Create the self-signed certificate (`.pem + .key`) and its `.pfx` file + +**From WSL**, run the `create-docker-certificate.sh` script with a strong password for the certificate. + +```bash +./create-docker-certificate.sh "secure-COMPLEX-and-SECRET-password" +``` + +The script creates a certificate for both `host.docker.internal` and `localhost`. + +### 2 - Install the certificates + +Run the `install-docker-certificate.ps1` with the same password you used above: + +```powershell +.\install-docker-certificate.ps1 "secure-COMPLEX-and-SECRET-password" +``` + +The above script: + +1. Imports the certificate in the current user root CA store. +2. Copies the certificate files to the `%USERPROFILE%\.aspnet\https` folder. Servers will serve the certificate from this folder. +3. Copies the `.pem` file as `.crt` to the src\certificates folder to add it as a root CA when building the images for some services. + +### 3 - Configure some services to serve the certificates + +1. Copy the `src\docker-compose.certificates.sample.yaml` file as `src\docker-compose.certificates.yaml` +2. Configure the password you assigned to the certificates in the settings `ASPNETCORE_Kestrel__Certificates__Default__Password` diff --git a/deploy/certificates/create-docker-certificate.sh b/deploy/certificates/create-docker-certificate.sh index f29edc1ce3..93cf932393 100644 --- a/deploy/certificates/create-docker-certificate.sh +++ b/deploy/certificates/create-docker-certificate.sh @@ -5,10 +5,10 @@ openssl req \ -out docker-self-signed.pem \ -keyout docker-self-signed.key \ -newkey rsa:2048 -nodes -sha256 \ - -subj '/CN=localhost' \ + -subj '/CN=host.docker.internal' \ -extensions EXT \ -config <( \ - printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName='DNS.1:localhost,DNS.2:host.docker.internal'\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") + printf "[dn]\nCN=host.docker.internal\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName='DNS.1:host.docker.internal,DNS.2:localhost'\nkeyUsage=digitalSignature,keyCertSign\nextendedKeyUsage=serverAuth") echo "printing text version..." openssl x509 -in docker-self-signed.pem -text -noout > docker-self-signed.txt diff --git a/deploy/certificates/import-certificate.ps1 b/deploy/certificates/import-certificate.ps1 deleted file mode 100644 index c9f1a50134..0000000000 --- a/deploy/certificates/import-certificate.ps1 +++ /dev/null @@ -1,8 +0,0 @@ -param ( - [Parameter(Mandatory = $true)] - [string]$Password -) - -$CertPassword = ConvertTo-SecureString -String "$Password" -Force -AsPlainText - -Import-PfxCertificate -Exportable -FilePath .\docker-self-signed.pfx -CertStoreLocation Cert:\CurrentUser\Root\ -Password $CertPassword diff --git a/deploy/certificates/install-docker-certificate.ps1 b/deploy/certificates/install-docker-certificate.ps1 new file mode 100644 index 0000000000..64960fff28 --- /dev/null +++ b/deploy/certificates/install-docker-certificate.ps1 @@ -0,0 +1,17 @@ +param ( + [Parameter(Mandatory = $true)] + [string]$Password +) + +# Import into current user root CA store +$CertPassword = ConvertTo-SecureString -String "$Password" -Force -AsPlainText +Import-PfxCertificate -Exportable -FilePath .\docker-self-signed.pfx -CertStoreLocation Cert:\CurrentUser\Root\ -Password $CertPassword + +# Copy to user profile to use as HTTPS certificate in server containers +mkdir $env:USERPROFILE\.aspnet\https -Force +Copy-Item docker-self-signed.pem $env:USERPROFILE\.aspnet\https -Force +Copy-Item docker-self-signed.key $env:USERPROFILE\.aspnet\https -Force +Copy-Item docker-self-signed.pfx $env:USERPROFILE\.aspnet\https -Force + +# Copy to src folder to register as a root CA in client containers +Copy-Item docker-self-signed.pem ..\..\src\certificates -Force diff --git a/deploy/certificates/media/root-ca-import-warning.png b/deploy/certificates/media/root-ca-import-warning.png deleted file mode 100644 index 23fc2140b7bd6dd09236e66e6d9ca587b1e9e447..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 15699 zcmc(GWmH^Ev}HpC3y`3}9RdUhZUKV3yE~1$dlDqLJB_=$O9*a_JB@4O?l7J2d-G=2 zygxH*&8+!xyVtF*+f~)or_MQh?-QaRCyt7Yj|>0+P$eZqlmGy@RM_Q>2oG!V@PL-W z-r$^+#DxGAV8VUa&1;~btRMhT9fk5}_y%^5WG|uV1OT9Q|GnV)?TSnQfUkR!B7!RJ zdPg8DYu&koRdoGWs-+m~1qY-4c!pRtlQgM=;#Ue5g_$}5p%Zi@IliBu`!vXiUyP9@ z3MAh96~9e!W&4zZ1rmD46A@^!=*WY~q1XeE>r193?{i6)6w<8o##=a}ud&vwS=l&n zEq~&9NN*o&-sN}qIN5nY5L^Zd%<6f8oMsnxtB;RAE zIW&H$a+{iITuJc*WW_Rp6pM>E^2Z4A^;jyU}u zhNtY573cVP5l)tzuSV6uZH;Z)UApMjx;&h2&~gGH4QJp>VZ&+-p$o+Q;j)*3_atoP z-gLi>?u>TarN4m}r$VpEGuKJl&hG_6bOPeJ3aS!pxrzD=ni3tMaed0Q2?P3alPu|? zZ$(U1g0z<(&pL>1uDtEfw>j<1r<`r)o3dLew6xl)NrQF`7NTQse9o(F!YW@Z^=S1O zlX4>nJi(djOCShDmxw+rjNVasY5_8Z$H2s}ut22J$V$h=G^GbU%rV{!(zDf*Q3K2^5PZ(PiB`5KX9xyUF9uVdk{7m}?B@1aicyB$icuI*7y5V3{F5 zDh@BNH=kDMHu2a-V=3ViLkHi+K?zb|)tx9-j*d5t+wnLp*> zNeQi^)FPOS9U*w5VRGTmdY1P+jTXgAV=9S!yDS!Rgk0aQib6;7UT)+>Xv7dcoe)rx zby(HCdH2Hwv1 z2qa`e`N8BaWTLyz#&TH+e`haugX3Yr+)+pc9#F@Hy=r|fT;OQ&xTUu~(UVJ`A^*XP zX1;$sU|(eN&ZLIsr0u@eYr#KZQ_! zn&hltmZJ?*^LW}azheSqNhW*AIL#F!(tj*x{*&dUgb zu`YKykwzayZ{GfBtA)4`!&QnC)ZVA8TkY3pzYb3gPo{hr2_U@q#S0&cnVES?NYZ;N zKWoUwDARbmmD=(Swr`kW`tPjqKU5CoZg(QP@5Q%O9`||dgfk7m7Tny-y_6)GC!R}Q50Vwv*I#|~zBioIV)n^0w$vB4Gdu{^ zcS*n33Zs1kkf`=~xHcLCr@j*4knVh~;Z%Sg)km@l2hd8!aR6@6SAHLS8fzE`zP~SJ z^;PE~x2uH%FvwX!tYL;~Q#U_K4FF8T{ii8@2mGh$lK!<^c(~(tfcJ>@K!E=@|G!oX z|NpzI(8cn?(9qB_%6qk7Dl#U6D6o^*I!*R$HS-R*c? zTy!!f4bwI92i-)-$eih=32@*Y`PJy}REP&f#Yep>b@no3%gjjqh)?M1LVXT0Hnw$PAUj@E6E2ViHT||UXVF!BOQB3z zhhLDPmUJl+1c5}Eia%jJziEm-`|n=p4{>0Zy z8-qps^Nr)5+yH;N!my_HghDH}DXb8+j(D72$*6JHfMrcqTaGc1*UeGmn48G1*U5d@ z!vomW`!cWLNB?#tlQL{HBef2!sMmM+9$Qg?4;tD1aFa!WZhvK@2c&_Y!o z#qj$?j~*Qn7Z)q5I)=wv{qAa}FeLt~3KlD+L3szo3j9~CLDbh~e9~v{DAPuUHl8J} zhuvj?@3hn7=e=#(L7vra)pI4}wSKz>Y;{)tXe?4(kor2>cPX!&(PH0gxVZJ%0e18j zs@AWy6QBDlvQciXn3jF!R#!0Ey{{p|C!H@HB`WAU$)#{Sq-aN>mFmPJ+l+UgavZx8 zbNntvn(Gb}f*;(QO1`UbLf=iz2#-FLuGf91ouw!}27}YNo%SakfxFtgZiI2%tuKT5 z3Fyz>2eVP_kLQF(s3{AGWu@}ovN<6k9hB#$lZN&*bLTiA4Joyx^1`YfzK_wz?bHd6 z?xL!KFMAW!WUDS*WAJDx3Caya?7G-oj+QI>zR)U5>9juzCx%mcWfi=w9v6Mf%cXA1 z4r4)9e$|_9wql&*&$yyD-k13i+nAiT*KHTqyg5e3ANd`~%JpFwUM3IX`$qYuV2AxVNcg9dyyD95E{PjG9V-6ABBOKZA0h?vDuR1T za_2-4PC`XlHZ%8R$Bd1=zLfXJkJp_Zv?6I>U@? zbWEMiG~#gsx0B25xQ~Ir*WqMmg5>3J;_i-@r$vp!4thVA`Le&j`UJ}4^4wfR=zM6+ z+=oJyPyv7}>IS>jj?mg#6kNu~>&BB+mz%zfgVlxSfzc#=kHcv@j**WWUJnqaU*jf9zSC{5GneH!c z)2j=#U9R_r?Y8D@o9|x--|NvoZCU+n_1m2;PEutB0E!Y+9e~5b!?m?c0_Ou1VI*H4 zLWoYpIFB`2CTi=vw>Nsja2a*ly!Vyr+CD;b7F_$K`mgq-f%+PBH*8;`F#%Qln%Hix z_m}(HcC8Pbl>&Yzi7!q|HfcG%5sKVeEgn~ocj%0|_x7fDW;CN<92~X87UH(u!=+B1 z$H8EJZcaB(Q&Z7;yRTD&d&}@AF_Q}PcUmPHPP~+Q9qL#;48=lis+9ixh5EVLXrfRP zMe6|uktN!9_`;izg#>za--|w8biT{Adbelq{_eS)KxN(MC}$1 zSB4lb?dImHBk(rEHc682J+RSw<+_i+?$d{I2^Z$}so*Q|56)&s5i;*XkiKUKaBy?6 z6bVp3Nqo#s*VeV#Wyv73Rx&Ia@@y-h_RGoDo9koGqnS?Mwc|{Yu*Qnd&LW(NNleau zr_T#>dc01@%dK;jx|$uXru&nBHm-Wp=5mNgbZ@gR^^ZGWa)EkY#)gK1lC;S3j}C{9h+r=AW7#bAwOW+Z$^zSs;l>zAq^ zF|=zq8Q|X>yGeQ<2ZJ3*B zt6au)516+(nRD5x2jXZ=6e9D#*rXJYI^!RL!I=VnNB2fExzlG zoQ&zZP0s6+fj71~0&drbUcT* z-;7^v>Kjf6lgr_^CcFo3VF8>3)Ffu~N8UVgbg~0`YXJfyBsB_6J*zfy6Yr&srFvg` zbPM3iQg^b*Ycq8#1kD?%D33@>8`lOqw>MeQ|6(gdl6SJf+#1H}c5vg=U}BpDF)%T` z90CPat2g89MxOh1Gu@w|3xNcP9WanWYn&VaLNL249jeL=TYBIY4q4mf4{pEG10r(`-7}HNbt3S?M2IxJIXF8=u zYaXuMZLqL64eH6mX4`(&M<6}SSJ}zoBtQ4Eyxd;Xgq4t#V@^fKBo5J?m|ZHCx+&0Z zv{|mI&Kgl9- zM|-Zx_M+89?6a>gw)%1-y?XzIEB>+&b-YKn+J;wNCPF`ac$kQj+uHDX)%PkmN&n@! zmtJ}o3{n;fi$?3&mVlVOajz9fOG}mZV!bv}3S4KJveEYz=irl*jJ13EjRkQ*@)Nr$ ztcfJ!b#7KTbWqjsQGKtytf2R#8i}26w@Ffi{Wa4j?(^xPHQ&S+x9c0fm#~O5{`+;W zF+ZcJGgJcgTRq2=7sZ^m_b!ZL(!&##V`2i_&FfDn6N$1DLqD2Ub#k;-uFX-xCfXaB zR&PgNT3jw>l?!*`$3w>l6VQ4Xh}S?__Ib8KSlksMA)32wd9`wotMS8}IzOd8k~kq= z@rQ-95MEiNsBfcVc}Xmk!jY&MWOGs2)JGrEJ~|o-dk9zZDc-8}g{SC9Rk z<-MMdfUrGe9a~fz(h;15;I-dh2i-LCL7ZMXT6Z13mb1Ddn=CSa5yfl!+AKI-L5X3ZI-{iv~XTKThE_{cqQ_VJzWKv z8y;U)?jNfn+o|4S{s`B6yJ`YfJCl*|9$WW;u6`bwBhjRQ&$_bseRv3Q8_VE2tF4H< zaASPB89U^!t*Ro^Vhr=Zt)5ie>FGO8cyV*w9_|-o>+qAl&hZ4hl9y}Ybl|Qf7aWe@+xgMYvi-qU_$jupzp)xmHYr;D?jOF}MV%&2WRVM+i7NLL!yZn=H(A>m*< zqVpjtxWN{ZGXwyTru8+|o{&6r@!fb^E05KjN)r(&0>x=o8?4(*DIiL=ZKld@ZjH%5 z6hC-s>oJj&+2i3!8UpPydAq|rApg@o>=*(72J)GY z55)!UC$#O_eKz}KuQKA>@F!^7@MXKqYg=>E_=tGf?z>lHn(9pNg&Xs?y4=5GJ$DnA z>)@!WH(1{djE}!B9)MvY(bC4tcxR>hPg42#L&uO-RT#ABXps!dqx|awmo<&~rvU(e zc7*@a6zk|1To4x~q!wnOSDVg*4FIsc8-c+n-`~gb=7z-fWH9c_=zZ#b{NdaeP%=Kb zCx$GUH#v>G4jYPs&}~N-l*UpX*h61NqGxU4?4@h_xe4_f%7<{?S{$D()4?sH@bnZ7 zB@x+%$AjSAGF00^LWzoDRDe15>{Ko5xhblKz_M-<0bm^C^(J^@KaRcF5off*_Q}3d zrcdi{J6!-P??pKnq$82urkrpP{9rQlpjykw+4{8&8IXnjJId-6KnNgEfeJuG_zMyJ zU(YiGu3dps2#0SZ%;}qjsO_jqw_>bU-cA=(S!~zKM2`G`EX-J%8x;x4+2rvkab#nW zA#aRGVNKUI{r-&XYGRzKVk^ylIlmMR`x7lpuHEvjzu9*nf# zaET7g93Q0dOSY8>Y>RLj+xV_sb1N&Ok}R#1rHqBGJ$7y-*jUUsWWQ_8s#En%r_!{1 z$i^)uz?)z%mjM~)<;5Av8bM`L5>c?0KCY|eSoOA}C|V@6r3B#QpN|yi2Dd6mAu{Ke z$tAp=Qjrdeh_>8w1*XpblvBmj&FfcEWKk4B%PwsWlE-aM6NV*@6XVgdz0jgO`cf#1 za-H-*@u-N%XN53{8T%W2!@LQ8r9EF+hB#NMWb%|Xca=|p)IJQV4 zom^C-auYdf8rFo`FP=Q6@rD6I7@4F}`KB$XGeH9psO8nA)lE(HQh0UYBACLa z+%4^;KXt<#EFGI|g)Lesl)FZ;Mn6~M4<$Cc(#NG4lTUpKYl6=&YY`KY(=wt=CQtYh z9Ga^yl_l>}}r4K1{FY*GiSGSs4|4$S>R z7Mo&}FAFu3KrG;0d>SiaoH?@IY1uQH)H6hNRj0~X^E@Qhkhe8-zHm+bV-@fiG);*S z_J~TDo{~aetV7ZPr=~X8YZdpINGb7Vc3QaNNBsQbcPwVb>(G0PLAg2XViOamBEqyw z5Iu9BLYc64dJjVOKpra-{v!J~N80t1YNWcSG}-;Jf_zR)SL#OLpd^&nobT!{7Si~* zWpu#_8{Jv+Eql)H>;|aUQXicpAeP51l(73bUv6h{g=!CLjB*>KcDT#isq#Sciu z!c>ThFT$wR>S(lf)Q<~?*}|9$^a&-29NPLc6S4=E3C9W(%`RE`GG8Rc?C3vw z)x|P`H)D>8#J=0?x~v78^rD*YS>b>=zvMU3xivgs)E;`4~CWn?uKcPKsU z&Q19ywarqMVopD*#eTxZui~k;nM73)S3?acmn^vIDIm5L!lU4zXMM=1G*{QBdI%V{d+ zbCf#Sf7Q#x>kpaW=MCN-D(EymlBtW-gGdDOyaq!LY@@GA5M{>-!QUG{8G^yy)iv0g z!Sri!w1v;q0m)H{L?3nD_}W04Hj-63eM@kyL}k6CF%`%4?qq*+I2I5gA0!HFg}y@t z^HH(=$_-@MXt8R@VAmTHOvBKAL@aY!V?h3q4luySj)HvRmd!oF0>cZ+8MF)2u#PFj zvX*HX8XjTHLB_u~A}7OeS|LC!%$0Ke1KDPeLKeJvgR+Ki9D?w96O?L}K7Ln~o>k~h zKao!THk!I?+^5xgX2_~v*fFDtzPuC{iE)my{|iIzgz(ks75pI-4|#+wA& z^4*1Hc~L-n=Oo#;tScv=jQc#d^{dCdz&2-O$gE8^{2T9R$SZ{T z@Vau!#h)`A)#oYUE7HpHU3H%$`fjna?&!9 z67H_3f}(OK`>#GHrsM0TVeA}Q-~V3G#8dWyfl|t5b4Q@)^+s<&a=&g##m%Z(6d)S- z2s4m^wPl*d>Hf4!kRgWA+47I-LHOXRMGsMYpBZ|Jv67C8s{Z*Rl&CUHJE9XcNfCZZ zxmMVS-9%1~YhB&rEjPaGJwN>o+n|A&>zpFKk+Z!)s8)R67V>D#03vf&3V#|RQX&K; ziXP?WwCbk5)uPBYTXp>`u0KYHp3iWI+oyv4PQ>Q36cnadm$J z`x9jEPbH2H%5?Sbq75J#c}U7kO%F9if4~du1YVStcn4PtctmAZ1V8k!I$EUEwp)t9 z3@6ZI25GpoX>P``^_ayu&DM_JWP&Z_ddZ#hBP~htUUHr zr?gJB9g8bg8}tPTeBL`yLlqngLa&mdw_ts)4T&kgvb14z@6 zzV&wUpl_n{)>ZR#-xvNejsN(A|3NYS%WDL*1VaNe*CDr4P!Lh*cbY<#E=R{Um_}`0ft`#;T||b-5b@V1f0Y(E`kTYfSk;rL%Um zkF^3N+}JS$b{nu+GDsqFrX5R7b0l<61Qtq(u@7^;!rqL4@iQW=2;4Eb+;u3`ZGbW_ z*n(lPazNJKxcPsW`TreeW_;yXhAE3SX4qWrVkqtE*y5X z3zzV8Z;B^TWJCLEcPTW@({;27SGGl~tz5gA8y+V?Nzh1gB%aouDmhe3JkAi>%&im+ zN?M7O+@t2LuK7Hy(JUm9L$;mFNLiDs(%Hd7{D#dT#yVrbF=1v#CefnTepT`;J+5d2 z5tnOb*1w~Jzdk^*)zQ00D|m3BEFuU|ay?11*|BSk@(uQ<2vpID@$u-G7_vy(h=|^V z&+9^B%c00qs%3TRI` zg=K!snX?9U)9)n6e`Wo|k-Y9h;dn+19VbSa5a20MLm-;(MU!C>c%EKnb^c1f(~mwH znV>ZMi>LjzRI`X#vxoblpBmwYXn}LD0+b*h8L(d*@}Zed_9gD2*HQb}07A%&=v7a+ zf@jI_B^Gm=maArr^IFPGlG(@IQK0fVb*{1^uCLO6>|E1562VOz^UaNVd24+(%=2xy zOaRe{y^6Ps@fANp1Z0+NNKj#$wYA6D_?Q%G^+BtVR1}*6XbY z^6j6j4-p55I&ZLu>GPe9+bnNoOg2~bBkld_%`o$LFDk;0MRlLlY%1R zSQVaTY`d^W8IQ3?N6J;rq%>uQ?k#RrTA__wm*IaB#UQ_Z#HmU{UGCpk@BNhpo%m|r#taFTgF(gMlEG?(4vIPib1mFD;;!yf_Y#p#JeOZ}@c47* z-~l6@pG{TB+z-+yl?vq^usKpQYM(=yv9Z$@-Eq|`t2R6ty=ij?qpv>y%)(T>XL1w} zvIh$tc;AOGt9<<7r`A>I&jJ^xLJ?#ZlK&KUk2gFGerNM_W(yG!zsJELk&C++Gaez{ zZw)v8+ah69&pb>KaS`c&a6r&e|IOD~XGGE2&yzRA_gVxr&c`!mL+NnzV^;d>k+Jtv z!NGgUH!21FQd=cD5G5>b;>TIn0QGilb=0z2O+p?^M-tZQ*GTzy9WK_h;y-)g#yJc? zqxHeZ@@53Cw7F>!>0Xooc!a+PGopbjO!)FIs_}XQd<%(u(uMEzu3nuD!bHL>-?UbtW8#JysU*Fk4J94{0WltsIwZXmHn27gG=3a z0|yH*F2ZBidc=`nExh9+IE^<^)p5HNdTaC(0dP$fZ!~8$A9W2_tak!i$fpzkf68mFZ9x7E-^x zNlO?SRgyU?q4ccin`(H4aQ(}MIgmhoIBgzVWKvs7p<^VQB}Nu6c?_;KAwm9VGlpGC;P&AgpV8E9*4oy{#F7< za~{xJQs?0~w|A`7d+UliT7=*%Mx6nI8;7s!#Jq2uDDZ~ z&RWp?%QEj}Y4EihvcLgQ0i{`U;QzqCucY7rRfz`Jms(#kecus=_eK6mf*Ys%XR}~o z7XYySj{@ayq;^Jwac-qak5x>ja)tC(6}-P1-!gMZSowZPCxS_^%|}&K%E?V1Yp#vQ zG}bZBW@gsXMVCa3e#&CBom0(5J5{lU{3%rsgVz=E6sl7UO-67UH6R z-)&x0YbffPg}Nef(?0Z+JKMC@L=AQF8?@kr9A;v`ge&=QR_7TQnk5<*sdj$0=13pxh1ILEbOf&qhRtydn^;?t2}wfS#SC%8HjnC7TG(@#{Li3#)k6c{2a!RF@8+koSVv#;=pn~z|&%1L7MzA@3Gm(l-`6IRS znrg1@1#c#wU-hY#qEV8$gx~#ZDvAj80yRcQJf@aGHe<=6Rk+h6dqOlMg=ei$eXPp6 zn(l~atC=FFy@M|MWPz`O+5Gd;~HG>ex>G!S5=sb~! zEOM0=LX@bDE|x_-lt!0Wu$9$tv6zd42BOO=J)Ysl>3;R7U8M7$l zlP~Qldh?_^8^_kO;S@Au{JlKbK)IDl^esb|4+m@Yv3onk!dt2485dj63&q_bNLhAn zD&|Tlbq*R!%ei&8&ofv&{H2Rl7{skEumw~>Qkq_+yhlhdxJ86qgzcTR*Yfa(_|?mZ z6|0jd$*I#Dt*x!G3gM6_K@I7sN)de;@zqFYa!FQU(^&Df=*zY`Pwz%@nCYCX<@rwoX_Xs2gk_RB(bdQ=0IBQP@ zDs?>vg?fz&L-VYtzawyuQb>J89I%l&vRW=@)R3Kp=ArNogskHIZQffc*vmsHqqXv$ zBzsK+cn^;#hyV!qH$7W~fbLe^v2!yTP`lLpC!y_R`G|_|foeHx8lfm6nwycQT6oXbnL4^-#-Nn4LuYI3nL&(nXeAVpBp6x&dg_^P%RW*4+)OQ^W> zY{=$vG^yd?7|FO+gzR5fH16mdW^!h%SJEkLBK8grlpi`#nMpc-$qz(DiTnl8jebtu z*Pe6f;uB!Zh(~H?vZr~%>r#PnNBdP=Vg_AI2(@!a0uu@6By6Opf}I7F{IUKMZSSDTw;CDkPN%Ml5#Kcau#1bv#r_EJ$$qO5Y7m3v+}Tzh-_(GhqVVxYMI zPO^}iS8F_IN*;;iqzNOG$`je6LuTkz*>Z#gOcvBjda;VKN|y!Im{vfBwmj=u z+vhiyWjoPmt3z0%;oyM1iy5<8dUL2B|x^gWTE4+xq3)E2PDH9 zNlcz|9XTp&fs1$$qr~*!w+72c-R_S+hU>YeLO|DMp=SFPi2niHn?4l?9e=J$8+}}h z{NDD<;iq>_G-8b`!j~Ih-$E#oH$jhGp^Rb=ONGX)R74=drqZ%4?IbEg=#dEO%T^%v z1TCwRLo4`**-pHv>5nl%Ul?@BWJsO}V+FK=EUu-jsXhiq?y;K!(_^F#Pq4q)wB9UL z>n4^{QL8a3q*cbMdZ&D&QBtLigID6H67%3al5V%*{ds4MuqHzJ)Vw$ay4AQ7Gpi!x z0(2IgNkZYzGp6gc!+kfpeKCm(9DdRQs#?~X5psJ-;T*Ab~}x@GQ)A?wGWMf)wb z4GAlJ7*A(DdyM-1I_PlHLFSgc57k?qJazl+0tTK#gEN&~`>hQ+t#Tem`>a#17Pqex zDhv!14RoEB4uXWHk>^{!TPT9D*-&xhBf=w~omsC~^@3$erYQ+W29Y8|Gsj5WDkJQt z5sX%jAZ=>rFlhX2kirAIvng{(w^@R3^)SdqG)TGcI)o`W;s1h!fBuCG;96@fp7=8` zb`l~%w&+`4?AdjAio*7?6ZXP0)Rcb7dMS6Zso{zRi|fFMoL}ip4EdLEwVodnpcBn! zuMfe0ewBcBD(hZ_VOD%Y?Y5>Jo-UIS7BeLIBAZnoIS3=oW~oS1wormbvR`hfal>5a zK5`~E%1Bmcys4v7D|Fx~McPKez*QutC7XzLj6ctbDavXcx5|Ja-a-U2-t8)Q9fV%{ zc0bPP@k1Xb1F1(ttlt=s@yN4Hch|8VeZU*kd>g~gRuHlf*zh)>6=v0=;Q1wd?$jI8u}!TY?l&DT>(JXSV_p$}YHo2C`r1)B7d}DAP{aBuL&4%DRInr^{pp~i&EUuVNEp0)HU+5@|L7-7dZV% z^T_;lfTFu0qiE|R@GP-u^1DhcwzG!gJ9+OzP5-CKr(>zPY3X{wO%7GMO-27OZ=uJO z*=Q6Xt|zht*u0N5BZ}3}*_x1QFMB|4u8UbtZ<;IVBBjAC z+HbDx-S&0{gdLcXu<(T|cAPKD@uqBsa?V@^RgCoZTRGh|KX+*MlQ;}4;mjgYj`5Pa zKS0j&ydn0z+jJa_{Zk%2*^F1$%Dc&%CN(U30d^uLe#i=ijfbl*2&!mQGhuR3ok^Wx z-w;F8<|YoL$1k~cN6q+j89wr3i=Nhw76iCz<4d#LVAZ0VZ!P+OQ4;#Ic5QL(S@9jo z2eNC`J7(Dux7GC|fr?AG!?j9RXk&;9VntDweeE*Sz~<&Q#O!E^{k z_fxL;EeQ3YR(SKmfigJUlKBGQ+hyEv6okyE?y{-*17{;Mt*I6XB1t~YT^{1kDjM`Y z7PF?}q6{267@#4<8Ga!fN#t6=BDxBbAu$N1$gR1#I(z;BGwWnKRL=t35%(AHm}EIT zZcp=WZ^w}+!N_tPmz?BENz0V#jlv+5fE~{t?U0Ji$_CcWBRt?*;wSpUWfNFBax|i% z{hiRCuF5+$`=^oR5^L%%*nsw)v_jr98| zR7~iI5MAI-%lFxgiipY<-tm5QDOo zQ*Id$ST!ZzU|h5fb|%(;hZy?Av}_I2Aym)dr`Y>rnOzHMUilrPO8}q*08Fo zK$-zHfA2Y`9RPE1d+>uQ z@UZMm-PRE{)3>j=sgm{m=oKrw$$pXwM#rK0u~zx2{r&xY0F$}$v||Il*VJcJ zpgJi`0TH9qH&=43CKn=wSltjOnK*nNS0e&qp7}YDM;J&oH_FDX#t;}im{MUcMlXn* z-(yw;6rqI^DamfkZ3>w&MrNSl@U(O?H!=Byk3Z?D2}y7^RsA=MDi-YhCyV;7g=dj< zw10GjIs!T~WQdw?B311zF+l_Bo3?6d1wc?iK^A1lLtk3rY*V92a1nq zMSpF7?`gAzp3TyRSmj20-dD8SHD_#TdL_nCcRVmi02?31hr5^J5pE5usnqDM&opmG zh`|KNFGg*pzX+hZM>-OxOcHW>pW5HI;9jeNTQ)*Q9?7=I?b=768;SEdP{}qaPsuBD z2?qGg+HoGmw$?n2u`FvCasLBGZyi`0?b`w1jeRO=n>*Ba5e%OEVVpgH?4Q?vbNc`C zKmUJNRk9Yiujjc>RS&DmJQ{>4ubBV$Ygc{)>quWWSTE!#k)8K4`JP3++(yj=^(J*( zQY9eA3p`B;s20N?uCx;zzY72~*EX(rO4|hVM)^H%;_A7R4TF3Rv{#h~3g88AxV`8<UP&?47wRE{+Hm)mt(lOYzvCAKi&}mB`UIiNAAY-JH6U# zU47hfBf0BlI?lSdMVZi_e7&)&uRfKy+i^D|&b7I5i&=BOSdCm;`w9B6LBfANV@Iva zj<>#D`I3(CloaJXvv~;3`FAP(kz>C6_t%XicZ7GPyS}GKdrSIRNIk~-K4-n^ezJi+ z=zPydOl40a;l)mRalM$Eet1;JT!V;FrAxM{EgiQI5{~Ii!@tX|Ff3bG z6Z&;GAIZe;cD9TDBuT$)9V GetClients(Dictionary clientsU // JavaScript Client new Client { - ClientId = "spa", + ClientId = "js", ClientName = "eShop SPA OpenId Client", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, diff --git a/src/Web/WebMVC/Dockerfile b/src/Web/WebMVC/Dockerfile index a21c9d9a73..74d4b72a85 100644 --- a/src/Web/WebMVC/Dockerfile +++ b/src/Web/WebMVC/Dockerfile @@ -1,5 +1,7 @@ FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base -WORKDIR /app +WORKDIR /usr/local/share/ca-certificates +COPY "certificates/docker-self-signed.crt" . +RUN update-ca-certificates EXPOSE 80 FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build diff --git a/src/docker-compose.certificates.sample.yaml b/src/docker-compose.certificates.sample.yaml index b7d4af1120..b667b2184e 100644 --- a/src/docker-compose.certificates.sample.yaml +++ b/src/docker-compose.certificates.sample.yaml @@ -10,25 +10,25 @@ services: volumes: - ~/.aspnet/https:/https:ro - ordering-api: + webstatus: environment: - - ASPNETCORE_URLS=https://+:443;http://+:80 + - ASPNETCORE_URLS=https://+:443 - ASPNETCORE_Kestrel__Certificates__Default__Password= - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx volumes: - ~/.aspnet/https:/https:ro - webstatus: + webmvc: environment: - - ASPNETCORE_URLS=https://+:443 + - ASPNETCORE_URLS=https://+:443;http://+:80 - ASPNETCORE_Kestrel__Certificates__Default__Password= - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx volumes: - ~/.aspnet/https:/https:ro - webmvc: + webspa: environment: - - ASPNETCORE_URLS=https://+:443 + - ASPNETCORE_URLS=https://+:443;http://+:80 - ASPNETCORE_Kestrel__Certificates__Default__Password= - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx volumes: diff --git a/src/docker-compose.override.yml b/src/docker-compose.override.yml index f3475fc439..4ea8261154 100644 --- a/src/docker-compose.override.yml +++ b/src/docker-compose.override.yml @@ -46,10 +46,10 @@ services: - XamarinCallback=https://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word} - MvcClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 - - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109/locations-api - - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110/marketing-api - - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103/basket-api - - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102/ordering-api + - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/locations-api + - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/marketing-api + - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/basket-api + - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/ordering-api - MobileShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 - WebShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 - WebhooksApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113 From f6cfffb85ffea0e25d383ca4bbe14f66aae8006c Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Tue, 29 Sep 2020 19:20:59 +0100 Subject: [PATCH 5/7] Update certificates README --- deploy/certificates/README.md | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/deploy/certificates/README.md b/deploy/certificates/README.md index 44416bb0ce..1ad9111a62 100644 --- a/deploy/certificates/README.md +++ b/deploy/certificates/README.md @@ -1,4 +1,4 @@ -# Dev certificates for Docker +# Setup dev certificates deploying to Docker Desktop 1. Create a self-signed certificate 2. Install certificates @@ -32,3 +32,9 @@ The above script: 1. Copy the `src\docker-compose.certificates.sample.yaml` file as `src\docker-compose.certificates.yaml` 2. Configure the password you assigned to the certificates in the settings `ASPNETCORE_Kestrel__Certificates__Default__Password` + +> **IMPORTANT** +> +> The `src\docker-compose.certificates.yaml` file is .gitignore'd to avoid pushing it to the repo with the certificate password. +> +> To avoid security risks, **DON'T FORCE PUSH the file**. From a8ec36c648afb84303ed412aa4495d3231426893 Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Sun, 11 Oct 2020 18:39:36 +0100 Subject: [PATCH 6/7] Fix review issues --- deploy/certificates/install-docker-certificate.ps1 | 2 +- ...cates.sample.yaml => docker-compose.certificates.sample.yml} | 0 2 files changed, 1 insertion(+), 1 deletion(-) rename src/{docker-compose.certificates.sample.yaml => docker-compose.certificates.sample.yml} (100%) diff --git a/deploy/certificates/install-docker-certificate.ps1 b/deploy/certificates/install-docker-certificate.ps1 index 64960fff28..90cf77a9da 100644 --- a/deploy/certificates/install-docker-certificate.ps1 +++ b/deploy/certificates/install-docker-certificate.ps1 @@ -14,4 +14,4 @@ Copy-Item docker-self-signed.key $env:USERPROFILE\.aspnet\https -Force Copy-Item docker-self-signed.pfx $env:USERPROFILE\.aspnet\https -Force # Copy to src folder to register as a root CA in client containers -Copy-Item docker-self-signed.pem ..\..\src\certificates -Force +Copy-Item docker-self-signed.pem ..\..\src\certificates\docker-self-signed.crt -Force diff --git a/src/docker-compose.certificates.sample.yaml b/src/docker-compose.certificates.sample.yml similarity index 100% rename from src/docker-compose.certificates.sample.yaml rename to src/docker-compose.certificates.sample.yml From 96aee79cd874d66d6ec68b49fe4b6518f1c4e247 Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Sun, 11 Oct 2020 18:42:54 +0100 Subject: [PATCH 7/7] Update README.md --- deploy/certificates/README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/certificates/README.md b/deploy/certificates/README.md index 1ad9111a62..6e326db632 100644 --- a/deploy/certificates/README.md +++ b/deploy/certificates/README.md @@ -30,7 +30,7 @@ The above script: ### 3 - Configure some services to serve the certificates -1. Copy the `src\docker-compose.certificates.sample.yaml` file as `src\docker-compose.certificates.yaml` +1. Copy the `src\docker-compose.certificates.sample.yml` file as `src\docker-compose.certificates.yml` 2. Configure the password you assigned to the certificates in the settings `ASPNETCORE_Kestrel__Certificates__Default__Password` > **IMPORTANT**