How to bind the domain to microservice-pro template? #5987 | Support Center | ABP Commercial

niall created 6 months ago

Check the docs before asking a question: https://docs.abp.io/en/commercial/latest/ Check the samples to see the basic tasks: https://docs.abp.io/en/commercial/latest/samples/index The exact solution to your question may have been answered before, and please first use the search on the homepage. Provide us with the following info:

ABP Framework version: v7.3.2 commercial
UI Type: MVC
Database System: EF Core (MySQL.)
Tiered (for MVC) or Auth Server Separated (for Angular): yes
Exception message and full stack trace:
Steps to reproduce the issue:

I use the microservice-pro template, now i need to deployment them in my cloud.

i want to use console.mydomain.com access the web, use www.mydomain.com access the publicweb, use auth.mydomain.com access the authserver.

I saw the appsettings.json of every service, but i dont sure which filed should bind the domain, i try modify some fields, but throw exceptions :(

AuthServer/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8000",
    "CorsOrigins": "*",
    "RedirectAllowedUrls": "http://10.1.100.11:8000",
    "DisablePII": "false"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
 }

IdentityService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8001",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
}

AdministrationService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8002",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  "RemoteServices": {
    "AbpIdentity": {
      "BaseUrl": "http://10.1.100.11:8001/",
      "UseCurrentAccessToken": "false"
    }
  },
  "IdentityClients": {
    "Default": {
      "GrantType": "client_credentials",
      "ClientId": "AdministrationService",
      "ClientSecret": "1q2w3e*",
      "Authority": "http://10.1.100.11:8000",
      "Scope": "IdentityService",
      "RequireHttps": "false",
      "ValidateIssuerName": "false",
      "ValidateEndpoints ": "false"
    }
  },
  ...
}

SaasService/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8003",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger"
  },
  ...
  }

WebGateway/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8080",
    "CorsOrigins": "*"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "SwaggerClientId": "WebGateway_Swagger",
    ...
    }
    ...
}

WebGateway/ocelot.json

{
  "GlobalConfiguration": {
    "BaseUrl": "http://10.1.100.11:8080"
  },
  "Routes": [
    {
      "ServiceKey": "Account Service",
      "ServiceDns": "http://10.1.100.11:8000",
      "DownstreamPathTemplate": "/api/account/{everything}",
      "DownstreamScheme": "http",
      "DownstreamHostAndPorts": [
        {
          "Host": "10.1.100.11",
          "Port": 8000
        }
      ],
      "UpstreamPathTemplate": "/api/account/{everything}",
      "UpstreamHttpMethod": [ "Put", "Delete", "Get", "Post" ]
    },
    ...
    ]
}

Web/appsettings.json

{
  "App": {
    "SelfUrl": "http://10.1.100.11:8081"
  },
  "AuthServer": {
    "Authority": "http://10.1.100.11:8000",
    "RequireHttpsMetadata": "false",
    "ClientId": "Web",
    "ClientSecret": "1q2w3e*",
    "IsOnK8s": "false",
    "MetaAddress": "http://10.1.100.11:8000",
  },
  "RemoteServices": {
    "Default": {
      "BaseUrl": "http://10.1.100.11:8080"
    }
  },
  ...
 }

14 Answer(s)

0
liangshiwei created 6 months ago
Support Team Fullstack Developer
Hi,

This has nothing to do with ABP.

You should use a DNS provider to resolve your domain name.

https://www.cloudflare.com/learning/dns/what-is-dns/
0

niall created 6 months ago

I add a route in gateway, redirect the console.mydomain.com to 10.1.100.11:8081, if i use browser to access console.mydomain.com, the microservice-pro/Web will open the auth page, but the uri is 10.1.100.11:8000, this url is in lan not wlan.

I need let the microservice-pro/Web open auth.mydomain.com when click login. and the auth page return to console.mydomain.com after auth success.
0

liangshiwei created 6 months ago
Support Team Fullstack Developer

You should use the internal URL in the gateway config.

They should be set as public URL when deployed to production.

For example:

https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml
0

niall created 6 months ago

Hi,

If every service need a public URL, I think it is a terrible design.

I need use reverse proxy access the auth, web, webgateway. and them need redirect to the correct public domainname. other times, each services use lan ip to communicate. like this:

I split my question, the first one:

If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?
0

liangshiwei created 6 months ago
Support Team Fullstack Developer

Hi,

If every service need a public URL, I think it is a terrible design

It's up to you. you can use the internal URL for the service.

If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?

I think it's clear, you can see everything you need here:

https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml
0

niall created 6 months ago

Hi,

If every service need a public URL, I think it is a terrible design

It's up to you. you can use the internal URL for the service.

If I need web can redirect to auth.mydomain.com, and authserver can redirect to console.mydomain.com, which fields need modify?

I think it's clear, you can see everything you need here:

https://github.com/abpframework/eShopOnAbp/blob/main/etc/k8s/azure/values-az-cr.yaml

Hi, thank you for reply.

Yes, it is clear for k8s, and I believe it works fine.

but i run all services at a single windows machine, so i can't use a public or internal URL for every services, just use ip:port to communicate in lan and use reverse proxy bind domainname to my auth,web and publicweb.

Is there somethings references about use reverse proxy, like as nginx?
0

niall created 6 months ago

Haa, I found it.

https://github.com/abpframework/eShopOnAbp/blob/main/etc/docker/docker-compose.yml

I try it now.
0
niall created 6 months ago
Hi,

My web will redirect to the login page if not authenticated.

Web/Pages/Index.html

public class IndexModel : AbpPageModel { public ActionResult OnGet() { if (Request.Query["ex"] == "yes") { throw new DivideByZeroException("This is a test exception!"); } if (!CurrentUser.IsAuthenticated) { return Redirect("~/Account/Login"); } else { return Page(); } } }

and it open this url

http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

Can I construct this url myself?

By the way, I use the microservice-pro template.
0
niall created 6 months ago
Hi,

My web will redirect to the login page if not authenticated.

Web/Pages/Index.html

public class IndexModel : AbpPageModel { public ActionResult OnGet() { if (Request.Query["ex"] == "yes") { throw new DivideByZeroException("This is a test exception!"); } if (!CurrentUser.IsAuthenticated) { return Redirect("~/Account/Login"); } else { return Page(); } } }

and it open this url

http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

Can I construct this url myself?

By the way, I use the microservice-pro template.
0
niall created 6 months ago
Hi,

My web will redirect to the login page if not authenticated.

Web/Pages/Index.html

public class IndexModel : AbpPageModel { public ActionResult OnGet() { if (Request.Query["ex"] == "yes") { throw new DivideByZeroException("This is a test exception!"); } if (!CurrentUser.IsAuthenticated) { return Redirect("~/Account/Login"); } else { return Page(); } } }

and it open this url

http://auth.mydomain.com/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Fconsole.mydomain.com%252Fsignin-oidc%26response_type%3Dcode%2520id_token%26scope%3Dopenid%2520profile%2520roles%2520email%2520phone%2520AccountService%2520IdentityService%2520AdministrationService%2520SaasService%2520CmsService%2520BusinessUnit%26response_mode%3Dform_post%26nonce%3D638332667736323954........mJlMThjN2EyYWE0%26state%3DCfDJ8Eld3tn4Rn1GjnZqhM-ZUBhwOYwgPtXiFM1D3kL1WtTfijdvGsvbYNVPJtv6A0gw4zpSJDK-IVFZgg6EzByFk_PNFmgyv3oJ.......P7AmgWMDl3GtjG_c1V_06gxU06E_%26x-client-SKU%3DID_NET6_0%26x-client-ver%3D6.15.1.0

Can I construct this url myself?

By the way, I use the microservice-pro template.
0

liangshiwei created 6 months ago
Support Team Fullstack Developer

Can I construct this url myself?

Sorry, I didn't get it. could you explain it in detail?
0
niall created 6 months ago
OK,

Run WebHost at http://localhost:8081

Run AuthServer at http://localhost:8000

Access WebHost(http://localhost:8081) from Browser.

Click login

the Browser auto redirect to http://localhost:8000/Account/Login?ReturnUrl=%2Fconnect%2Fauthorize%3Fclient_id%3DWeb%26redirect_uri%3Dhttp%253A%252F%252Flocalhost:8081%252Fsignin-oidc%26response_type....

I want to modify this url, replace some parameters and sign it.

liangshiwei created 6 months ago

Support Team Fullstack Developer

Hi,

These are the standard OIDC parameters, and I don't recommend you change them.

Anyway, You can change it in the following:

context.Services.Configure<OpenIdConnectOptions>("oidc", options =>
{

    var previousOnRedirectToIdentityProvider = options.Events.OnRedirectToIdentityProvider;
    options.Events.OnRedirectToIdentityProvider = async ctx =>
    {
        ctx.ProtocolMessage.IssuerAddress = "...../connect/authorize";
        //...

        if (previousOnRedirectToIdentityProvider != null)
        {
            await previousOnRedirectToIdentityProvider(ctx);
        }
    };
});

0

niall created 6 months ago

Yes, I need this, Thank you ~~

Have an answer to this question? Log in and write your answer.