webstatus, internal catalog, identity and webshoppingapigw working

2020-09-26 15:35:59 +01:00 · 2020-09-26 15:35:59 +01:00 · 263401128f
commit 263401128f
parent 0b4f44659d
8 changed files with 93 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,6 +1,13 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.

+# docker-compose secrets
+src/docker-compose.certificates.yml
+
+# local history
+.history
+.vshistory
+
 # User-specific files
 *.suo
 *.user
--- a/deploy/certificates/create-docker-certificate.sh
+++ b/deploy/certificates/create-docker-certificate.sh
@ -0,0 +1,22 @@
+echo "creating base certificate (.pem) and private key (.key) files..."
+openssl req \
+  -x509 \
+  -days 365 \
+  -out docker-self-signed.pem \
+  -keyout docker-self-signed.key \
+  -newkey rsa:2048 -nodes -sha256 \
+  -subj '/CN=localhost' \
+  -extensions EXT \
+  -config <( \
+    printf "[dn]\nCN=localhost\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName='DNS.1:localhost,DNS.2:host.docker.internal'\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth")
+
+echo "printing text version..."
+openssl x509 -in docker-self-signed.pem -text -noout > docker-self-signed.txt
+
+echo "generating certificate container file (.pfx)..."
+openssl pkcs12 -export \
+  -inkey docker-self-signed.key \
+  -in docker-self-signed.pem \
+  -out docker-self-signed.pfx \
+  -name "Docker development certificate" \
+  -password pass:$1
--- a/deploy/certificates/import-certificate.ps1
+++ b/deploy/certificates/import-certificate.ps1
@ -0,0 +1,8 @@
+param (
+    [Parameter(Mandatory = $true)]
+    [string]$Password
+)
+
+$CertPassword = ConvertTo-SecureString -String "$Password" -Force -AsPlainText
+
+Import-PfxCertificate -Exportable -FilePath .\docker-self-signed.pfx -CertStoreLocation Cert:\CurrentUser\Root\ -Password $CertPassword
--- a/deploy/certificates/media/root-ca-import-warning.png
+++ b/deploy/certificates/media/root-ca-import-warning.png
--- a/src/ApiGateways/Envoy/config/webshopping/envoy.yaml
+++ b/src/ApiGateways/Envoy/config/webshopping/envoy.yaml
@ -22,7 +22,13 @@ static_resources:
            - name: eshop_backend
              domains:
              - "*"
+              # - "host.docker.internal"
              routes:
+              # - match:
+              #     prefix: "/"
+              #   redirect:
+              #     path_redirect: "/"
+              #     https_redirect: true
              - name: "c-short"
                match:
                  prefix: "/c/"
@ -99,6 +105,13 @@ static_resources:
                upstream_cluster: "%UPSTREAM_CLUSTER%"
                upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%"
              path: "/tmp/access.log"
+      tls_context:
+        common_tls_context:
+          tls_certificates:
+            - certificate_chain:
+                filename: "/https/docker-self-signed.pem"
+              private_key:
+                filename: "/https/docker-self-signed.key"
  clusters:
  - name: shoppingagg
    connect_timeout: 0.25s
--- a/src/docker-compose.certificates.sample.yaml
+++ b/src/docker-compose.certificates.sample.yaml
@ -0,0 +1,31 @@
+version: '3.4'
+
+services:
+
+  identity-api:
+    environment:
+      - ASPNETCORE_URLS=https://+:443;http://+:80
+      - ASPNETCORE_Kestrel__Certificates__Default__Password=<secure-COMPLEX-and-SECRET-password>
+      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx
+    volumes:
+      - ~/.aspnet/https:/https:ro
+
+  webstatus:
+    environment:
+      - ASPNETCORE_URLS=https://+:443
+      - ASPNETCORE_Kestrel__Certificates__Default__Password=<secure-COMPLEX-and-SECRET-password>
+      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx
+    volumes:
+      - ~/.aspnet/https:/https:ro
+
+  webmvc:
+    environment:
+      - ASPNETCORE_URLS=https://+:443
+      - ASPNETCORE_Kestrel__Certificates__Default__Password=<secure-COMPLEX-and-SECRET-password>
+      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx
+    volumes:
+      - ~/.aspnet/https:/https:ro
+
+  webshoppingapigw:
+    volumes:
+      - ~/.aspnet/https:/https:ro
--- a/src/docker-compose.override.yml
+++ b/src/docker-compose.override.yml
@ -57,8 +57,10 @@ services:
      - UseCustomizationData=True
      - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
      - OrchestratorType=${ORCHESTRATOR_TYPE}
+      - Serilog__MinimumLevel__Override__Microsoft=Warning
    ports:
-      - "5105:80"
+      - "80" # We need HTTP access for inter-service communications
+      - "5105:443"

  basket-api:
    environment:
@ -336,7 +338,7 @@ services:
      - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
      - OrchestratorType=${ORCHESTRATOR_TYPE}
    ports:
-      - "5107:80"
+      - "5107:443"

  webspa:
    environment:
--- a/src/start.ps1
+++ b/src/start.ps1
@ -0,0 +1,8 @@
+
+if ($args.Count -eq 0) {
+    docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d
+} elseif ($args.Count -eq 1 -and $args[0] -eq "infra") {
+    docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d seq sqldata nosqldata basketdata rabbitmq
+} else {
+    docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d $args
+}