From 83c1e7909f68e42568add77c80f9b52c1f050450 Mon Sep 17 00:00:00 2001 From: Miguel Veloso Date: Mon, 28 Sep 2020 17:58:39 +0100 Subject: [PATCH] Inital working version with HTTPS --- .../Envoy/config/webshopping/envoy.yaml | 105 ++++++++++++++++-- .../Web.Bff.Shopping/aggregator/Startup.cs | 2 +- .../Identity.API/Configuration/Config.cs | 2 +- .../Tasks/GracePeriodManagerTask.cs | 2 +- src/Web/WebMVC/Program.cs | 15 +-- src/docker-compose.override.yml | 72 ++++++------ src/docker-compose.yml | 4 +- 7 files changed, 150 insertions(+), 52 deletions(-) diff --git a/src/ApiGateways/Envoy/config/webshopping/envoy.yaml b/src/ApiGateways/Envoy/config/webshopping/envoy.yaml index e1780c47d..b3c608251 100644 --- a/src/ApiGateways/Envoy/config/webshopping/envoy.yaml +++ b/src/ApiGateways/Envoy/config/webshopping/envoy.yaml @@ -6,10 +6,11 @@ admin: port_value: 8001 static_resources: listeners: - - address: + - name: listener_https + address: socket_address: address: 0.0.0.0 - port_value: 80 + port_value: 443 filter_chains: - filters: - name: envoy.http_connection_manager @@ -22,13 +23,9 @@ static_resources: - name: eshop_backend domains: - "*" + # - "localhost" # - "host.docker.internal" routes: - # - match: - # prefix: "/" - # redirect: - # path_redirect: "/" - # https_redirect: true - name: "c-short" match: prefix: "/c/" @@ -112,6 +109,100 @@ static_resources: filename: "/https/docker-self-signed.pem" private_key: filename: "/https/docker-self-signed.key" + - name: listener_http + address: + socket_address: + address: 0.0.0.0 + port_value: 80 + filter_chains: + - filters: + - name: envoy.http_connection_manager + config: + codec_type: auto + stat_prefix: ingress_http + route_config: + name: eshop_backend_route + virtual_hosts: + - name: eshop_backend + domains: + - "webshoppingapigw" + routes: + - name: "c-short" + match: + prefix: "/c/" + route: + auto_host_rewrite: true + prefix_rewrite: "/catalog-api/" + cluster: catalog + - name: "c-long" + match: + prefix: "/catalog-api/" + route: + auto_host_rewrite: true + cluster: catalog + - name: "o-short" + match: + prefix: "/o/" + route: + auto_host_rewrite: true + prefix_rewrite: "/ordering-api/" + cluster: ordering + - name: "o-long" + match: + prefix: "/ordering-api/" + route: + auto_host_rewrite: true + cluster: ordering + - name: "h-long" + match: + prefix: "/hub/notificationhub" + route: + auto_host_rewrite: true + cluster: signalr-hub + timeout: 300s + upgrade_configs: + upgrade_type: "websocket" + enabled: true + - name: "b-short" + match: + prefix: "/b/" + route: + auto_host_rewrite: true + prefix_rewrite: "/basket-api/" + cluster: basket + - name: "b-long" + match: + prefix: "/basket-api/" + route: + auto_host_rewrite: true + cluster: basket + - name: "agg" + match: + prefix: "/" + route: + auto_host_rewrite: true + prefix_rewrite: "/" + cluster: shoppingagg + http_filters: + - name: envoy.router + access_log: + - name: envoy.file_access_log + filter: + not_health_check_filter: {} + config: + json_format: + time: "%START_TIME%" + protocol: "%PROTOCOL%" + duration: "%DURATION%" + request_method: "%REQ(:METHOD)%" + request_host: "%REQ(HOST)%" + path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" + response_flags: "%RESPONSE_FLAGS%" + route_name: "%ROUTE_NAME%" + upstream_host: "%UPSTREAM_HOST%" + upstream_cluster: "%UPSTREAM_CLUSTER%" + upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%" + path: "/tmp/access.log" clusters: - name: shoppingagg connect_timeout: 0.25s diff --git a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs index 1ea6c0f4f..143a20400 100644 --- a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs +++ b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs @@ -64,7 +64,7 @@ namespace Microsoft.eShopOnContainers.Web.Shopping.HttpAggregator app.UseDeveloperExceptionPage(); } - app.UseHttpsRedirection(); + // app.UseHttpsRedirection(); app.UseSwagger().UseSwaggerUI(c => { diff --git a/src/Services/Identity/Identity.API/Configuration/Config.cs b/src/Services/Identity/Identity.API/Configuration/Config.cs index 04a9aa043..72599c322 100644 --- a/src/Services/Identity/Identity.API/Configuration/Config.cs +++ b/src/Services/Identity/Identity.API/Configuration/Config.cs @@ -41,7 +41,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API.Configuration // JavaScript Client new Client { - ClientId = "js", + ClientId = "spa", ClientName = "eShop SPA OpenId Client", AllowedGrantTypes = GrantTypes.Implicit, AllowAccessTokensViaBrowser = true, diff --git a/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs b/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs index 247ed9d67..53753a6ff 100644 --- a/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs +++ b/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs @@ -72,7 +72,7 @@ namespace Ordering.BackgroundTasks.Tasks conn.Open(); orderIds = conn.Query( @"SELECT Id FROM [ordering].[orders] - WHERE DATEDIFF(minute, [OrderDate], GETDATE()) >= @GracePeriodTime + WHERE DATEDIFF(second, [OrderDate], GETDATE()) >= @GracePeriodTime AND [OrderStatusId] = 1", new { _settings.GracePeriodTime }); } diff --git a/src/Web/WebMVC/Program.cs b/src/Web/WebMVC/Program.cs index eb99cd42e..414fe81ed 100644 --- a/src/Web/WebMVC/Program.cs +++ b/src/Web/WebMVC/Program.cs @@ -52,18 +52,15 @@ namespace Microsoft.eShopOnContainers.WebMVC { var seqServerUrl = configuration["Serilog:SeqServerUrl"]; var logstashUrl = configuration["Serilog:LogstashgUrl"]; - var cfg = new LoggerConfiguration() + return new LoggerConfiguration() .ReadFrom.Configuration(configuration) .Enrich.WithProperty("ApplicationContext", AppName) .Enrich.FromLogContext() - .WriteTo.Console(); - if (!string.IsNullOrWhiteSpace(seqServerUrl)) { - cfg.WriteTo.Seq(seqServerUrl); - } - if (!string.IsNullOrWhiteSpace(logstashUrl)) { - cfg.WriteTo.Http(logstashUrl); - } - return cfg.CreateLogger(); + .WriteTo.Console() + .WriteTo.Seq(string.IsNullOrWhiteSpace(seqServerUrl) ? "http://seq" : seqServerUrl) + .WriteTo.Http(string.IsNullOrWhiteSpace(logstashUrl) ? "http://logstash:8080" : logstashUrl) + .ReadFrom.Configuration(configuration) + .CreateLogger(); } private static IConfiguration GetConfiguration() diff --git a/src/docker-compose.override.yml b/src/docker-compose.override.yml index 5619e1ebd..f3475fc43 100644 --- a/src/docker-compose.override.yml +++ b/src/docker-compose.override.yml @@ -46,10 +46,10 @@ services: - XamarinCallback=https://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word} - MvcClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 - - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109 - - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110 - - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103 - - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102 + - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109/locations-api + - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110/marketing-api + - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103/basket-api + - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102/ordering-api - MobileShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 - WebShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 - WebhooksApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113 @@ -57,6 +57,7 @@ services: - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} + - Serilog__MinimumLevel__Override__IdentityServer4=Verbose - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - "80" # We need internal HTTP access for inter-service communications @@ -65,10 +66,10 @@ services: basket-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_REDIS_BASKET_DB:-basketdata} - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -80,7 +81,8 @@ services: - GRPC_PORT=81 - PORT=80 ports: - - "5103:80" + - "80" # We need internal HTTP access for inter-service communications + - "5103:443" - "9103:81" catalog-api: @@ -98,17 +100,19 @@ services: - AzureStorageEnabled=False - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} + - Serilog__MinimumLevel__Override__Microsoft=Warning - GRPC_PORT=81 - PORT=80 - PATH_BASE=/catalog-api ports: - - "5101:80" + - "80" # We need internal HTTP access for inter-service communications + - "5101:443" - "9101:81" ordering-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - identityUrl=http://identity-api - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 @@ -134,7 +138,7 @@ services: ordering-backgroundtasks: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} @@ -142,7 +146,7 @@ services: - UseCustomizationData=True - AzureServiceBusEnabled=False - CheckUpdateTime=30000 - - GracePeriodTime=1 + - GracePeriodTime=15 - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - UseLoadTest=${USE_LOADTEST:-False} @@ -173,12 +177,13 @@ services: - UseLoadTest=${USE_LOADTEST:-False} - PATH_BASE=/marketing-api ports: - - "5110:80" + - "80" # We need internal HTTP access for inter-service communications + - "5110:443" payment-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -186,6 +191,7 @@ services: - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - Serilog__MinimumLevel__Override__payment-api.IntegrationEvents.EventHandling=Verbose + - Serilog__MinimumLevel__Override__Microsoft=Warning - Serilog__MinimumLevel__Override__Microsoft.eShopOnContainers.BuildingBlocks.EventBusRabbitMQ=Verbose ports: - "5108:80" @@ -193,11 +199,11 @@ services: locations-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_COSMOSDB:-mongodb://nosqldata} - Database=LocationsDb - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -240,7 +246,7 @@ services: volumes: - ./ApiGateways/Envoy/config/webshopping:/etc/envoy ports: - - "5202:80" + - "5202:443" - "15202:8001" webmarketingapigw: @@ -267,7 +273,7 @@ services: - MarketingUrlHC=http://marketing-api/hc - PaymentUrlHC=http://payment-api/hc - LocationUrlHC=http://locations-api/hc - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 ports: - "5120:80" @@ -288,14 +294,15 @@ services: - MarketingUrlHC=http://marketing-api/hc - PaymentUrlHC=http://payment-api/hc - LocationUrlHC=http://locations-api/hc - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 ports: - - "5121:80" + - "80" # We need internal HTTP access for inter-service communications + - "5121:443" ordering-signalrhub: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -344,37 +351,40 @@ services: webspa: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - - PurchaseUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - - MarketingUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 + - ASPNETCORE_URLS=http://+:80 + - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - PurchaseUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - MarketingUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 - IdentityUrlHC=http://identity-api/hc - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 ports: - - "5104:80" + - "80" # We need internal HTTP access for healthchecks + - "5104:443" webmvc: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - PurchaseUrl=http://webshoppingapigw - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - MarketingUrl=http://webmarketingapigw - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - IdentityUrlHC=http://identity-api/hc - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - UseLoadTest=${USE_LOADTEST:-False} + - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - - "5100:80" + - "80" # We need internal HTTP access for healthchecks + - "5100:443" webhooks-client: environment: - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - Token=6168DB8D-DC58-4094-AF24-483278923590 # Webhooks are registered with this token (any value is valid) but the client won't check it - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - CallBackUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114 diff --git a/src/docker-compose.yml b/src/docker-compose.yml index b51c65621..ebad59110 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -186,7 +186,7 @@ services: - webhooks-api webshoppingapigw: - image: envoyproxy/envoy:v1.11.1 + image: envoyproxy/envoy:v1.14.4 webmarketingapigw: - image: envoyproxy/envoy:v1.11.1 + image: envoyproxy/envoy:v1.14.4