From 8110a95111447413af0704e063f8dc8bd9bb1264 Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 15:01:40 +0600 Subject: [PATCH 01/26] 1. Added _CookieConseentPartial.cshtml Partial View 2. Used _CookieConseentPartial partial view in _Layout View 3. Added Privacy View Controller and View --- src/Web/WebMVC/Controllers/HomeController.cs | 16 + src/Web/WebMVC/Views/Home/Privacy.cshtml | 6 + .../Views/Shared/_CookieConsentPartial.cshtml | 41 +++ src/Web/WebMVC/Views/Shared/_Layout.cshtml | 274 +++++++++--------- 4 files changed, 201 insertions(+), 136 deletions(-) create mode 100644 src/Web/WebMVC/Controllers/HomeController.cs create mode 100644 src/Web/WebMVC/Views/Home/Privacy.cshtml create mode 100644 src/Web/WebMVC/Views/Shared/_CookieConsentPartial.cshtml diff --git a/src/Web/WebMVC/Controllers/HomeController.cs b/src/Web/WebMVC/Controllers/HomeController.cs new file mode 100644 index 000000000..24a6346ec --- /dev/null +++ b/src/Web/WebMVC/Controllers/HomeController.cs @@ -0,0 +1,16 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Threading.Tasks; +using Microsoft.AspNetCore.Mvc; + +namespace WebMVC.Controllers +{ + public class HomeController : Controller + { + public IActionResult Privacy() + { + return View(); + } + } +} \ No newline at end of file diff --git a/src/Web/WebMVC/Views/Home/Privacy.cshtml b/src/Web/WebMVC/Views/Home/Privacy.cshtml new file mode 100644 index 000000000..7bd38619c --- /dev/null +++ b/src/Web/WebMVC/Views/Home/Privacy.cshtml @@ -0,0 +1,6 @@ +@{ + ViewData["Title"] = "Privacy Policy"; +} +

@ViewData["Title"]

+ +

Use this page to detail your site's privacy policy.

diff --git a/src/Web/WebMVC/Views/Shared/_CookieConsentPartial.cshtml b/src/Web/WebMVC/Views/Shared/_CookieConsentPartial.cshtml new file mode 100644 index 000000000..bbfbb09ac --- /dev/null +++ b/src/Web/WebMVC/Views/Shared/_CookieConsentPartial.cshtml @@ -0,0 +1,41 @@ +@using Microsoft.AspNetCore.Http.Features + +@{ + var consentFeature = Context.Features.Get(); + var showBanner = !consentFeature?.CanTrack ?? false; + var cookieString = consentFeature?.CreateConsentCookie(); +} + +@if (showBanner) +{ + + +} \ No newline at end of file diff --git a/src/Web/WebMVC/Views/Shared/_Layout.cshtml b/src/Web/WebMVC/Views/Shared/_Layout.cshtml index 5d616afaf..2d14e0f83 100644 --- a/src/Web/WebMVC/Views/Shared/_Layout.cshtml +++ b/src/Web/WebMVC/Views/Shared/_Layout.cshtml @@ -1,139 +1,141 @@  - - - - @ViewData["Title"] - Microsoft.eShopOnContainers.WebMVC - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
- -
- - - - - -
- - @await Html.PartialAsync("_LoginPartial") -
-
-
- - @RenderBody() - - -
-
-
- -
- -
- -
- -
- -
-
-
- - - - - - - - - - - - - @RenderSection("scripts", required: false) - - - @using Microsoft.AspNetCore.Authentication; - @using Microsoft.Extensions.Options - @inject IOptions settings - - - + + + + @ViewData["Title"] - Microsoft.eShopOnContainers.WebMVC + + + + + + + + + + + + + + + + + + + + + + + + + + +
+
+
+ +
+ + + + + +
+ + @await Html.PartialAsync("_LoginPartial") +
+
+
+ + + + @RenderBody() + + +
+
+
+ +
+ +
+ +
+ +
+ +
+
+
+ + + + + + + + + + + + + @RenderSection("scripts", required: false) + + + @using Microsoft.AspNetCore.Authentication; + @using Microsoft.Extensions.Options + @inject IOptions settings + + + From 6b96741de67b987ed5fbf8b615721ddfd291a058 Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 15:02:50 +0600 Subject: [PATCH 02/26] 1. Configured CookiePolicyOptions in the DI container 2. Used CookiePolicy MiddlwWare --- src/Web/WebMVC/Startup.cs | 507 +++++++++++++++++++------------------- 1 file changed, 257 insertions(+), 250 deletions(-) diff --git a/src/Web/WebMVC/Startup.cs b/src/Web/WebMVC/Startup.cs index 9c1c0a3b8..3b1f87cb2 100644 --- a/src/Web/WebMVC/Startup.cs +++ b/src/Web/WebMVC/Startup.cs @@ -24,258 +24,265 @@ using WebMVC.Services; namespace Microsoft.eShopOnContainers.WebMVC { - public class Startup - { - public Startup(IConfiguration configuration) - { - Configuration = configuration; - } - - public IConfiguration Configuration { get; } - - // This method gets called by the runtime. Use this method to add services to the IoC container. - public void ConfigureServices(IServiceCollection services) - { - services.AddAppInsight(Configuration) - .AddHealthChecks(Configuration) - .AddCustomMvc(Configuration) - .AddHttpClientServices(Configuration) - //.AddHttpClientLogging(Configuration) //Opt-in HttpClientLogging config - .AddCustomAuthentication(Configuration); - } - - // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. - public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) - { - JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); - - loggerFactory.AddAzureWebAppDiagnostics(); - loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); - - if (env.IsDevelopment()) - { - app.UseDeveloperExceptionPage(); - } - else - { - app.UseExceptionHandler("/Error"); - } - - var pathBase = Configuration["PATH_BASE"]; - if (!string.IsNullOrEmpty(pathBase)) - { - loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); - app.UsePathBase(pathBase); - } - + public class Startup + { + public Startup(IConfiguration configuration) + { + Configuration = configuration; + } + + public IConfiguration Configuration { get; } + + // This method gets called by the runtime. Use this method to add services to the IoC container. + public void ConfigureServices(IServiceCollection services) + { + services.Configure(opts => + { + opts.CheckConsentNeeded = context => true; + opts.MinimumSameSitePolicy = SameSiteMode.None; + }); + services.AddAppInsight(Configuration) + .AddHealthChecks(Configuration) + .AddCustomMvc(Configuration) + .AddHttpClientServices(Configuration) + //.AddHttpClientLogging(Configuration) //Opt-in HttpClientLogging config + .AddCustomAuthentication(Configuration); + } + + // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. + public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) + { + JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear(); + + loggerFactory.AddAzureWebAppDiagnostics(); + loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); + + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + } + else + { + app.UseExceptionHandler("/Error"); + } + + var pathBase = Configuration["PATH_BASE"]; + if (!string.IsNullOrEmpty(pathBase)) + { + loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); + app.UsePathBase(pathBase); + } + + + app.UseCookiePolicy(); #pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously - app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); + app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); #pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously - app.UseSession(); - app.UseStaticFiles(); - - if (Configuration.GetValue("UseLoadTest")) - { - app.UseMiddleware(); - } - - app.UseAuthentication(); - - var log = loggerFactory.CreateLogger("identity"); - - WebContextSeed.Seed(app, env, loggerFactory); - - app.UseMvc(routes => - { - routes.MapRoute( - name: "default", - template: "{controller=Catalog}/{action=Index}/{id?}"); - - routes.MapRoute( - name: "defaultError", - template: "{controller=Error}/{action=Error}"); - }); - } - } - - static class ServiceCollectionExtensions - { - - public static IServiceCollection AddAppInsight(this IServiceCollection services, IConfiguration configuration) - { - services.AddApplicationInsightsTelemetry(configuration); - var orchestratorType = configuration.GetValue("OrchestratorType"); - - if (orchestratorType?.ToUpper() == "K8S") - { - // Enable K8s telemetry initializer - services.EnableKubernetes(); - } - - if (orchestratorType?.ToUpper() == "SF") - { - // Enable SF telemetry initializer - services.AddSingleton((serviceProvider) => - new FabricTelemetryInitializer()); - } - - return services; - } - - public static IServiceCollection AddHealthChecks(this IServiceCollection services, IConfiguration configuration) - { - services.AddHealthChecks(checks => - { - var minutes = 1; - if (int.TryParse(configuration["HealthCheck:Timeout"], out var minutesParsed)) - { - minutes = minutesParsed; - } - - checks.AddUrlCheck(configuration["CatalogUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(configuration["OrderingUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(configuration["BasketUrlHC"], TimeSpan.Zero); //No cache for this HealthCheck, better just for demos - checks.AddUrlCheck(configuration["IdentityUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(configuration["MarketingUrlHC"], TimeSpan.FromMinutes(minutes)); - }); - - return services; - } - - public static IServiceCollection AddCustomMvc(this IServiceCollection services, IConfiguration configuration) - { - services.AddOptions(); - services.Configure(configuration); - - services.AddMvc(); - - services.AddSession(); - - if (configuration.GetValue("IsClusterEnv") == bool.TrueString) - { - services.AddDataProtection(opts => - { - opts.ApplicationDiscriminator = "eshop.webmvc"; - }) - .PersistKeysToRedis(ConnectionMultiplexer.Connect(configuration["DPConnectionString"]), "DataProtection-Keys"); - } - return services; - } - - // Adds all Http client services (like Service-Agents) using resilient Http requests based on HttpClient factory and Polly's policies - public static IServiceCollection AddHttpClientServices(this IServiceCollection services, IConfiguration configuration) - { - services.AddSingleton(); - - //register delegating handlers - services.AddTransient(); - services.AddTransient(); - - //set 5 min as the lifetime for each HttpMessageHandler int the pool - services.AddHttpClient("extendedhandlerlifetime").SetHandlerLifetime(TimeSpan.FromMinutes(5)); - - //add http client services - services.AddHttpClient() - .SetHandlerLifetime(TimeSpan.FromMinutes(5)) //Sample. Default lifetime is 2 minutes - .AddHttpMessageHandler() - .AddPolicyHandler(GetRetryPolicy()) - .AddPolicyHandler(GetCircuitBreakerPolicy()); - - services.AddHttpClient() - .AddPolicyHandler(GetRetryPolicy()) - .AddPolicyHandler(GetCircuitBreakerPolicy()); - - services.AddHttpClient() - .AddHttpMessageHandler() - .AddHttpMessageHandler() - .AddPolicyHandler(GetRetryPolicy()) - .AddPolicyHandler(GetCircuitBreakerPolicy()); - - services.AddHttpClient() - .AddHttpMessageHandler() - .AddPolicyHandler(GetRetryPolicy()) - .AddPolicyHandler(GetCircuitBreakerPolicy()); - - services.AddHttpClient() - .AddHttpMessageHandler() - .AddPolicyHandler(GetRetryPolicy()) - .AddPolicyHandler(GetCircuitBreakerPolicy()); - - //add custom application services - services.AddTransient, IdentityParser>(); - - return services; - } - - public static IServiceCollection AddHttpClientLogging(this IServiceCollection services, IConfiguration configuration) - { - services.AddLogging(b => - { - b.AddFilter((category, level) => true); // Spam the world with logs. - - // Add console logger so we can see all the logging produced by the client by default. - b.AddConsole(c => c.IncludeScopes = true); - - // Add console logger - b.AddDebug(); - }); - - return services; - } - - public static IServiceCollection AddCustomAuthentication(this IServiceCollection services, IConfiguration configuration) - { - var useLoadTest = configuration.GetValue("UseLoadTest"); - var identityUrl = configuration.GetValue("IdentityUrl"); - var callBackUrl = configuration.GetValue("CallBackUrl"); - - // Add Authentication services - - services.AddAuthentication(options => - { - options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; - options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; - }) - .AddCookie() - .AddOpenIdConnect(options => - { - options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; - options.Authority = identityUrl.ToString(); - options.SignedOutRedirectUri = callBackUrl.ToString(); - options.ClientId = useLoadTest ? "mvctest" : "mvc"; - options.ClientSecret = "secret"; - options.ResponseType = useLoadTest ? "code id_token token" : "code id_token"; - options.SaveTokens = true; - options.GetClaimsFromUserInfoEndpoint = true; - options.RequireHttpsMetadata = false; - options.Scope.Add("openid"); - options.Scope.Add("profile"); - options.Scope.Add("orders"); - options.Scope.Add("basket"); - options.Scope.Add("marketing"); - options.Scope.Add("locations"); - options.Scope.Add("webshoppingagg"); - options.Scope.Add("orders.signalrhub"); - }); - - return services; - } - - static IAsyncPolicy GetRetryPolicy() - { - return HttpPolicyExtensions - .HandleTransientHttpError() - .OrResult(msg => msg.StatusCode == System.Net.HttpStatusCode.NotFound) - .WaitAndRetryAsync(6, retryAttempt => TimeSpan.FromSeconds(Math.Pow(2, retryAttempt))); - - } - static IAsyncPolicy GetCircuitBreakerPolicy() - { - return HttpPolicyExtensions - .HandleTransientHttpError() - .CircuitBreakerAsync(5, TimeSpan.FromSeconds(30)); - } - } + app.UseSession(); + app.UseStaticFiles(); + + if (Configuration.GetValue("UseLoadTest")) + { + app.UseMiddleware(); + } + + app.UseAuthentication(); + + ILogger log = loggerFactory.CreateLogger("identity"); + + WebContextSeed.Seed(app, env, loggerFactory); + + app.UseMvc(routes => + { + routes.MapRoute( + name: "default", + template: "{controller=Catalog}/{action=Index}/{id?}"); + + routes.MapRoute( + name: "defaultError", + template: "{controller=Error}/{action=Error}"); + }); + } + } + + static class ServiceCollectionExtensions + { + + public static IServiceCollection AddAppInsight(this IServiceCollection services, IConfiguration configuration) + { + services.AddApplicationInsightsTelemetry(configuration); + string orchestratorType = configuration.GetValue("OrchestratorType"); + + if (orchestratorType?.ToUpper() == "K8S") + { + // Enable K8s telemetry initializer + services.EnableKubernetes(); + } + + if (orchestratorType?.ToUpper() == "SF") + { + // Enable SF telemetry initializer + services.AddSingleton((serviceProvider) => + new FabricTelemetryInitializer()); + } + + return services; + } + + public static IServiceCollection AddHealthChecks(this IServiceCollection services, IConfiguration configuration) + { + services.AddHealthChecks(checks => + { + int minutes = 1; + if (int.TryParse(configuration["HealthCheck:Timeout"], out int minutesParsed)) + { + minutes = minutesParsed; + } + + checks.AddUrlCheck(configuration["CatalogUrlHC"], TimeSpan.FromMinutes(minutes)); + checks.AddUrlCheck(configuration["OrderingUrlHC"], TimeSpan.FromMinutes(minutes)); + checks.AddUrlCheck(configuration["BasketUrlHC"], TimeSpan.Zero); //No cache for this HealthCheck, better just for demos + checks.AddUrlCheck(configuration["IdentityUrlHC"], TimeSpan.FromMinutes(minutes)); + checks.AddUrlCheck(configuration["MarketingUrlHC"], TimeSpan.FromMinutes(minutes)); + }); + + return services; + } + + public static IServiceCollection AddCustomMvc(this IServiceCollection services, IConfiguration configuration) + { + services.AddOptions(); + services.Configure(configuration); + + services.AddMvc(); + + services.AddSession(); + + if (configuration.GetValue("IsClusterEnv") == bool.TrueString) + { + services.AddDataProtection(opts => + { + opts.ApplicationDiscriminator = "eshop.webmvc"; + }) + .PersistKeysToRedis(ConnectionMultiplexer.Connect(configuration["DPConnectionString"]), "DataProtection-Keys"); + } + return services; + } + + // Adds all Http client services (like Service-Agents) using resilient Http requests based on HttpClient factory and Polly's policies + public static IServiceCollection AddHttpClientServices(this IServiceCollection services, IConfiguration configuration) + { + services.AddSingleton(); + + //register delegating handlers + services.AddTransient(); + services.AddTransient(); + + //set 5 min as the lifetime for each HttpMessageHandler int the pool + services.AddHttpClient("extendedhandlerlifetime").SetHandlerLifetime(TimeSpan.FromMinutes(5)); + + //add http client services + services.AddHttpClient() + .SetHandlerLifetime(TimeSpan.FromMinutes(5)) //Sample. Default lifetime is 2 minutes + .AddHttpMessageHandler() + .AddPolicyHandler(GetRetryPolicy()) + .AddPolicyHandler(GetCircuitBreakerPolicy()); + + services.AddHttpClient() + .AddPolicyHandler(GetRetryPolicy()) + .AddPolicyHandler(GetCircuitBreakerPolicy()); + + services.AddHttpClient() + .AddHttpMessageHandler() + .AddHttpMessageHandler() + .AddPolicyHandler(GetRetryPolicy()) + .AddPolicyHandler(GetCircuitBreakerPolicy()); + + services.AddHttpClient() + .AddHttpMessageHandler() + .AddPolicyHandler(GetRetryPolicy()) + .AddPolicyHandler(GetCircuitBreakerPolicy()); + + services.AddHttpClient() + .AddHttpMessageHandler() + .AddPolicyHandler(GetRetryPolicy()) + .AddPolicyHandler(GetCircuitBreakerPolicy()); + + //add custom application services + services.AddTransient, IdentityParser>(); + + return services; + } + + public static IServiceCollection AddHttpClientLogging(this IServiceCollection services, IConfiguration configuration) + { + services.AddLogging(b => + { + b.AddFilter((category, level) => true); // Spam the world with logs. + + // Add console logger so we can see all the logging produced by the client by default. + b.AddConsole(c => c.IncludeScopes = true); + + // Add console logger + b.AddDebug(); + }); + + return services; + } + + public static IServiceCollection AddCustomAuthentication(this IServiceCollection services, IConfiguration configuration) + { + bool useLoadTest = configuration.GetValue("UseLoadTest"); + string identityUrl = configuration.GetValue("IdentityUrl"); + string callBackUrl = configuration.GetValue("CallBackUrl"); + + // Add Authentication services + + services.AddAuthentication(options => + { + options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme; + options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme; + }) + .AddCookie() + .AddOpenIdConnect(options => + { + options.SignInScheme = CookieAuthenticationDefaults.AuthenticationScheme; + options.Authority = identityUrl.ToString(); + options.SignedOutRedirectUri = callBackUrl.ToString(); + options.ClientId = useLoadTest ? "mvctest" : "mvc"; + options.ClientSecret = "secret"; + options.ResponseType = useLoadTest ? "code id_token token" : "code id_token"; + options.SaveTokens = true; + options.GetClaimsFromUserInfoEndpoint = true; + options.RequireHttpsMetadata = false; + options.Scope.Add("openid"); + options.Scope.Add("profile"); + options.Scope.Add("orders"); + options.Scope.Add("basket"); + options.Scope.Add("marketing"); + options.Scope.Add("locations"); + options.Scope.Add("webshoppingagg"); + options.Scope.Add("orders.signalrhub"); + }); + + return services; + } + + static IAsyncPolicy GetRetryPolicy() + { + return HttpPolicyExtensions + .HandleTransientHttpError() + .OrResult(msg => msg.StatusCode == System.Net.HttpStatusCode.NotFound) + .WaitAndRetryAsync(6, retryAttempt => TimeSpan.FromSeconds(Math.Pow(2, retryAttempt))); + + } + static IAsyncPolicy GetCircuitBreakerPolicy() + { + return HttpPolicyExtensions + .HandleTransientHttpError() + .CircuitBreakerAsync(5, TimeSpan.FromSeconds(30)); + } + } } From f5c12d6018e0745734f295c01919e27b3e4f546e Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 16:29:09 +0600 Subject: [PATCH 03/26] 1. Edited docker project a. Added HTTPS endpoints b. Added port forwarding rules b. Use shared volumes for https certificates and user secrets 2. Docker Files a. Exposed 443 port for SSL --- docker-compose.override.yml | 26 ++++++++++++++----- src/Services/Identity/Identity.API/Dockerfile | 1 + src/Web/WebMVC/Dockerfile | 1 + src/Web/WebSPA/Dockerfile | 1 + 4 files changed, 22 insertions(+), 7 deletions(-) diff --git a/docker-compose.override.yml b/docker-compose.override.yml index 969cfb922..284b518ab 100644 --- a/docker-compose.override.yml +++ b/docker-compose.override.yml @@ -30,9 +30,9 @@ services: identity.api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - SpaClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104 - - XamarinCallback=http://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback #localhost do not work for UWP login, so we have to use "external" IP always + - ASPNETCORE_URLS=http://+:80;https://+:443 + - SpaClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104;http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:4104 + - XamarinCallback=http://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:4105/xamarincallback #localhost do not work for UWP login, so we have to use "external" IP always - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sql.data;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word} - MvcClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 #Local: You need to open your local dev-machine firewall at range 5100-5110. - LocationApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109 @@ -46,6 +46,10 @@ services: - OrchestratorType=${ORCHESTRATOR_TYPE} ports: - "5105:80" + - "4105:443" + volumes: + - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:rw + - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:rw basket.api: environment: @@ -277,8 +281,8 @@ services: webspa: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 #Local: You need to open your local dev-machine firewall at range 5100-5105. at range 5100-5105. + - ASPNETCORE_URLS=http://+:80;https://+:443 + - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:4105 #Local: You need to open your local dev-machine firewall at range 5100-5105. at range 5100-5105. - PurchaseUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - MarketingUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 - CatalogUrlHC=http://catalog.api/hc @@ -293,13 +297,17 @@ services: - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 ports: - "5104:80" + - "4104:443" + volumes: + - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:rw + - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:rw webmvc: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80;https://+:443 - PurchaseUrl=http://webshoppingapigw - - IdentityUrl=http://10.0.75.1:5105 # Local Mac: Use http://docker.for.mac.localhost:5105 || Local Windows: Use 10.0.75.1 in a "Docker for Windows" environment, if using "localhost" from browser. || #Remote access: Use ${ESHOP_EXTERNAL_DNS_NAME_OR_IP} if using external IP or DNS name from browser. + - IdentityUrl=http://10.0.75.1:4105 # Local Mac: Use http://docker.for.mac.localhost:5105 || Local Windows: Use 10.0.75.1 in a "Docker for Windows" environment, if using "localhost" from browser. || #Remote access: Use ${ESHOP_EXTERNAL_DNS_NAME_OR_IP} if using external IP or DNS name from browser. - MarketingUrl=http://webmarketingapigw - CatalogUrlHC=http://catalog.api/hc - OrderingUrlHC=http://ordering.api/hc @@ -314,4 +322,8 @@ services: - UseLoadTest=${USE_LOADTEST:-False} ports: - "5100:80" + - "4100:443" + volumes: + - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:rw + - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:rw diff --git a/src/Services/Identity/Identity.API/Dockerfile b/src/Services/Identity/Identity.API/Dockerfile index 3931a135b..817de19c9 100644 --- a/src/Services/Identity/Identity.API/Dockerfile +++ b/src/Services/Identity/Identity.API/Dockerfile @@ -2,6 +2,7 @@ ARG NODE_IMAGE=node:8.11 FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base WORKDIR /app EXPOSE 80 +EXPOSE 443 FROM microsoft/dotnet:2.1-sdk as dotnet-build WORKDIR /src diff --git a/src/Web/WebMVC/Dockerfile b/src/Web/WebMVC/Dockerfile index 9847ad772..758d6cec9 100644 --- a/src/Web/WebMVC/Dockerfile +++ b/src/Web/WebMVC/Dockerfile @@ -2,6 +2,7 @@ ARG NODE_IMAGE=node:8.11 FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base WORKDIR /app EXPOSE 80 +EXPOSE 443 FROM microsoft/dotnet:2.1-sdk as dotnet-build WORKDIR /src diff --git a/src/Web/WebSPA/Dockerfile b/src/Web/WebSPA/Dockerfile index 4e806786c..73788bd8c 100644 --- a/src/Web/WebSPA/Dockerfile +++ b/src/Web/WebSPA/Dockerfile @@ -2,6 +2,7 @@ ARG NODE_IMAGE=node:8.11 FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base WORKDIR /app EXPOSE 80 +EXPOSE 443 FROM microsoft/dotnet:2.1-sdk as dotnet-build WORKDIR /src From a62648bac917a94e3ee808d29cfdfab9fcc0b06f Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 16:30:22 +0600 Subject: [PATCH 04/26] Update insecure endpoints to SSL/TLS encrypted HTTPS endpoints --- .../aggregator/appsettings.localhost.json | 2 +- .../Web.Bff.Shopping/aggregator/appsettings.localhost.json | 2 +- src/Services/Basket/Basket.API/appsettings.json | 2 +- src/Services/Identity/Identity.API/appsettings.json | 6 +++--- src/Services/Location/Locations.API/appsettings.json | 2 +- src/Services/Marketing/Marketing.API/appsettings.json | 2 +- src/Services/Ordering/Ordering.API/appsettings.json | 2 +- src/Services/Ordering/Ordering.SignalrHub/appsettings.json | 2 +- src/Web/WebMVC/appsettings.json | 4 ++-- src/Web/WebSPA/appsettings.json | 4 ++-- src/Web/WebStatus/appsettings.json | 2 +- 11 files changed, 15 insertions(+), 15 deletions(-) diff --git a/src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json b/src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json index 57b5e894d..08539a485 100644 --- a/src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json +++ b/src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json @@ -3,6 +3,6 @@ "basket": "http://localhost:55105", "catalog": "http://localhost:55101", "orders": "http://localhost:55102", - "identity": "http://localhost:55105" + "identity": "https://localhost:54105" } } diff --git a/src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json b/src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json index 57b5e894d..08539a485 100644 --- a/src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json +++ b/src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json @@ -3,6 +3,6 @@ "basket": "http://localhost:55105", "catalog": "http://localhost:55101", "orders": "http://localhost:55102", - "identity": "http://localhost:55105" + "identity": "https://localhost:54105" } } diff --git a/src/Services/Basket/Basket.API/appsettings.json b/src/Services/Basket/Basket.API/appsettings.json index 4bff4d70d..70970cabd 100644 --- a/src/Services/Basket/Basket.API/appsettings.json +++ b/src/Services/Basket/Basket.API/appsettings.json @@ -7,7 +7,7 @@ "Microsoft": "Information" } }, - "IdentityUrl": "http://localhost:5105", + "IdentityUrl": "https://localhost:4105", "ConnectionString": "127.0.0.1", "AzureServiceBusEnabled": false, "SubscriptionClientName": "Basket", diff --git a/src/Services/Identity/Identity.API/appsettings.json b/src/Services/Identity/Identity.API/appsettings.json index c5a109218..0c8284ea3 100644 --- a/src/Services/Identity/Identity.API/appsettings.json +++ b/src/Services/Identity/Identity.API/appsettings.json @@ -1,9 +1,9 @@ { "ConnectionString": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.IdentityDb;User Id=sa;Password=Pass@word;", "IsClusterEnv": "False", - "MvcClient": "http://localhost:5100", - "SpaClient": "http://localhost:5104", - "XamarinCallback": "http://localhost:5105/xamarincallback", + "MvcClient": "https://localhost:4100", + "SpaClient": "https://localhost:4104", + "XamarinCallback": "https://localhost:4105/xamarincallback", "UseCustomizationData": false, "Logging": { "IncludeScopes": false, diff --git a/src/Services/Location/Locations.API/appsettings.json b/src/Services/Location/Locations.API/appsettings.json index cd4166bb0..603322578 100644 --- a/src/Services/Location/Locations.API/appsettings.json +++ b/src/Services/Location/Locations.API/appsettings.json @@ -1,7 +1,7 @@ { "ConnectionString": "mongodb://nosql.data", "Database": "LocationsDb", - "IdentityUrl": "http://localhost:5105", + "IdentityUrl": "https://localhost:4105", "Logging": { "IncludeScopes": false, "LogLevel": { diff --git a/src/Services/Marketing/Marketing.API/appsettings.json b/src/Services/Marketing/Marketing.API/appsettings.json index 2af660446..ece52a754 100644 --- a/src/Services/Marketing/Marketing.API/appsettings.json +++ b/src/Services/Marketing/Marketing.API/appsettings.json @@ -8,7 +8,7 @@ "ConnectionString": "Server=tcp:127.0.0.1,5433;Initial Catalog=Microsoft.eShopOnContainers.Services.MarketingDb;User Id=sa;Password=Pass@word", "MongoConnectionString": "mongodb://nosql.data", "MongoDatabase": "MarketingDb", - "IdentityUrl": "http://localhost:5105", + "IdentityUrl": "https://localhost:4105", "PicBaseUrl": "http://localhost:5110/api/v1/campaigns/[0]/pic/", "AzureServiceBusEnabled": false, "SubscriptionClientName": "Marketing", diff --git a/src/Services/Ordering/Ordering.API/appsettings.json b/src/Services/Ordering/Ordering.API/appsettings.json index 96dd74630..bd80e47cc 100644 --- a/src/Services/Ordering/Ordering.API/appsettings.json +++ b/src/Services/Ordering/Ordering.API/appsettings.json @@ -1,6 +1,6 @@ { "ConnectionString": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word;", - "IdentityUrl": "http://localhost:5105", + "IdentityUrl": "https://localhost:4105", "UseCustomizationData": false, "Logging": { "IncludeScopes": false, diff --git a/src/Services/Ordering/Ordering.SignalrHub/appsettings.json b/src/Services/Ordering/Ordering.SignalrHub/appsettings.json index ab02fda0f..8bf78a9d0 100644 --- a/src/Services/Ordering/Ordering.SignalrHub/appsettings.json +++ b/src/Services/Ordering/Ordering.SignalrHub/appsettings.json @@ -1,5 +1,5 @@ { - "IdentityUrl": "http://localhost:5105", + "IdentityUrl": "https://localhost:4105", "Logging": { "IncludeScopes": false, "LogLevel": { diff --git a/src/Web/WebMVC/appsettings.json b/src/Web/WebMVC/appsettings.json index 161e247a6..922e65ff3 100644 --- a/src/Web/WebMVC/appsettings.json +++ b/src/Web/WebMVC/appsettings.json @@ -3,8 +3,8 @@ "OrderingUrl": "http://localhost:5102", "BasketUrl": "http://localhost:5103", "MarketingUrl": "http://localhost:5110", - "IdentityUrl": "http://localhost:5105", - "CallBackUrl": "http://localhost:5100/", + "IdentityUrl": "https://localhost:4105", + "CallBackUrl": "https://localhost:4100/", "LocationsUrl": "http://localhost:5109/", "IsClusterEnv": "False", "UseResilientHttp": "True", diff --git a/src/Web/WebSPA/appsettings.json b/src/Web/WebSPA/appsettings.json index 75f17ac35..c75b8b280 100644 --- a/src/Web/WebSPA/appsettings.json +++ b/src/Web/WebSPA/appsettings.json @@ -1,7 +1,7 @@ { - "IdentityUrl": "http://localhost:5105", + "IdentityUrl": "https://localhost:4105", "MarketingUrl": "http://localhost:5110", - "CallBackUrl": "http://localhost:5104/", + "CallBackUrl": "https://localhost:4104/", "PurchaseUrl": "http://localhost:5200", "UseCustomizationData": true, "IsClusterEnv": "False", diff --git a/src/Web/WebStatus/appsettings.json b/src/Web/WebStatus/appsettings.json index 2ab5ad818..1e04ced4e 100644 --- a/src/Web/WebStatus/appsettings.json +++ b/src/Web/WebStatus/appsettings.json @@ -11,7 +11,7 @@ "OrderingBackgroundTasksUrl": "http://localhost:5111/hc", "BasketUrl": "http://localhost:5103/hc", "CatalogUrl": "http://localhost:5101/hc", - "IdentityUrl": "http://localhost:5105/hc", + "IdentityUrl": "https://localhost:4105/hc", "MarketingUrl": "http://localhost:5110/hc", "LocationsUrl": "http://localhost:5109/hc", "PaymentUrl": "http://localhost:5108/hc", From 0d63172dc8d8740c8765ff46936045adf2f00545 Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 16:49:39 +0600 Subject: [PATCH 05/26] 1. Changes in DI container a. Specified RequireHttpsPermanent and SSL port MVC pipeline options b. Configured HttpsRedirection 2. Used HttpsRedirection MiddleWare --- src/Services/Identity/Identity.API/Startup.cs | 338 +++++++++--------- src/Web/WebMVC/Startup.cs | 12 +- src/Web/WebSPA/Startup.cs | 292 ++++++++------- 3 files changed, 321 insertions(+), 321 deletions(-) diff --git a/src/Services/Identity/Identity.API/Startup.cs b/src/Services/Identity/Identity.API/Startup.cs index 255bb82b5..3bd0bbedc 100644 --- a/src/Services/Identity/Identity.API/Startup.cs +++ b/src/Services/Identity/Identity.API/Startup.cs @@ -1,184 +1,178 @@ -using Autofac; -using Autofac.Extensions.DependencyInjection; -using IdentityServer4.Services; -using Microsoft.ApplicationInsights.Extensibility; -using Microsoft.ApplicationInsights.ServiceFabric; -using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.DataProtection; -using Microsoft.AspNetCore.Hosting; -using Microsoft.AspNetCore.Identity; -using Microsoft.EntityFrameworkCore; -using Microsoft.eShopOnContainers.Services.Identity.API.Certificates; +using Microsoft.eShopOnContainers.Services.Identity.API.Certificates; using Microsoft.eShopOnContainers.Services.Identity.API.Data; using Microsoft.eShopOnContainers.Services.Identity.API.Models; using Microsoft.eShopOnContainers.Services.Identity.API.Services; -using Microsoft.Extensions.Configuration; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.HealthChecks; -using Microsoft.Extensions.Logging; -using StackExchange.Redis; -using System; -using System.Reflection; namespace Microsoft.eShopOnContainers.Services.Identity.API { - public class Startup - { - public Startup(IConfiguration configuration) - { - Configuration = configuration; - } - - public IConfiguration Configuration { get; } - - // This method gets called by the runtime. Use this method to add services to the container. - public IServiceProvider ConfigureServices(IServiceCollection services) - { - RegisterAppInsights(services); - - // Add framework services. - services.AddDbContext(options => - options.UseSqlServer(Configuration["ConnectionString"], - sqlServerOptionsAction: sqlOptions => - { - sqlOptions.MigrationsAssembly(typeof(Startup).GetTypeInfo().Assembly.GetName().Name); - //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency - sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); - })); - - services.AddIdentity() - .AddEntityFrameworkStores() - .AddDefaultTokenProviders(); - - services.Configure(Configuration); - - services.AddMvc(); - - if (Configuration.GetValue("IsClusterEnv") == bool.TrueString) - { - services.AddDataProtection(opts => - { - opts.ApplicationDiscriminator = "eshop.identity"; - }) - .PersistKeysToRedis(ConnectionMultiplexer.Connect(Configuration["DPConnectionString"]), "DataProtection-Keys"); - } - - services.AddHealthChecks(checks => - { - var minutes = 1; - if (int.TryParse(Configuration["HealthCheck:Timeout"], out var minutesParsed)) - { - minutes = minutesParsed; - } - checks.AddSqlCheck("Identity_Db", Configuration["ConnectionString"], TimeSpan.FromMinutes(minutes)); - }); - - services.AddTransient, EFLoginService>(); - services.AddTransient(); - - var connectionString = Configuration["ConnectionString"]; - var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; - - // Adds IdentityServer - services.AddIdentityServer(x => x.IssuerUri = "null") - .AddSigningCredential(Certificate.Get()) - .AddAspNetIdentity() - .AddConfigurationStore(options => - { - options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, - sqlServerOptionsAction: sqlOptions => - { - sqlOptions.MigrationsAssembly(migrationsAssembly); - //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency - sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); - }); - }) - .AddOperationalStore(options => - { - options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, - sqlServerOptionsAction: sqlOptions => - { - sqlOptions.MigrationsAssembly(migrationsAssembly); - //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency - sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); - }); - }) - .Services.AddTransient(); - - var container = new ContainerBuilder(); - container.Populate(services); - - return new AutofacServiceProvider(container.Build()); - } - - // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. - public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) - { - loggerFactory.AddConsole(Configuration.GetSection("Logging")); - loggerFactory.AddDebug(); - loggerFactory.AddAzureWebAppDiagnostics(); - loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); - - if (env.IsDevelopment()) - { - app.UseDeveloperExceptionPage(); - app.UseDatabaseErrorPage(); - } - else - { - app.UseExceptionHandler("/Home/Error"); - } - - var pathBase = Configuration["PATH_BASE"]; - if (!string.IsNullOrEmpty(pathBase)) - { - loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); - app.UsePathBase(pathBase); - } + public class Startup + { + public Startup(IConfiguration configuration) + { + Configuration = configuration; + } + + public IConfiguration Configuration { get; } + + // This method gets called by the runtime. Use this method to add services to the container. + public IServiceProvider ConfigureServices(IServiceCollection services) + { + RegisterAppInsights(services); + + // Add framework services. + services.AddDbContext(options => + options.UseSqlServer(Configuration["ConnectionString"], + sqlServerOptionsAction: sqlOptions => + { + sqlOptions.MigrationsAssembly(typeof(Startup).GetTypeInfo().Assembly.GetName().Name); + //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency + sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); + })); + + services.AddIdentity() + .AddEntityFrameworkStores() + .AddDefaultTokenProviders(); + + services.Configure(Configuration); + + services.AddMvc(opts => + { + opts.SslPort = 4105; + opts.RequireHttpsPermanent = true; + }); + + services.AddHttpsRedirection(opts => + { + opts.HttpsPort = 4105; + }); + + if (Configuration.GetValue("IsClusterEnv") == bool.TrueString) + { + services.AddDataProtection(opts => + { + opts.ApplicationDiscriminator = "eshop.identity"; + }) + .PersistKeysToRedis(ConnectionMultiplexer.Connect(Configuration["DPConnectionString"]), "DataProtection-Keys"); + } + + services.AddHealthChecks(checks => + { + var minutes = 1; + if (int.TryParse(Configuration["HealthCheck:Timeout"], out var minutesParsed)) + { + minutes = minutesParsed; + } + checks.AddSqlCheck("Identity_Db", Configuration["ConnectionString"], TimeSpan.FromMinutes(minutes)); + }); + + services.AddTransient, EFLoginService>(); + services.AddTransient(); + + var connectionString = Configuration["ConnectionString"]; + var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; + + // Adds IdentityServer + services.AddIdentityServer(x => x.IssuerUri = "null") + .AddSigningCredential(Certificate.Get()) + .AddAspNetIdentity() + .AddConfigurationStore(options => + { + options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, + sqlServerOptionsAction: sqlOptions => + { + sqlOptions.MigrationsAssembly(migrationsAssembly); + //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency + sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); + }); + }) + .AddOperationalStore(options => + { + options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, + sqlServerOptionsAction: sqlOptions => + { + sqlOptions.MigrationsAssembly(migrationsAssembly); + //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency + sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); + }); + }) + .Services.AddTransient(); + + var container = new ContainerBuilder(); + container.Populate(services); + + return new AutofacServiceProvider(container.Build()); + } + + // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. + public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) + { + loggerFactory.AddConsole(Configuration.GetSection("Logging")); + loggerFactory.AddDebug(); + loggerFactory.AddAzureWebAppDiagnostics(); + loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); + + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + app.UseDatabaseErrorPage(); + } + else + { + app.UseExceptionHandler("/Home/Error"); + } + + app.UseHttpsRedirection(); + + var pathBase = Configuration["PATH_BASE"]; + if (!string.IsNullOrEmpty(pathBase)) + { + loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); + app.UsePathBase(pathBase); + } #pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously - app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); + app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); #pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously - app.UseStaticFiles(); - - - // Make work identity server redirections in Edge and lastest versions of browers. WARN: Not valid in a production environment. - app.Use(async (context, next) => - { - context.Response.Headers.Add("Content-Security-Policy", "script-src 'unsafe-inline'"); - await next(); - }); - - app.UseForwardedHeaders(); - // Adds IdentityServer - app.UseIdentityServer(); - - app.UseMvc(routes => - { - routes.MapRoute( - name: "default", - template: "{controller=Home}/{action=Index}/{id?}"); - }); - } - - private void RegisterAppInsights(IServiceCollection services) - { - services.AddApplicationInsightsTelemetry(Configuration); - var orchestratorType = Configuration.GetValue("OrchestratorType"); - - if (orchestratorType?.ToUpper() == "K8S") - { - // Enable K8s telemetry initializer - services.EnableKubernetes(); - } - if (orchestratorType?.ToUpper() == "SF") - { - // Enable SF telemetry initializer - services.AddSingleton((serviceProvider) => - new FabricTelemetryInitializer()); - } - } - } + app.UseStaticFiles(); + + + // Make work identity server redirections in Edge and lastest versions of browers. WARN: Not valid in a production environment. + app.Use(async (context, next) => + { + context.Response.Headers.Add("Content-Security-Policy", "script-src 'unsafe-inline'"); + await next(); + }); + + app.UseForwardedHeaders(); + // Adds IdentityServer + app.UseIdentityServer(); + + app.UseMvc(routes => + { + routes.MapRoute( + name: "default", + template: "{controller=Home}/{action=Index}/{id?}"); + }); + } + + private void RegisterAppInsights(IServiceCollection services) + { + services.AddApplicationInsightsTelemetry(Configuration); + var orchestratorType = Configuration.GetValue("OrchestratorType"); + + if (orchestratorType?.ToUpper() == "K8S") + { + // Enable K8s telemetry initializer + services.EnableKubernetes(); + } + if (orchestratorType?.ToUpper() == "SF") + { + // Enable SF telemetry initializer + services.AddSingleton((serviceProvider) => + new FabricTelemetryInitializer()); + } + } + } } diff --git a/src/Web/WebMVC/Startup.cs b/src/Web/WebMVC/Startup.cs index 3b1f87cb2..d6b044ce7 100644 --- a/src/Web/WebMVC/Startup.cs +++ b/src/Web/WebMVC/Startup.cs @@ -41,6 +41,10 @@ namespace Microsoft.eShopOnContainers.WebMVC opts.CheckConsentNeeded = context => true; opts.MinimumSameSitePolicy = SameSiteMode.None; }); + services.AddHttpsRedirection(opts=> + { + opts.HttpsPort = 4100; + }); services.AddAppInsight(Configuration) .AddHealthChecks(Configuration) .AddCustomMvc(Configuration) @@ -73,7 +77,7 @@ namespace Microsoft.eShopOnContainers.WebMVC app.UsePathBase(pathBase); } - + app.UseHttpsRedirection(); app.UseCookiePolicy(); #pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously @@ -156,7 +160,11 @@ namespace Microsoft.eShopOnContainers.WebMVC services.AddOptions(); services.Configure(configuration); - services.AddMvc(); + services.AddMvc(opts=> + { + opts.SslPort = 4100; + opts.RequireHttpsPermanent = true; + }); services.AddSession(); diff --git a/src/Web/WebSPA/Startup.cs b/src/Web/WebSPA/Startup.cs index f49eba772..434ea3a97 100644 --- a/src/Web/WebSPA/Startup.cs +++ b/src/Web/WebSPA/Startup.cs @@ -1,158 +1,156 @@ using eShopOnContainers.WebSPA; -using Microsoft.ApplicationInsights.Extensibility; -using Microsoft.ApplicationInsights.ServiceFabric; -using Microsoft.AspNetCore.Antiforgery; -using Microsoft.AspNetCore.Builder; -using Microsoft.AspNetCore.DataProtection; -using Microsoft.AspNetCore.Hosting; -using Microsoft.Extensions.Configuration; -using Microsoft.Extensions.DependencyInjection; -using Microsoft.Extensions.HealthChecks; -using Microsoft.Extensions.Logging; -using Newtonsoft.Json.Serialization; -using StackExchange.Redis; -using System; -using System.IO; using WebSPA.Infrastructure; namespace eShopConContainers.WebSPA { - public class Startup - { - public Startup(IConfiguration configuration) - { - Configuration = configuration; - } - - public IConfiguration Configuration { get; } - - private IHostingEnvironment _hostingEnv; - public Startup(IHostingEnvironment env) - { - _hostingEnv = env; - - var localPath = new Uri(Configuration["ASPNETCORE_URLS"])?.LocalPath ?? "/"; - Configuration["BaseUrl"] = localPath; - } - - // This method gets called by the runtime. Use this method to add services to the container. - // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940 - public void ConfigureServices(IServiceCollection services) - { - RegisterAppInsights(services); - - services.AddHealthChecks(checks => - { - var minutes = 1; - if (int.TryParse(Configuration["HealthCheck:Timeout"], out var minutesParsed)) - { - minutes = minutesParsed; - } - - checks.AddUrlCheck(Configuration["CatalogUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(Configuration["OrderingUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(Configuration["BasketUrlHC"], TimeSpan.Zero); //No cache for this HealthCheck, better just for demos - checks.AddUrlCheck(Configuration["IdentityUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(Configuration["MarketingUrlHC"], TimeSpan.FromMinutes(minutes)); - - }); - - services.Configure(Configuration); - - if (Configuration.GetValue("IsClusterEnv") == bool.TrueString) - { - services.AddDataProtection(opts => - { - opts.ApplicationDiscriminator = "eshop.webspa"; - }) - .PersistKeysToRedis(ConnectionMultiplexer.Connect(Configuration["DPConnectionString"]), "DataProtection-Keys"); - } - - services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN"); - - services.AddMvc() - .AddJsonOptions(options => - { - options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); - }); - } - - - // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. - public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IAntiforgery antiforgery) - { - - loggerFactory.AddAzureWebAppDiagnostics(); - loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); - - if (env.IsDevelopment()) - { - app.UseDeveloperExceptionPage(); - } - - // Configure XSRF middleware, This pattern is for SPA style applications where XSRF token is added on Index page - // load and passed back token on every subsequent async request - // app.Use(async (context, next) => - // { - // if (string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase)) - // { - // var tokens = antiforgery.GetAndStoreTokens(context); - // context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); - // } - // await next.Invoke(); - // }); - - //Seed Data - WebContextSeed.Seed(app, env, loggerFactory); - - var pathBase = Configuration["PATH_BASE"]; - if (!string.IsNullOrEmpty(pathBase)) - { - loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); - app.UsePathBase(pathBase); - } + public class Startup + { + public Startup(IConfiguration configuration) + { + Configuration = configuration; + } + + public IConfiguration Configuration { get; } + + private readonly IHostingEnvironment _hostingEnv; + public Startup(IHostingEnvironment env) + { + _hostingEnv = env; + + var localPath = new Uri(Configuration["ASPNETCORE_URLS"])?.LocalPath ?? "/"; + Configuration["BaseUrl"] = localPath; + } + + // This method gets called by the runtime. Use this method to add services to the container. + // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940 + public void ConfigureServices(IServiceCollection services) + { + RegisterAppInsights(services); + + services.AddHealthChecks(checks => + { + var minutes = 1; + if (int.TryParse(Configuration["HealthCheck:Timeout"], out var minutesParsed)) + { + minutes = minutesParsed; + } + + checks.AddUrlCheck(Configuration["CatalogUrlHC"], TimeSpan.FromMinutes(minutes)); + checks.AddUrlCheck(Configuration["OrderingUrlHC"], TimeSpan.FromMinutes(minutes)); + checks.AddUrlCheck(Configuration["BasketUrlHC"], TimeSpan.Zero); //No cache for this HealthCheck, better just for demos + checks.AddUrlCheck(Configuration["IdentityUrlHC"], TimeSpan.FromMinutes(minutes)); + checks.AddUrlCheck(Configuration["MarketingUrlHC"], TimeSpan.FromMinutes(minutes)); + + }); + + services.Configure(Configuration); + + if (Configuration.GetValue("IsClusterEnv") == bool.TrueString) + { + services.AddDataProtection(opts => + { + opts.ApplicationDiscriminator = "eshop.webspa"; + }) + .PersistKeysToRedis(ConnectionMultiplexer.Connect(Configuration["DPConnectionString"]), "DataProtection-Keys"); + } + + services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN"); + + services + .AddMvc(opts => + { + opts.SslPort = 4104; + opts.RequireHttpsPermanent = true; + }) + .AddJsonOptions(options => + { + options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); + }); + + services.AddHttpsRedirection(opts => + { + opts.HttpsPort = 4104; + }); + } + + + // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. + public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IAntiforgery antiforgery) + { + + loggerFactory.AddAzureWebAppDiagnostics(); + loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); + + if (env.IsDevelopment()) + { + app.UseDeveloperExceptionPage(); + } + + app.UseHttpsRedirection(); + + // Configure XSRF middleware, This pattern is for SPA style applications where XSRF token is added on Index page + // load and passed back token on every subsequent async request + // app.Use(async (context, next) => + // { + // if (string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase)) + // { + // var tokens = antiforgery.GetAndStoreTokens(context); + // context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); + // } + // await next.Invoke(); + // }); + + //Seed Data + WebContextSeed.Seed(app, env, loggerFactory); + + var pathBase = Configuration["PATH_BASE"]; + if (!string.IsNullOrEmpty(pathBase)) + { + loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); + app.UsePathBase(pathBase); + } #pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously - app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); + app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); #pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously - app.Use(async (context, next) => - { - await next(); - - // If there's no available file and the request doesn't contain an extension, we're probably trying to access a page. - // Rewrite request to use app root - if (context.Response.StatusCode == 404 && !Path.HasExtension(context.Request.Path.Value) && !context.Request.Path.Value.StartsWith("/api")) - { - context.Request.Path = "/index.html"; - context.Response.StatusCode = 200; // Make sure we update the status code, otherwise it returns 404 - await next(); - } - }); - - app.UseDefaultFiles(); - app.UseStaticFiles(); - - app.UseMvcWithDefaultRoute(); - } - - private void RegisterAppInsights(IServiceCollection services) - { - services.AddApplicationInsightsTelemetry(Configuration); - var orchestratorType = Configuration.GetValue("OrchestratorType"); - - if (orchestratorType?.ToUpper() == "K8S") - { - // Enable K8s telemetry initializer - services.EnableKubernetes(); - } - if (orchestratorType?.ToUpper() == "SF") - { - // Enable SF telemetry initializer - services.AddSingleton((serviceProvider) => - new FabricTelemetryInitializer()); - } - } - } + app.Use(async (context, next) => + { + await next(); + + // If there's no available file and the request doesn't contain an extension, we're probably trying to access a page. + // Rewrite request to use app root + if (context.Response.StatusCode == 404 && !Path.HasExtension(context.Request.Path.Value) && !context.Request.Path.Value.StartsWith("/api")) + { + context.Request.Path = "/index.html"; + context.Response.StatusCode = 200; // Make sure we update the status code, otherwise it returns 404 + await next(); + } + }); + + app.UseDefaultFiles(); + app.UseStaticFiles(); + + app.UseMvcWithDefaultRoute(); + } + + private void RegisterAppInsights(IServiceCollection services) + { + services.AddApplicationInsightsTelemetry(Configuration); + var orchestratorType = Configuration.GetValue("OrchestratorType"); + + if (orchestratorType?.ToUpper() == "K8S") + { + // Enable K8s telemetry initializer + services.EnableKubernetes(); + } + if (orchestratorType?.ToUpper() == "SF") + { + // Enable SF telemetry initializer + services.AddSingleton((serviceProvider) => + new FabricTelemetryInitializer()); + } + } + } } From fb8abbf3e01b132e0063986556da8c76300df711 Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 16:51:41 +0600 Subject: [PATCH 06/26] Used HSTS MiddleWare for Http Strict Transport Security --- src/Services/Identity/Identity.API/Startup.cs | 1 + src/Web/WebMVC/Startup.cs | 1 + src/Web/WebSPA/Startup.cs | 4 ++++ 3 files changed, 6 insertions(+) diff --git a/src/Services/Identity/Identity.API/Startup.cs b/src/Services/Identity/Identity.API/Startup.cs index 3bd0bbedc..22dd039a0 100644 --- a/src/Services/Identity/Identity.API/Startup.cs +++ b/src/Services/Identity/Identity.API/Startup.cs @@ -119,6 +119,7 @@ namespace Microsoft.eShopOnContainers.Services.Identity.API else { app.UseExceptionHandler("/Home/Error"); + app.UseHsts(); } app.UseHttpsRedirection(); diff --git a/src/Web/WebMVC/Startup.cs b/src/Web/WebMVC/Startup.cs index d6b044ce7..791ff0336 100644 --- a/src/Web/WebMVC/Startup.cs +++ b/src/Web/WebMVC/Startup.cs @@ -68,6 +68,7 @@ namespace Microsoft.eShopOnContainers.WebMVC else { app.UseExceptionHandler("/Error"); + app.UseHsts(); } var pathBase = Configuration["PATH_BASE"]; diff --git a/src/Web/WebSPA/Startup.cs b/src/Web/WebSPA/Startup.cs index 434ea3a97..c0c89f663 100644 --- a/src/Web/WebSPA/Startup.cs +++ b/src/Web/WebSPA/Startup.cs @@ -85,6 +85,10 @@ namespace eShopConContainers.WebSPA { app.UseDeveloperExceptionPage(); } + else + { + app.UseHsts(); + } app.UseHttpsRedirection(); From d85a076e9ff65fe89d1437f3b64aa4c0b713dc49 Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 16:54:01 +0600 Subject: [PATCH 07/26] Added self-signed SSL certificates --- Certificates/DotNet Foundation CA.pfx | Bin 0 -> 2970 bytes Certificates/eShopOnContainers.pfx | Bin 0 -> 3354 bytes .../Certificates/DotNet Foundation CA.pfx | Bin 0 -> 2970 bytes .../Certificates/eShopOnContainers.pfx | Bin 0 -> 3354 bytes .../WebMVC/Certificates/DotNet Foundation CA.pfx | Bin 0 -> 2970 bytes .../WebMVC/Certificates/eShopOnContainers.pfx | Bin 0 -> 3354 bytes 6 files changed, 0 insertions(+), 0 deletions(-) create mode 100644 Certificates/DotNet Foundation CA.pfx create mode 100644 Certificates/eShopOnContainers.pfx create mode 100644 src/Services/Identity/Identity.API/Certificates/DotNet Foundation CA.pfx create mode 100644 src/Services/Identity/Identity.API/Certificates/eShopOnContainers.pfx create mode 100644 src/Web/WebMVC/Certificates/DotNet Foundation CA.pfx create mode 100644 src/Web/WebMVC/Certificates/eShopOnContainers.pfx diff --git a/Certificates/DotNet Foundation CA.pfx b/Certificates/DotNet Foundation CA.pfx new file mode 100644 index 0000000000000000000000000000000000000000..67ce2e415e0ec2386c4f9d8311cc040adbc1794f GIT binary patch literal 2970 zcmZXVc{J327stQD7&}8KQI;vDgc*!1l`NAzA;l;n`<`70V<*el844l9ko2>KNXbvh zPL{Exm}$lmMi@Nv`<>_cJ?A;kx#xa9_rBiue$M&)b1wqRnZpEPMqoM3AnfPk^x}57 zL9C!+ET=XY%c;S@>If`^>whGc12C3l7lCEjX7~n#^WR-u93ZA*Ecg(C1@9q5Asqj~ zjK_JvY{(K~qTj*GTqY*gK`<6Pi7zpk$vF3c&at9n{M-KAVcA!Ut_BrYVII3jd2FCf z8T)Ef9?r`rGKi=Z5H~#tcJK&5Ns4k-_=I?Oh@H$1~ z_lL%UEGYipPs&NIUYL8d6Ek8pHSq2_VmYKfWsb(g%aRlUoi$Tr>)~ginV2V(W3{L2;Xi-_+}OxGSTgc|NkCig#g(*ywH8kj2RI zC_?4B9}fVmLNR%{YxhETlcAmg-tx+&{68LYIYXzOZVc$ANK6pj!wgDZYRO#t=IS}+ zlyerk7q{7uT-xoN?bYU(GnsZ9BXc7uG!|V8U!&s4SVb=$a#3=t6Dgq)}Uw@xN;hK1xjgNJqU2b z$&CnE3kxW}O-l6p8hyR5OoaN@?ob@ao(#636h4@J7qTBx<(wJw?Cdr-&erHNckNQ2 z6+Y^W63FAhKa zHsM;+F#EOA!$!n^qrgay_|ys+97tj-qSVT21zr7BQGWFO#MB1-srBW|>H0x4ewNfO zHyXNK<2eC&^=Yu3l>KO!CMwi9-uAb$-PbcOS5~0wSwHmm$GQ!_jK&I^flgVsx*6KS zdM1sU_Ohqx-jN51_TJf)ab-4Y?6yagCY0D3N$v@}$1-f?`@Z|g3kgo@A{V?CmeH+TXnU<*x8oz|x3Z&0fa7rdRS&FJ zP8uc%WJ@n_?={#!N~4p8rNWyuV_FP4)FxIJQMUXSC)F+c%NCSJ>r>!!vU8J}lA=pp z){6ya&zNGe$P)sGX+Mo!&YFVY!T17{dD*LBcGDtAr0Js*y-;}f8|ISut@ zzn?8dsov0aJr`IH_mnr@l1Mz-KfkQ?zF1-FlK=0{PZB3EU#xa>97@keb7SX0GH`HGUg{Gh>yaEcX+LnNA3*O-d=VmHOUiU*pZV)y@BD_TV{v0#-wW$|Jg9L zM$2@0XuUP4N~mb)ffh1q4sqy000oy|Ahj`>!*!?P(T^b1TF#yhA9C$ z02+`5t}%!*Ba>w~0zm!ER2WnTP-HL#hKgqRU#88-6c}8KQ5lYKhp@{)KwuE|A|D88 zbNUWo47dXK0bjry@ME|W;17s1TD<@lz>aa=2OI$h2GM3zgaAGa)f;eT#CD9>Z9Dra9ed&Mx!U`$IvYcQb0VWW@xVZnTfc}38NGL1dH%H7V ze=UJXEO=hu+D_*SECy320E^z~wjOm^7aP*1UZ;(qn;ZYgGp)`%mivwEMbUt5b+5+_ z0(-|e>EZcHRH_4iePU-)gtH2vN|rWa9;Eo~*TJKXRip3<_bd!M$8d+-A>Bc#=4A)G zno9mWHNwh!Yi!3L!rn?UYMoZ|VOCW7-AdM+Y%IMk74LAvEJgo10hh%YMLzykTTW9L zM7VpYu*LM?K+jGxD>{F`*(A=zkc|ji|CZ|5A1gH~y&Pu~*IIGMgDrq`>+E4{Vj#V} zc0Z%rjn%jVS*IVRupF?(uHMtj75notI^V;j?S9gQ4Gi~YnREJ@7duASNBX`zDV3aN z8sAE3<#Od#PqSMYemM2qjCsErY;d-&$SVrnjqT(aBk_ckRzXSLA*)0aLW{D*Zwpaw{;mcPL$v> zo$_;frKU*eA5Qr6>AiG#VVHi@Hi6sMfV{@62r6k>7@8SA%_K~EwRHZ7zivxm$D2po zm^zT?mC$6?`T3e}gHw>@I6DGuq$VYLEL?0yKxRy%pG=ycC6dTl+B?Npj^WL0m&*Ul zx|7P!J=pddlXC)+U3q*<6YX*GqBw?R&wTT;g`a#LFWaD~%j*$x$MpJXzgM2VY8dR^ z`8PEZ#`iWe6E*LR9i(o5_vp;O_h3mW=(LWOpT8R{2xL0jk!$47QEqxbv1|gA%Hvw3 z&&2W77wCr5T^^Ery62hOcZfLIw8ooBDwkj?#g*G3%ej7;-K|2Oft!hG;<^^dJ4x|l zk*HPwF^a~v{)H>{>0<`psXnA}9~#fN;F-Sbm!hikBHS_WQl9w%kOy9A=bnS28p`Cgl45AFPsOx(@OJWZ>+Q|0aP1T*8deZl&#k=0ht36|AGzmScesUre z)hR#ekXitJB27K>K!fjif?%f~grHfIME(#`K>bvbS|s-SZ52ZGoM29RigBaqN4BI3 zldGCysyD>Xnl6)vLLDdihTMGJ)J!DaszUp|+=LZMg;8T_gyG(E#+CXveE?g6y^@Eg zg>KBb$hE4dCoRwyY!JdqReOC6|1TJfOamqIH>SItVNvUQ}ac}z+Ixm*x{XCK0Hq_z`TJx<7R4>{0bI;XM2s=>-}yq TKbCK5Rr&~?ju+kjYe4=B2y$^; literal 0 HcmV?d00001 diff --git a/Certificates/eShopOnContainers.pfx b/Certificates/eShopOnContainers.pfx new file mode 100644 index 0000000000000000000000000000000000000000..c5962c1c2ca28cce03688aaeab86a83e8f24892c GIT binary patch literal 3354 zcmZWqcQoAJw*Sr;lVA`ndKW~UQAQ_9h!J8KA$keXJ5hdOj51P$AbRi7gXlG)1Q8j% zmxK^eqGTdb?&Plb?p<%awb$O~b3UKXK4+bO&W7WtuYy5ja2$*Pr4Wg^6+@&3T>|Cd zV7(9=tcygq!EsR7|B=YgAUN_9IF9_7ls}+U|I-Dd1cCE#kaIW=@*B0SEn#mS>Cz`_O^43ius6A) zh(faJ!m!lC9XDUAfMHpv^w}EEIF*=zGgb^4>m!Me&E+Z&(TDIiI6-;t1<{DTDEuI+ zL2AIfxfX5cVA%EYtNw#^T}Ob_M`7yX+@UQ;8_t|ktPC5im_^MV!N4w|T>NaeeDJ(S zRb#&n*ps)kGz`9ZhdOB8-geoO3t4o-mJxnjvWALp8Fqs;xkn9>i;V(nn}c(FdtjLd zW2XrrUa8SRDS-9)$@3 zp@wjuyqiAiA-1sygT=g~sMff9P!TPqoS)-VP<39LiIHZ&tV#}Sw8fFLLx@KmrmaT% z?N=Ic&YevyJ=wJ*dYE<9)=+$F_O@Ohz^q1@k$W?H~4*1@(XS%YOCqGQ%VOomMr_z(pLm zlHTo_-;n%*le2WXZHLZ)o0n;5cEn$3q_PW3`hY51{L?)NUHI%zd3+5{s$ERdU*2F#YvrkF^Nty1p< zi@Wsehs99eQRWC&gm4H3Sc!(KE>2V%D^V?myb%W82J{`Kei0?k3(s*r#L5w1;!jx!At z$ch~Pe2~Rhw%dy+nFsU1{lo>dxt)7fU-K)}(`A1QwwUgtUx;8pDFJ4jm#pta_%r!O z-=e^yw)LF<2UUR0YMDgt{Q>nRdRELR8=HLBHMDd%U!}n9T2uE04MrO4Un7Bqr*RT~ zwYP?;`t3^gmNsAepn_39XOFvd&re_nM^#I%&jh|Rn7t@v_n)_MT_nrYRXJQqlv!WI zc6=$|*1Tf8qMV*v(*4iob(^f=@klE%l!8sm)|4Y(fM>{6NPt7WLS5~d=;T|pUXy;Z zzR!edAdlA1E5od2JZ5{v@8jq!2(|FuAo^#MaE(YkXJvZWm{Dz-7mJEoZ$m#37T1&f z+i9}_gnByI?;xx_utK<(?;?{hs^7@$FPdz8#KFG3^0Uc6<4f@ZC`CNY^(F^u3Xwe1 zz~5avtYwVfGnmg6634I!-oJ)BKx^*{OwlZES#VudFWcVAW=d}J()?cH6p2)5tY2A9 zuR?nlm9P=VwRo61K}g{cMmBbf6L@X|vOGWDNTcQKuzcfj*DUL(E?!J^o+vy<$LlPW zgMU_mIXXZ!J5GYiO z6(a2PX7tVDTS173WjMoszDo)w1QY@R0RRBE_%F$bFyOikgaYz_EFc3&0a}1MscHk_ z00Kag;xCdRRXISDgcJY`68{%Tld23Ukt8>Qr2mbZBoqdBgHnh>K@bp5jt+#d=CTCz z0T;jl@CCd8KTIpalcBJY6I0E-cj3&tu40w}NFW>KR>3u#4WfSDPC9H(4+@ zatUQ+g%asp>b10c-Zfa~Kw0?5 zikd|q`3J83$wV;z_cUQ_gX@>_kM(+{T>q36?rx79;qizmHeE5*~M z#qsVLhC`nz|twoUSbw_u1WUkj7fr$fkFDQ0D>jX^?TE@D@QI%xH7z(u$_@ES={ zDmV(AojrM5Uh+ z%S0AE@o-iwpuQgVJ<4}!R7Q?oi;!6qJlQp4qZ08V&}Eu$wC{8B$fPnJDzjPou;`NP zkGBP7rngiYf8SL)qQ7P%_gX!)38wK_fMF&U003QN|`%zX2g?KxKOE|&{-FKvVF zHjLM46-f~I_$|?Gm)Lj(N6Ai-)^2`k8RczOpin9@w-HF)E_-s|&UvPgGv!ZT!F^!d zm}eph{}IniHQH=?=&Z8Wq5iA|r z=jF-w?Su>b*E7BzmaJYY`Hs4r?oWEz&!KYi)^*1NI@E9E2CC?IXjEBdEVlKFinsD6 zt9}1r*PNBmzcxIe;Dt56$v~$& z?Zrw&_)ME^60$00v@Yl+PgJFJ#$;&b@yE`JkBY%U zdS8_uto8i1W07Y}pPi8{@yRT5>}v#nXcX%x>pp!(n}RVxOg}fPD|f^*Kc{VDkK$~- zEewiGfM?&JHe65-K=`wk3w5U(>Hc8wYFH$$iyV9g>w7{v#U{lcDFQ8q85csbb=~G} zBa}=Se^12WVG;%H&N9vQl|rAj)CdK*5}X@;2}&+XLk4DpFoMZc)U9>%AGeG9k(XK( j2lE}y6hau^t3GJrQOjB&Q&!Aq%=3F;Zo=dBcR>9M3k&{i literal 0 HcmV?d00001 diff --git a/src/Services/Identity/Identity.API/Certificates/DotNet Foundation CA.pfx b/src/Services/Identity/Identity.API/Certificates/DotNet Foundation CA.pfx new file mode 100644 index 0000000000000000000000000000000000000000..67ce2e415e0ec2386c4f9d8311cc040adbc1794f GIT binary patch literal 2970 zcmZXVc{J327stQD7&}8KQI;vDgc*!1l`NAzA;l;n`<`70V<*el844l9ko2>KNXbvh zPL{Exm}$lmMi@Nv`<>_cJ?A;kx#xa9_rBiue$M&)b1wqRnZpEPMqoM3AnfPk^x}57 zL9C!+ET=XY%c;S@>If`^>whGc12C3l7lCEjX7~n#^WR-u93ZA*Ecg(C1@9q5Asqj~ zjK_JvY{(K~qTj*GTqY*gK`<6Pi7zpk$vF3c&at9n{M-KAVcA!Ut_BrYVII3jd2FCf z8T)Ef9?r`rGKi=Z5H~#tcJK&5Ns4k-_=I?Oh@H$1~ z_lL%UEGYipPs&NIUYL8d6Ek8pHSq2_VmYKfWsb(g%aRlUoi$Tr>)~ginV2V(W3{L2;Xi-_+}OxGSTgc|NkCig#g(*ywH8kj2RI zC_?4B9}fVmLNR%{YxhETlcAmg-tx+&{68LYIYXzOZVc$ANK6pj!wgDZYRO#t=IS}+ zlyerk7q{7uT-xoN?bYU(GnsZ9BXc7uG!|V8U!&s4SVb=$a#3=t6Dgq)}Uw@xN;hK1xjgNJqU2b z$&CnE3kxW}O-l6p8hyR5OoaN@?ob@ao(#636h4@J7qTBx<(wJw?Cdr-&erHNckNQ2 z6+Y^W63FAhKa zHsM;+F#EOA!$!n^qrgay_|ys+97tj-qSVT21zr7BQGWFO#MB1-srBW|>H0x4ewNfO zHyXNK<2eC&^=Yu3l>KO!CMwi9-uAb$-PbcOS5~0wSwHmm$GQ!_jK&I^flgVsx*6KS zdM1sU_Ohqx-jN51_TJf)ab-4Y?6yagCY0D3N$v@}$1-f?`@Z|g3kgo@A{V?CmeH+TXnU<*x8oz|x3Z&0fa7rdRS&FJ zP8uc%WJ@n_?={#!N~4p8rNWyuV_FP4)FxIJQMUXSC)F+c%NCSJ>r>!!vU8J}lA=pp z){6ya&zNGe$P)sGX+Mo!&YFVY!T17{dD*LBcGDtAr0Js*y-;}f8|ISut@ zzn?8dsov0aJr`IH_mnr@l1Mz-KfkQ?zF1-FlK=0{PZB3EU#xa>97@keb7SX0GH`HGUg{Gh>yaEcX+LnNA3*O-d=VmHOUiU*pZV)y@BD_TV{v0#-wW$|Jg9L zM$2@0XuUP4N~mb)ffh1q4sqy000oy|Ahj`>!*!?P(T^b1TF#yhA9C$ z02+`5t}%!*Ba>w~0zm!ER2WnTP-HL#hKgqRU#88-6c}8KQ5lYKhp@{)KwuE|A|D88 zbNUWo47dXK0bjry@ME|W;17s1TD<@lz>aa=2OI$h2GM3zgaAGa)f;eT#CD9>Z9Dra9ed&Mx!U`$IvYcQb0VWW@xVZnTfc}38NGL1dH%H7V ze=UJXEO=hu+D_*SECy320E^z~wjOm^7aP*1UZ;(qn;ZYgGp)`%mivwEMbUt5b+5+_ z0(-|e>EZcHRH_4iePU-)gtH2vN|rWa9;Eo~*TJKXRip3<_bd!M$8d+-A>Bc#=4A)G zno9mWHNwh!Yi!3L!rn?UYMoZ|VOCW7-AdM+Y%IMk74LAvEJgo10hh%YMLzykTTW9L zM7VpYu*LM?K+jGxD>{F`*(A=zkc|ji|CZ|5A1gH~y&Pu~*IIGMgDrq`>+E4{Vj#V} zc0Z%rjn%jVS*IVRupF?(uHMtj75notI^V;j?S9gQ4Gi~YnREJ@7duASNBX`zDV3aN z8sAE3<#Od#PqSMYemM2qjCsErY;d-&$SVrnjqT(aBk_ckRzXSLA*)0aLW{D*Zwpaw{;mcPL$v> zo$_;frKU*eA5Qr6>AiG#VVHi@Hi6sMfV{@62r6k>7@8SA%_K~EwRHZ7zivxm$D2po zm^zT?mC$6?`T3e}gHw>@I6DGuq$VYLEL?0yKxRy%pG=ycC6dTl+B?Npj^WL0m&*Ul zx|7P!J=pddlXC)+U3q*<6YX*GqBw?R&wTT;g`a#LFWaD~%j*$x$MpJXzgM2VY8dR^ z`8PEZ#`iWe6E*LR9i(o5_vp;O_h3mW=(LWOpT8R{2xL0jk!$47QEqxbv1|gA%Hvw3 z&&2W77wCr5T^^Ery62hOcZfLIw8ooBDwkj?#g*G3%ej7;-K|2Oft!hG;<^^dJ4x|l zk*HPwF^a~v{)H>{>0<`psXnA}9~#fN;F-Sbm!hikBHS_WQl9w%kOy9A=bnS28p`Cgl45AFPsOx(@OJWZ>+Q|0aP1T*8deZl&#k=0ht36|AGzmScesUre z)hR#ekXitJB27K>K!fjif?%f~grHfIME(#`K>bvbS|s-SZ52ZGoM29RigBaqN4BI3 zldGCysyD>Xnl6)vLLDdihTMGJ)J!DaszUp|+=LZMg;8T_gyG(E#+CXveE?g6y^@Eg zg>KBb$hE4dCoRwyY!JdqReOC6|1TJfOamqIH>SItVNvUQ}ac}z+Ixm*x{XCK0Hq_z`TJx<7R4>{0bI;XM2s=>-}yq TKbCK5Rr&~?ju+kjYe4=B2y$^; literal 0 HcmV?d00001 diff --git a/src/Services/Identity/Identity.API/Certificates/eShopOnContainers.pfx b/src/Services/Identity/Identity.API/Certificates/eShopOnContainers.pfx new file mode 100644 index 0000000000000000000000000000000000000000..c5962c1c2ca28cce03688aaeab86a83e8f24892c GIT binary patch literal 3354 zcmZWqcQoAJw*Sr;lVA`ndKW~UQAQ_9h!J8KA$keXJ5hdOj51P$AbRi7gXlG)1Q8j% zmxK^eqGTdb?&Plb?p<%awb$O~b3UKXK4+bO&W7WtuYy5ja2$*Pr4Wg^6+@&3T>|Cd zV7(9=tcygq!EsR7|B=YgAUN_9IF9_7ls}+U|I-Dd1cCE#kaIW=@*B0SEn#mS>Cz`_O^43ius6A) zh(faJ!m!lC9XDUAfMHpv^w}EEIF*=zGgb^4>m!Me&E+Z&(TDIiI6-;t1<{DTDEuI+ zL2AIfxfX5cVA%EYtNw#^T}Ob_M`7yX+@UQ;8_t|ktPC5im_^MV!N4w|T>NaeeDJ(S zRb#&n*ps)kGz`9ZhdOB8-geoO3t4o-mJxnjvWALp8Fqs;xkn9>i;V(nn}c(FdtjLd zW2XrrUa8SRDS-9)$@3 zp@wjuyqiAiA-1sygT=g~sMff9P!TPqoS)-VP<39LiIHZ&tV#}Sw8fFLLx@KmrmaT% z?N=Ic&YevyJ=wJ*dYE<9)=+$F_O@Ohz^q1@k$W?H~4*1@(XS%YOCqGQ%VOomMr_z(pLm zlHTo_-;n%*le2WXZHLZ)o0n;5cEn$3q_PW3`hY51{L?)NUHI%zd3+5{s$ERdU*2F#YvrkF^Nty1p< zi@Wsehs99eQRWC&gm4H3Sc!(KE>2V%D^V?myb%W82J{`Kei0?k3(s*r#L5w1;!jx!At z$ch~Pe2~Rhw%dy+nFsU1{lo>dxt)7fU-K)}(`A1QwwUgtUx;8pDFJ4jm#pta_%r!O z-=e^yw)LF<2UUR0YMDgt{Q>nRdRELR8=HLBHMDd%U!}n9T2uE04MrO4Un7Bqr*RT~ zwYP?;`t3^gmNsAepn_39XOFvd&re_nM^#I%&jh|Rn7t@v_n)_MT_nrYRXJQqlv!WI zc6=$|*1Tf8qMV*v(*4iob(^f=@klE%l!8sm)|4Y(fM>{6NPt7WLS5~d=;T|pUXy;Z zzR!edAdlA1E5od2JZ5{v@8jq!2(|FuAo^#MaE(YkXJvZWm{Dz-7mJEoZ$m#37T1&f z+i9}_gnByI?;xx_utK<(?;?{hs^7@$FPdz8#KFG3^0Uc6<4f@ZC`CNY^(F^u3Xwe1 zz~5avtYwVfGnmg6634I!-oJ)BKx^*{OwlZES#VudFWcVAW=d}J()?cH6p2)5tY2A9 zuR?nlm9P=VwRo61K}g{cMmBbf6L@X|vOGWDNTcQKuzcfj*DUL(E?!J^o+vy<$LlPW zgMU_mIXXZ!J5GYiO z6(a2PX7tVDTS173WjMoszDo)w1QY@R0RRBE_%F$bFyOikgaYz_EFc3&0a}1MscHk_ z00Kag;xCdRRXISDgcJY`68{%Tld23Ukt8>Qr2mbZBoqdBgHnh>K@bp5jt+#d=CTCz z0T;jl@CCd8KTIpalcBJY6I0E-cj3&tu40w}NFW>KR>3u#4WfSDPC9H(4+@ zatUQ+g%asp>b10c-Zfa~Kw0?5 zikd|q`3J83$wV;z_cUQ_gX@>_kM(+{T>q36?rx79;qizmHeE5*~M z#qsVLhC`nz|twoUSbw_u1WUkj7fr$fkFDQ0D>jX^?TE@D@QI%xH7z(u$_@ES={ zDmV(AojrM5Uh+ z%S0AE@o-iwpuQgVJ<4}!R7Q?oi;!6qJlQp4qZ08V&}Eu$wC{8B$fPnJDzjPou;`NP zkGBP7rngiYf8SL)qQ7P%_gX!)38wK_fMF&U003QN|`%zX2g?KxKOE|&{-FKvVF zHjLM46-f~I_$|?Gm)Lj(N6Ai-)^2`k8RczOpin9@w-HF)E_-s|&UvPgGv!ZT!F^!d zm}eph{}IniHQH=?=&Z8Wq5iA|r z=jF-w?Su>b*E7BzmaJYY`Hs4r?oWEz&!KYi)^*1NI@E9E2CC?IXjEBdEVlKFinsD6 zt9}1r*PNBmzcxIe;Dt56$v~$& z?Zrw&_)ME^60$00v@Yl+PgJFJ#$;&b@yE`JkBY%U zdS8_uto8i1W07Y}pPi8{@yRT5>}v#nXcX%x>pp!(n}RVxOg}fPD|f^*Kc{VDkK$~- zEewiGfM?&JHe65-K=`wk3w5U(>Hc8wYFH$$iyV9g>w7{v#U{lcDFQ8q85csbb=~G} zBa}=Se^12WVG;%H&N9vQl|rAj)CdK*5}X@;2}&+XLk4DpFoMZc)U9>%AGeG9k(XK( j2lE}y6hau^t3GJrQOjB&Q&!Aq%=3F;Zo=dBcR>9M3k&{i literal 0 HcmV?d00001 diff --git a/src/Web/WebMVC/Certificates/DotNet Foundation CA.pfx b/src/Web/WebMVC/Certificates/DotNet Foundation CA.pfx new file mode 100644 index 0000000000000000000000000000000000000000..67ce2e415e0ec2386c4f9d8311cc040adbc1794f GIT binary patch literal 2970 zcmZXVc{J327stQD7&}8KQI;vDgc*!1l`NAzA;l;n`<`70V<*el844l9ko2>KNXbvh zPL{Exm}$lmMi@Nv`<>_cJ?A;kx#xa9_rBiue$M&)b1wqRnZpEPMqoM3AnfPk^x}57 zL9C!+ET=XY%c;S@>If`^>whGc12C3l7lCEjX7~n#^WR-u93ZA*Ecg(C1@9q5Asqj~ zjK_JvY{(K~qTj*GTqY*gK`<6Pi7zpk$vF3c&at9n{M-KAVcA!Ut_BrYVII3jd2FCf z8T)Ef9?r`rGKi=Z5H~#tcJK&5Ns4k-_=I?Oh@H$1~ z_lL%UEGYipPs&NIUYL8d6Ek8pHSq2_VmYKfWsb(g%aRlUoi$Tr>)~ginV2V(W3{L2;Xi-_+}OxGSTgc|NkCig#g(*ywH8kj2RI zC_?4B9}fVmLNR%{YxhETlcAmg-tx+&{68LYIYXzOZVc$ANK6pj!wgDZYRO#t=IS}+ zlyerk7q{7uT-xoN?bYU(GnsZ9BXc7uG!|V8U!&s4SVb=$a#3=t6Dgq)}Uw@xN;hK1xjgNJqU2b z$&CnE3kxW}O-l6p8hyR5OoaN@?ob@ao(#636h4@J7qTBx<(wJw?Cdr-&erHNckNQ2 z6+Y^W63FAhKa zHsM;+F#EOA!$!n^qrgay_|ys+97tj-qSVT21zr7BQGWFO#MB1-srBW|>H0x4ewNfO zHyXNK<2eC&^=Yu3l>KO!CMwi9-uAb$-PbcOS5~0wSwHmm$GQ!_jK&I^flgVsx*6KS zdM1sU_Ohqx-jN51_TJf)ab-4Y?6yagCY0D3N$v@}$1-f?`@Z|g3kgo@A{V?CmeH+TXnU<*x8oz|x3Z&0fa7rdRS&FJ zP8uc%WJ@n_?={#!N~4p8rNWyuV_FP4)FxIJQMUXSC)F+c%NCSJ>r>!!vU8J}lA=pp z){6ya&zNGe$P)sGX+Mo!&YFVY!T17{dD*LBcGDtAr0Js*y-;}f8|ISut@ zzn?8dsov0aJr`IH_mnr@l1Mz-KfkQ?zF1-FlK=0{PZB3EU#xa>97@keb7SX0GH`HGUg{Gh>yaEcX+LnNA3*O-d=VmHOUiU*pZV)y@BD_TV{v0#-wW$|Jg9L zM$2@0XuUP4N~mb)ffh1q4sqy000oy|Ahj`>!*!?P(T^b1TF#yhA9C$ z02+`5t}%!*Ba>w~0zm!ER2WnTP-HL#hKgqRU#88-6c}8KQ5lYKhp@{)KwuE|A|D88 zbNUWo47dXK0bjry@ME|W;17s1TD<@lz>aa=2OI$h2GM3zgaAGa)f;eT#CD9>Z9Dra9ed&Mx!U`$IvYcQb0VWW@xVZnTfc}38NGL1dH%H7V ze=UJXEO=hu+D_*SECy320E^z~wjOm^7aP*1UZ;(qn;ZYgGp)`%mivwEMbUt5b+5+_ z0(-|e>EZcHRH_4iePU-)gtH2vN|rWa9;Eo~*TJKXRip3<_bd!M$8d+-A>Bc#=4A)G zno9mWHNwh!Yi!3L!rn?UYMoZ|VOCW7-AdM+Y%IMk74LAvEJgo10hh%YMLzykTTW9L zM7VpYu*LM?K+jGxD>{F`*(A=zkc|ji|CZ|5A1gH~y&Pu~*IIGMgDrq`>+E4{Vj#V} zc0Z%rjn%jVS*IVRupF?(uHMtj75notI^V;j?S9gQ4Gi~YnREJ@7duASNBX`zDV3aN z8sAE3<#Od#PqSMYemM2qjCsErY;d-&$SVrnjqT(aBk_ckRzXSLA*)0aLW{D*Zwpaw{;mcPL$v> zo$_;frKU*eA5Qr6>AiG#VVHi@Hi6sMfV{@62r6k>7@8SA%_K~EwRHZ7zivxm$D2po zm^zT?mC$6?`T3e}gHw>@I6DGuq$VYLEL?0yKxRy%pG=ycC6dTl+B?Npj^WL0m&*Ul zx|7P!J=pddlXC)+U3q*<6YX*GqBw?R&wTT;g`a#LFWaD~%j*$x$MpJXzgM2VY8dR^ z`8PEZ#`iWe6E*LR9i(o5_vp;O_h3mW=(LWOpT8R{2xL0jk!$47QEqxbv1|gA%Hvw3 z&&2W77wCr5T^^Ery62hOcZfLIw8ooBDwkj?#g*G3%ej7;-K|2Oft!hG;<^^dJ4x|l zk*HPwF^a~v{)H>{>0<`psXnA}9~#fN;F-Sbm!hikBHS_WQl9w%kOy9A=bnS28p`Cgl45AFPsOx(@OJWZ>+Q|0aP1T*8deZl&#k=0ht36|AGzmScesUre z)hR#ekXitJB27K>K!fjif?%f~grHfIME(#`K>bvbS|s-SZ52ZGoM29RigBaqN4BI3 zldGCysyD>Xnl6)vLLDdihTMGJ)J!DaszUp|+=LZMg;8T_gyG(E#+CXveE?g6y^@Eg zg>KBb$hE4dCoRwyY!JdqReOC6|1TJfOamqIH>SItVNvUQ}ac}z+Ixm*x{XCK0Hq_z`TJx<7R4>{0bI;XM2s=>-}yq TKbCK5Rr&~?ju+kjYe4=B2y$^; literal 0 HcmV?d00001 diff --git a/src/Web/WebMVC/Certificates/eShopOnContainers.pfx b/src/Web/WebMVC/Certificates/eShopOnContainers.pfx new file mode 100644 index 0000000000000000000000000000000000000000..c5962c1c2ca28cce03688aaeab86a83e8f24892c GIT binary patch literal 3354 zcmZWqcQoAJw*Sr;lVA`ndKW~UQAQ_9h!J8KA$keXJ5hdOj51P$AbRi7gXlG)1Q8j% zmxK^eqGTdb?&Plb?p<%awb$O~b3UKXK4+bO&W7WtuYy5ja2$*Pr4Wg^6+@&3T>|Cd zV7(9=tcygq!EsR7|B=YgAUN_9IF9_7ls}+U|I-Dd1cCE#kaIW=@*B0SEn#mS>Cz`_O^43ius6A) zh(faJ!m!lC9XDUAfMHpv^w}EEIF*=zGgb^4>m!Me&E+Z&(TDIiI6-;t1<{DTDEuI+ zL2AIfxfX5cVA%EYtNw#^T}Ob_M`7yX+@UQ;8_t|ktPC5im_^MV!N4w|T>NaeeDJ(S zRb#&n*ps)kGz`9ZhdOB8-geoO3t4o-mJxnjvWALp8Fqs;xkn9>i;V(nn}c(FdtjLd zW2XrrUa8SRDS-9)$@3 zp@wjuyqiAiA-1sygT=g~sMff9P!TPqoS)-VP<39LiIHZ&tV#}Sw8fFLLx@KmrmaT% z?N=Ic&YevyJ=wJ*dYE<9)=+$F_O@Ohz^q1@k$W?H~4*1@(XS%YOCqGQ%VOomMr_z(pLm zlHTo_-;n%*le2WXZHLZ)o0n;5cEn$3q_PW3`hY51{L?)NUHI%zd3+5{s$ERdU*2F#YvrkF^Nty1p< zi@Wsehs99eQRWC&gm4H3Sc!(KE>2V%D^V?myb%W82J{`Kei0?k3(s*r#L5w1;!jx!At z$ch~Pe2~Rhw%dy+nFsU1{lo>dxt)7fU-K)}(`A1QwwUgtUx;8pDFJ4jm#pta_%r!O z-=e^yw)LF<2UUR0YMDgt{Q>nRdRELR8=HLBHMDd%U!}n9T2uE04MrO4Un7Bqr*RT~ zwYP?;`t3^gmNsAepn_39XOFvd&re_nM^#I%&jh|Rn7t@v_n)_MT_nrYRXJQqlv!WI zc6=$|*1Tf8qMV*v(*4iob(^f=@klE%l!8sm)|4Y(fM>{6NPt7WLS5~d=;T|pUXy;Z zzR!edAdlA1E5od2JZ5{v@8jq!2(|FuAo^#MaE(YkXJvZWm{Dz-7mJEoZ$m#37T1&f z+i9}_gnByI?;xx_utK<(?;?{hs^7@$FPdz8#KFG3^0Uc6<4f@ZC`CNY^(F^u3Xwe1 zz~5avtYwVfGnmg6634I!-oJ)BKx^*{OwlZES#VudFWcVAW=d}J()?cH6p2)5tY2A9 zuR?nlm9P=VwRo61K}g{cMmBbf6L@X|vOGWDNTcQKuzcfj*DUL(E?!J^o+vy<$LlPW zgMU_mIXXZ!J5GYiO z6(a2PX7tVDTS173WjMoszDo)w1QY@R0RRBE_%F$bFyOikgaYz_EFc3&0a}1MscHk_ z00Kag;xCdRRXISDgcJY`68{%Tld23Ukt8>Qr2mbZBoqdBgHnh>K@bp5jt+#d=CTCz z0T;jl@CCd8KTIpalcBJY6I0E-cj3&tu40w}NFW>KR>3u#4WfSDPC9H(4+@ zatUQ+g%asp>b10c-Zfa~Kw0?5 zikd|q`3J83$wV;z_cUQ_gX@>_kM(+{T>q36?rx79;qizmHeE5*~M z#qsVLhC`nz|twoUSbw_u1WUkj7fr$fkFDQ0D>jX^?TE@D@QI%xH7z(u$_@ES={ zDmV(AojrM5Uh+ z%S0AE@o-iwpuQgVJ<4}!R7Q?oi;!6qJlQp4qZ08V&}Eu$wC{8B$fPnJDzjPou;`NP zkGBP7rngiYf8SL)qQ7P%_gX!)38wK_fMF&U003QN|`%zX2g?KxKOE|&{-FKvVF zHjLM46-f~I_$|?Gm)Lj(N6Ai-)^2`k8RczOpin9@w-HF)E_-s|&UvPgGv!ZT!F^!d zm}eph{}IniHQH=?=&Z8Wq5iA|r z=jF-w?Su>b*E7BzmaJYY`Hs4r?oWEz&!KYi)^*1NI@E9E2CC?IXjEBdEVlKFinsD6 zt9}1r*PNBmzcxIe;Dt56$v~$& z?Zrw&_)ME^60$00v@Yl+PgJFJ#$;&b@yE`JkBY%U zdS8_uto8i1W07Y}pPi8{@yRT5>}v#nXcX%x>pp!(n}RVxOg}fPD|f^*Kc{VDkK$~- zEewiGfM?&JHe65-K=`wk3w5U(>Hc8wYFH$$iyV9g>w7{v#U{lcDFQ8q85csbb=~G} zBa}=Se^12WVG;%H&N9vQl|rAj)CdK*5}X@;2}&+XLk4DpFoMZc)U9>%AGeG9k(XK( j2lE}y6hau^t3GJrQOjB&Q&!Aq%=3F;Zo=dBcR>9M3k&{i literal 0 HcmV?d00001 From 786b3c9542af97e86accf6b7b9d342cc5875e91f Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 17:00:33 +0600 Subject: [PATCH 08/26] Configured SSL certificate settings for Kestrel --- .../Identity/Identity.API/appsettings.json | 55 +++++++++-------- src/Web/WebMVC/appsettings.json | 59 +++++++++++-------- src/Web/WebSPA/appsettings.json | 45 ++++++++------ 3 files changed, 93 insertions(+), 66 deletions(-) diff --git a/src/Services/Identity/Identity.API/appsettings.json b/src/Services/Identity/Identity.API/appsettings.json index 0c8284ea3..40cf02804 100644 --- a/src/Services/Identity/Identity.API/appsettings.json +++ b/src/Services/Identity/Identity.API/appsettings.json @@ -1,25 +1,34 @@ { - "ConnectionString": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.IdentityDb;User Id=sa;Password=Pass@word;", - "IsClusterEnv": "False", - "MvcClient": "https://localhost:4100", - "SpaClient": "https://localhost:4104", - "XamarinCallback": "https://localhost:4105/xamarincallback", - "UseCustomizationData": false, - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace", - "System": "Information", - "Microsoft": "Information" - } - }, - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "UseVault": false, - "Vault": { - "Name": "eshop", - "ClientId": "your-clien-id", - "ClientSecret": "your-client-secret" - } + "ConnectionString": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.IdentityDb;User Id=sa;Password=Pass@word;", + "IsClusterEnv": "False", + "MvcClient": "https://localhost:4100", + "SpaClient": "https://localhost:4104", + "XamarinCallback": "https://localhost:4105/xamarincallback", + "UseCustomizationData": false, + "Logging": { + "IncludeScopes": false, + "LogLevel": { + "Default": "Trace", + "System": "Information", + "Microsoft": "Information" + } + }, + "ApplicationInsights": { + "InstrumentationKey": "" + }, + "UseVault": false, + "Vault": { + "Name": "eshop", + "ClientId": "your-clien-id", + "ClientSecret": "your-client-secret" + }, + "Kestrel": { + "Certificates": { + "Default": { + "Path": "./Certificates/eShopOnContainers.pfx", + "Password": "D0tNet@" + } + } + } + } diff --git a/src/Web/WebMVC/appsettings.json b/src/Web/WebMVC/appsettings.json index 922e65ff3..05a1f35c3 100644 --- a/src/Web/WebMVC/appsettings.json +++ b/src/Web/WebMVC/appsettings.json @@ -1,27 +1,36 @@ { - "CatalogUrl": "http://localhost:5101", - "OrderingUrl": "http://localhost:5102", - "BasketUrl": "http://localhost:5103", - "MarketingUrl": "http://localhost:5110", - "IdentityUrl": "https://localhost:4105", - "CallBackUrl": "https://localhost:4100/", - "LocationsUrl": "http://localhost:5109/", - "IsClusterEnv": "False", - "UseResilientHttp": "True", - "UseLoadTest": false, - "ActivateCampaignDetailFunction": "False", - "UseCustomizationData": false, - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace", - "System": "Information", - "Microsoft": "Information" - } - }, - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "HttpClientRetryCount": 8, - "HttpClientExceptionsAllowedBeforeBreaking": 7 + "CatalogUrl": "http://localhost:5101", + "OrderingUrl": "http://localhost:5102", + "BasketUrl": "http://localhost:5103", + "MarketingUrl": "http://localhost:5110", + "IdentityUrl": "https://localhost:4105", + "CallBackUrl": "https://localhost:4100/", + "LocationsUrl": "http://localhost:5109/", + "IsClusterEnv": "False", + "UseResilientHttp": "True", + "UseLoadTest": false, + "ActivateCampaignDetailFunction": "False", + "UseCustomizationData": false, + "Logging": { + "IncludeScopes": false, + "LogLevel": { + "Default": "Trace", + "System": "Information", + "Microsoft": "Information" + } + }, + "ApplicationInsights": { + "InstrumentationKey": "" + }, + "HttpClientRetryCount": 8, + "HttpClientExceptionsAllowedBeforeBreaking": 7, + "Kestrel": { + "Certificates": { + "Default": { + "Path": "./Certificates/eShopOnContainers.pfx", + "Password": "D0tNet@" + } + } + } + } \ No newline at end of file diff --git a/src/Web/WebSPA/appsettings.json b/src/Web/WebSPA/appsettings.json index c75b8b280..d843edeec 100644 --- a/src/Web/WebSPA/appsettings.json +++ b/src/Web/WebSPA/appsettings.json @@ -1,20 +1,29 @@ { - "IdentityUrl": "https://localhost:4105", - "MarketingUrl": "http://localhost:5110", - "CallBackUrl": "https://localhost:4104/", - "PurchaseUrl": "http://localhost:5200", - "UseCustomizationData": true, - "IsClusterEnv": "False", - "ActivateCampaignDetailFunction": true, - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Debug", - "System": "Information", - "Microsoft": "Information" - } - }, - "ApplicationInsights": { - "InstrumentationKey": "" - } + "IdentityUrl": "https://localhost:4105", + "MarketingUrl": "http://localhost:5110", + "CallBackUrl": "https://localhost:4104/", + "PurchaseUrl": "http://localhost:5200", + "UseCustomizationData": true, + "IsClusterEnv": "False", + "ActivateCampaignDetailFunction": true, + "Logging": { + "IncludeScopes": false, + "LogLevel": { + "Default": "Debug", + "System": "Information", + "Microsoft": "Information" + } + }, + "ApplicationInsights": { + "InstrumentationKey": "" + }, + "Kestrel": { + "Certificates": { + "Default": { + "Path": "./Certificates/eShopOnContainers.pfx", + "Password": "D0tNet@" + } + } + } + } \ No newline at end of file From fa98fdf1614ca34698b71c12e8333398e8c09ab5 Mon Sep 17 00:00:00 2001 From: rafsanulhasan Date: Sat, 1 Sep 2018 17:01:34 +0600 Subject: [PATCH 09/26] Copy the SSL certificate (.pfx) file to the /root/.aspnet/https/ in the linux containers --- src/Services/Identity/Identity.API/Dockerfile | 1 + src/Web/WebMVC/Dockerfile | 1 + src/Web/WebSPA/Dockerfile | 1 + 3 files changed, 3 insertions(+) diff --git a/src/Services/Identity/Identity.API/Dockerfile b/src/Services/Identity/Identity.API/Dockerfile index 817de19c9..102fc8c13 100644 --- a/src/Services/Identity/Identity.API/Dockerfile +++ b/src/Services/Identity/Identity.API/Dockerfile @@ -17,6 +17,7 @@ FROM dotnet-build as build WORKDIR /src/src/Services/Identity/Identity.API/wwwroot COPY --from=node-build /web/wwwroot . WORKDIR /src +COPY ./Certificates/eShopOnContainers.pfx /root/.aspnet/https/ COPY . . WORKDIR /src/src/Services/Identity/Identity.API RUN dotnet restore -nowarn:msb3202,nu1503 diff --git a/src/Web/WebMVC/Dockerfile b/src/Web/WebMVC/Dockerfile index 758d6cec9..3b0e08ea4 100644 --- a/src/Web/WebMVC/Dockerfile +++ b/src/Web/WebMVC/Dockerfile @@ -17,6 +17,7 @@ FROM dotnet-build as build WORKDIR /src/src/Web/WebMVC/wwwroot COPY --from=node-build /web/wwwroot . WORKDIR /src +COPY ./Certificates/eShopOnContainers.pfx /root/.aspnet/https/ COPY . . WORKDIR /src/src/Web/WebMVC RUN dotnet restore -nowarn:msb3202,nu1503 diff --git a/src/Web/WebSPA/Dockerfile b/src/Web/WebSPA/Dockerfile index 73788bd8c..9a03bce6d 100644 --- a/src/Web/WebSPA/Dockerfile +++ b/src/Web/WebSPA/Dockerfile @@ -17,6 +17,7 @@ FROM dotnet-build as publish WORKDIR /src/src/Web/WebSPA/wwwroot COPY --from=node-build /web/wwwroot . WORKDIR /src +COPY ./Certificates/eShopOnContainers.pfx /root/.aspnet/https/ COPY . . WORKDIR /src/src/Web/WebSPA RUN dotnet publish -c Release -o /app From 58159a2cecec8bec87d9f7debede89273ff28188 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:28:54 +0600 Subject: [PATCH 10/26] Delete docker-compose.override.yml --- docker-compose.override.yml | 329 ------------------------------------ 1 file changed, 329 deletions(-) delete mode 100644 docker-compose.override.yml diff --git a/docker-compose.override.yml b/docker-compose.override.yml deleted file mode 100644 index 284b518ab..000000000 --- a/docker-compose.override.yml +++ /dev/null @@ -1,329 +0,0 @@ -version: '3.4' - -# The default docker-compose.override file can use the "localhost" as the external name for testing web apps within the same dev machine. -# The ESHOP_EXTERNAL_DNS_NAME_OR_IP environment variable is taken, by default, from the ".env" file defined like: -# ESHOP_EXTERNAL_DNS_NAME_OR_IP=localhost -# but values present in the environment vars at runtime will always override those defined inside the .env file -# An external IP or DNS name has to be used (instead localhost and the 10.0.75.1 IP) when testing the Web apps and the Xamarin apps from remote machines/devices using the same WiFi, for instance. - -services: - sql.data: - environment: - - SA_PASSWORD=Pass@word - - ACCEPT_EULA=Y - ports: - - "5433:1433" # Important: In a production environment your should remove the external port - - nosql.data: - ports: - - "27017:27017" # Important: In a production environment your should remove the external port - - basket.data: - ports: - - "6379:6379" # Important: In a production environment your should remove the external port - - rabbitmq: - ports: - - "15672:15672" # Important: In a production environment your should remove the external port - - "5672:5672" # Important: In a production environment your should remove the external port - - identity.api: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://+:80;https://+:443 - - SpaClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104;http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:4104 - - XamarinCallback=http://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:4105/xamarincallback #localhost do not work for UWP login, so we have to use "external" IP always - - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sql.data;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word} - - MvcClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 #Local: You need to open your local dev-machine firewall at range 5100-5110. - - LocationApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109 - - MarketingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110 - - BasketApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103 - - OrderingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102 - - MobileShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 - - WebShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 - - UseCustomizationData=True - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - ports: - - "5105:80" - - "4105:443" - volumes: - - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:rw - - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:rw - - basket.api: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - ConnectionString=${ESHOP_AZURE_REDIS_BASKET_DB:-basket.data} - - identityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - AzureServiceBusEnabled=False - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - UseLoadTest=${USE_LOADTEST:-False} - - ports: - - "5103:80" # Important: In a production environment your should remove the external port (5103) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - catalog.api: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - ConnectionString=${ESHOP_AZURE_CATALOG_DB:-Server=sql.data;Database=Microsoft.eShopOnContainers.Services.CatalogDb;User Id=sa;Password=Pass@word} - - PicBaseUrl=${ESHOP_AZURE_STORAGE_CATALOG_URL:-http://localhost:5202/api/v1/c/catalog/items/[0]/pic/} #Local: You need to open your local dev-machine firewall at range 5100-5110. - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - AzureStorageAccountName=${ESHOP_AZURE_STORAGE_CATALOG_NAME} - - AzureStorageAccountKey=${ESHOP_AZURE_STORAGE_CATALOG_KEY} - - UseCustomizationData=True - - AzureServiceBusEnabled=False - - AzureStorageEnabled=False - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - ports: - - "5101:80" # Important: In a production environment your should remove the external port (5101) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - ordering.api: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sql.data;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - - identityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - UseCustomizationData=True - - AzureServiceBusEnabled=False - - CheckUpdateTime=30000 - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - UseLoadTest=${USE_LOADTEST:-False} - ports: - - "5102:80" # Important: In a production environment your should remove the external port (5102) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - - ordering.backgroundtasks: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sql.data;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - UseCustomizationData=True - - AzureServiceBusEnabled=False - - CheckUpdateTime=30000 - - GracePeriodTime=1 - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - UseLoadTest=${USE_LOADTEST:-False} - ports: - - "5111:80" - - marketing.api: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - ConnectionString=${ESHOP_AZURE_MARKETING_DB:-Server=sql.data;Database=Microsoft.eShopOnContainers.Services.MarketingDb;User Id=sa;Password=Pass@word} - - MongoConnectionString=${ESHOP_AZURE_COSMOSDB:-mongodb://nosql.data} - - MongoDatabase=MarketingDb - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - identityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - - CampaignDetailFunctionUri=${ESHOP_AZUREFUNC_CAMPAIGN_DETAILS_URI} - - PicBaseUrl=${ESHOP_AZURE_STORAGE_MARKETING_URL:-http://localhost:5110/api/v1/campaigns/[0]/pic/} - - AzureStorageAccountName=${ESHOP_AZURE_STORAGE_MARKETING_NAME} - - AzureStorageAccountKey=${ESHOP_AZURE_STORAGE_MARKETING_KEY} - - AzureServiceBusEnabled=False - - AzureStorageEnabled=False - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - UseLoadTest=${USE_LOADTEST:-False} - ports: - - "5110:80" # Important: In a production environment your should remove the external port (5110) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - payment.api: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - AzureServiceBusEnabled=False - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - ports: - - "5108:80" # Important: In a production environment your should remove the external port (5108) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - locations.api: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - ConnectionString=${ESHOP_AZURE_COSMOSDB:-mongodb://nosql.data} - - Database=LocationsDb - - identityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - AzureServiceBusEnabled=False - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - UseLoadTest=${USE_LOADTEST:-False} - ports: - - "5109:80" # Important: In a production environment your should remove the external port (5109) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - mobileshoppingapigw: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - IdentityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - ports: - - "5200:80" - volumes: - - ./src/ApiGateways/Mobile.Bff.Shopping/apigw:${ESHOP_OCELOT_VOLUME_SPEC:-/app/configuration} - - mobilemarketingapigw: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - IdentityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - ports: - - "5201:80" - volumes: - - ./src/ApiGateways/Mobile.Bff.Marketing/apigw:${ESHOP_OCELOT_VOLUME_SPEC:-/app/configuration} - - webshoppingapigw: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - IdentityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - ports: - - "5202:80" - volumes: - - ./src/ApiGateways/Web.Bff.Shopping/apigw:${ESHOP_OCELOT_VOLUME_SPEC:-/app/configuration} - - webmarketingapigw: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - IdentityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - ports: - - "5203:80" - volumes: - - ./src/ApiGateways/Web.Bff.Marketing/apigw:${ESHOP_OCELOT_VOLUME_SPEC:-/app/configuration} - - mobileshoppingagg: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - urls__basket=http://basket.api - - urls__catalog=http://catalog.api - - urls__orders=http://ordering.api - - urls__identity=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - ports: - - "5120:80" # Important: In a production environment your should remove the external port (5120) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - webshoppingagg: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - urls__basket=http://basket.api - - urls__catalog=http://catalog.api - - urls__orders=http://ordering.api - - urls__identity=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - ports: - - "5121:80" # Important: In a production environment your should remove the external port (5121) kept here for microservice debugging purposes. - # The API Gateway redirects and access through the internal port (80). - - ordering.signalrhub: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} - - AzureServiceBusEnabled=False - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - identityUrl=http://identity.api #Local: You need to open your local dev-machine firewall at range 5100-5110. - ports: - - "5112:80" - - webstatus: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - CatalogUrl=http://catalog.api/hc - - OrderingUrl=http://ordering.api/hc - - OrderingBackgroundTasksUrl=http://ordering.backgroundtasks/hc - - BasketUrl=http://basket.api/hc - - IdentityUrl=http://identity.api/hc - - LocationsUrl=http://locations.api/hc - - MarketingUrl=http://marketing.api/hc - - PaymentUrl=http://payment.api/hc - - mvc=http://webmvc/hc - - spa=http://webspa/hc - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - ports: - - "5107:80" - - webspa: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://+:80;https://+:443 - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:4105 #Local: You need to open your local dev-machine firewall at range 5100-5105. at range 5100-5105. - - PurchaseUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - - MarketingUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 - - CatalogUrlHC=http://catalog.api/hc - - OrderingUrlHC=http://ordering.api/hc - - IdentityUrlHC=http://identity.api/hc #Local: Use ${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}, if using external IP or DNS name from browser. - - BasketUrlHC=http://basket.api/hc - - MarketingUrlHC=http://marketing.api/hc - - PaymentUrlHC=http://payment.api/hc - - UseCustomizationData=True - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - ports: - - "5104:80" - - "4104:443" - volumes: - - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:rw - - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:rw - - webmvc: - environment: - - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://+:80;https://+:443 - - PurchaseUrl=http://webshoppingapigw - - IdentityUrl=http://10.0.75.1:4105 # Local Mac: Use http://docker.for.mac.localhost:5105 || Local Windows: Use 10.0.75.1 in a "Docker for Windows" environment, if using "localhost" from browser. || #Remote access: Use ${ESHOP_EXTERNAL_DNS_NAME_OR_IP} if using external IP or DNS name from browser. - - MarketingUrl=http://webmarketingapigw - - CatalogUrlHC=http://catalog.api/hc - - OrderingUrlHC=http://ordering.api/hc - - IdentityUrlHC=http://identity.api/hc #Local: Use ${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}, if using external IP or DNS name from browser. - - BasketUrlHC=http://basket.api/hc - - MarketingUrlHC=http://marketing.api/hc - - PaymentUrlHC=http://payment.api/hc - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - - UseCustomizationData=True - - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - - OrchestratorType=${ORCHESTRATOR_TYPE} - - UseLoadTest=${USE_LOADTEST:-False} - ports: - - "5100:80" - - "4100:443" - volumes: - - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:rw - - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:rw - From 01e13b3ed891b1db0004a51bacd32d088aced966 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:30:13 +0600 Subject: [PATCH 11/26] Delete appsettings.localhost.json --- .../aggregator/appsettings.localhost.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json diff --git a/src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json b/src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json deleted file mode 100644 index 08539a485..000000000 --- a/src/ApiGateways/Mobile.Bff.Shopping/aggregator/appsettings.localhost.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "urls": { - "basket": "http://localhost:55105", - "catalog": "http://localhost:55101", - "orders": "http://localhost:55102", - "identity": "https://localhost:54105" - } -} From 79a26b9e42144257170ff3f1ea7de1b1fd22f183 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:30:53 +0600 Subject: [PATCH 12/26] Delete appsettings.localhost.json --- .../aggregator/appsettings.localhost.json | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json diff --git a/src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json b/src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json deleted file mode 100644 index 08539a485..000000000 --- a/src/ApiGateways/Web.Bff.Shopping/aggregator/appsettings.localhost.json +++ /dev/null @@ -1,8 +0,0 @@ -{ - "urls": { - "basket": "http://localhost:55105", - "catalog": "http://localhost:55101", - "orders": "http://localhost:55102", - "identity": "https://localhost:54105" - } -} From 393a4c90d4cb94d8983c9eb43b46ca656ef5748d Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:31:05 +0600 Subject: [PATCH 13/26] Delete appsettings.json --- .../Basket/Basket.API/appsettings.json | 24 ------------------- 1 file changed, 24 deletions(-) delete mode 100644 src/Services/Basket/Basket.API/appsettings.json diff --git a/src/Services/Basket/Basket.API/appsettings.json b/src/Services/Basket/Basket.API/appsettings.json deleted file mode 100644 index 70970cabd..000000000 --- a/src/Services/Basket/Basket.API/appsettings.json +++ /dev/null @@ -1,24 +0,0 @@ -{ - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Debug", - "System": "Information", - "Microsoft": "Information" - } - }, - "IdentityUrl": "https://localhost:4105", - "ConnectionString": "127.0.0.1", - "AzureServiceBusEnabled": false, - "SubscriptionClientName": "Basket", - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "EventBusRetryCount": 5, - "UseVault": false, - "Vault": { - "Name": "eshop", - "ClientId": "your-clien-id", - "ClientSecret": "your-client-secret" - } -} \ No newline at end of file From f7159d52e7f0a5a602561ea737f218ac466e2bc0 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:31:32 +0600 Subject: [PATCH 14/26] Delete Dockerfile --- src/Services/Identity/Identity.API/Dockerfile | 32 ------------------- 1 file changed, 32 deletions(-) delete mode 100644 src/Services/Identity/Identity.API/Dockerfile diff --git a/src/Services/Identity/Identity.API/Dockerfile b/src/Services/Identity/Identity.API/Dockerfile deleted file mode 100644 index 102fc8c13..000000000 --- a/src/Services/Identity/Identity.API/Dockerfile +++ /dev/null @@ -1,32 +0,0 @@ -ARG NODE_IMAGE=node:8.11 -FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base -WORKDIR /app -EXPOSE 80 -EXPOSE 443 - -FROM microsoft/dotnet:2.1-sdk as dotnet-build -WORKDIR /src - -FROM ${NODE_IMAGE} as node-build -WORKDIR /web -COPY src/Services/Identity/Identity.API . -RUN npm install -g bower@1.8.4 -RUN bower install --allow-root - -FROM dotnet-build as build -WORKDIR /src/src/Services/Identity/Identity.API/wwwroot -COPY --from=node-build /web/wwwroot . -WORKDIR /src -COPY ./Certificates/eShopOnContainers.pfx /root/.aspnet/https/ -COPY . . -WORKDIR /src/src/Services/Identity/Identity.API -RUN dotnet restore -nowarn:msb3202,nu1503 -RUN dotnet build --no-restore -c Release -o /app - -FROM build AS publish -RUN dotnet publish --no-restore -c Release -o /app - -FROM base AS final -WORKDIR /app -COPY --from=publish /app . -ENTRYPOINT ["dotnet", "Identity.API.dll"] From b219ead1c72c0bb5118adb992e4555c95e266b11 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:32:27 +0600 Subject: [PATCH 15/26] Delete Startup.cs --- src/Services/Identity/Identity.API/Startup.cs | 179 ------------------ 1 file changed, 179 deletions(-) delete mode 100644 src/Services/Identity/Identity.API/Startup.cs diff --git a/src/Services/Identity/Identity.API/Startup.cs b/src/Services/Identity/Identity.API/Startup.cs deleted file mode 100644 index 22dd039a0..000000000 --- a/src/Services/Identity/Identity.API/Startup.cs +++ /dev/null @@ -1,179 +0,0 @@ -using Microsoft.eShopOnContainers.Services.Identity.API.Certificates; -using Microsoft.eShopOnContainers.Services.Identity.API.Data; -using Microsoft.eShopOnContainers.Services.Identity.API.Models; -using Microsoft.eShopOnContainers.Services.Identity.API.Services; - -namespace Microsoft.eShopOnContainers.Services.Identity.API -{ - public class Startup - { - public Startup(IConfiguration configuration) - { - Configuration = configuration; - } - - public IConfiguration Configuration { get; } - - // This method gets called by the runtime. Use this method to add services to the container. - public IServiceProvider ConfigureServices(IServiceCollection services) - { - RegisterAppInsights(services); - - // Add framework services. - services.AddDbContext(options => - options.UseSqlServer(Configuration["ConnectionString"], - sqlServerOptionsAction: sqlOptions => - { - sqlOptions.MigrationsAssembly(typeof(Startup).GetTypeInfo().Assembly.GetName().Name); - //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency - sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); - })); - - services.AddIdentity() - .AddEntityFrameworkStores() - .AddDefaultTokenProviders(); - - services.Configure(Configuration); - - services.AddMvc(opts => - { - opts.SslPort = 4105; - opts.RequireHttpsPermanent = true; - }); - - services.AddHttpsRedirection(opts => - { - opts.HttpsPort = 4105; - }); - - if (Configuration.GetValue("IsClusterEnv") == bool.TrueString) - { - services.AddDataProtection(opts => - { - opts.ApplicationDiscriminator = "eshop.identity"; - }) - .PersistKeysToRedis(ConnectionMultiplexer.Connect(Configuration["DPConnectionString"]), "DataProtection-Keys"); - } - - services.AddHealthChecks(checks => - { - var minutes = 1; - if (int.TryParse(Configuration["HealthCheck:Timeout"], out var minutesParsed)) - { - minutes = minutesParsed; - } - checks.AddSqlCheck("Identity_Db", Configuration["ConnectionString"], TimeSpan.FromMinutes(minutes)); - }); - - services.AddTransient, EFLoginService>(); - services.AddTransient(); - - var connectionString = Configuration["ConnectionString"]; - var migrationsAssembly = typeof(Startup).GetTypeInfo().Assembly.GetName().Name; - - // Adds IdentityServer - services.AddIdentityServer(x => x.IssuerUri = "null") - .AddSigningCredential(Certificate.Get()) - .AddAspNetIdentity() - .AddConfigurationStore(options => - { - options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, - sqlServerOptionsAction: sqlOptions => - { - sqlOptions.MigrationsAssembly(migrationsAssembly); - //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency - sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); - }); - }) - .AddOperationalStore(options => - { - options.ConfigureDbContext = builder => builder.UseSqlServer(connectionString, - sqlServerOptionsAction: sqlOptions => - { - sqlOptions.MigrationsAssembly(migrationsAssembly); - //Configuring Connection Resiliency: https://docs.microsoft.com/en-us/ef/core/miscellaneous/connection-resiliency - sqlOptions.EnableRetryOnFailure(maxRetryCount: 15, maxRetryDelay: TimeSpan.FromSeconds(30), errorNumbersToAdd: null); - }); - }) - .Services.AddTransient(); - - var container = new ContainerBuilder(); - container.Populate(services); - - return new AutofacServiceProvider(container.Build()); - } - - // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. - public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) - { - loggerFactory.AddConsole(Configuration.GetSection("Logging")); - loggerFactory.AddDebug(); - loggerFactory.AddAzureWebAppDiagnostics(); - loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); - - if (env.IsDevelopment()) - { - app.UseDeveloperExceptionPage(); - app.UseDatabaseErrorPage(); - } - else - { - app.UseExceptionHandler("/Home/Error"); - app.UseHsts(); - } - - app.UseHttpsRedirection(); - - var pathBase = Configuration["PATH_BASE"]; - if (!string.IsNullOrEmpty(pathBase)) - { - loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); - app.UsePathBase(pathBase); - } - - -#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously - app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); -#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously - - app.UseStaticFiles(); - - - // Make work identity server redirections in Edge and lastest versions of browers. WARN: Not valid in a production environment. - app.Use(async (context, next) => - { - context.Response.Headers.Add("Content-Security-Policy", "script-src 'unsafe-inline'"); - await next(); - }); - - app.UseForwardedHeaders(); - // Adds IdentityServer - app.UseIdentityServer(); - - app.UseMvc(routes => - { - routes.MapRoute( - name: "default", - template: "{controller=Home}/{action=Index}/{id?}"); - }); - } - - private void RegisterAppInsights(IServiceCollection services) - { - services.AddApplicationInsightsTelemetry(Configuration); - var orchestratorType = Configuration.GetValue("OrchestratorType"); - - if (orchestratorType?.ToUpper() == "K8S") - { - // Enable K8s telemetry initializer - services.EnableKubernetes(); - } - if (orchestratorType?.ToUpper() == "SF") - { - // Enable SF telemetry initializer - services.AddSingleton((serviceProvider) => - new FabricTelemetryInitializer()); - } - } - } -} From bca401475a44df9d9258b0e51915ed85ece6bbee Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:33:10 +0600 Subject: [PATCH 16/26] Delete appsettings.json --- .../Identity/Identity.API/appsettings.json | 34 ------------------- 1 file changed, 34 deletions(-) delete mode 100644 src/Services/Identity/Identity.API/appsettings.json diff --git a/src/Services/Identity/Identity.API/appsettings.json b/src/Services/Identity/Identity.API/appsettings.json deleted file mode 100644 index 40cf02804..000000000 --- a/src/Services/Identity/Identity.API/appsettings.json +++ /dev/null @@ -1,34 +0,0 @@ -{ - "ConnectionString": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.IdentityDb;User Id=sa;Password=Pass@word;", - "IsClusterEnv": "False", - "MvcClient": "https://localhost:4100", - "SpaClient": "https://localhost:4104", - "XamarinCallback": "https://localhost:4105/xamarincallback", - "UseCustomizationData": false, - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace", - "System": "Information", - "Microsoft": "Information" - } - }, - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "UseVault": false, - "Vault": { - "Name": "eshop", - "ClientId": "your-clien-id", - "ClientSecret": "your-client-secret" - }, - "Kestrel": { - "Certificates": { - "Default": { - "Path": "./Certificates/eShopOnContainers.pfx", - "Password": "D0tNet@" - } - } - } - -} From 68fb27a7831c8ce405d732eaafea08e32476728f Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:33:22 +0600 Subject: [PATCH 17/26] Delete appsettings.json --- .../Location/Locations.API/appsettings.json | 25 ------------------- 1 file changed, 25 deletions(-) delete mode 100644 src/Services/Location/Locations.API/appsettings.json diff --git a/src/Services/Location/Locations.API/appsettings.json b/src/Services/Location/Locations.API/appsettings.json deleted file mode 100644 index 603322578..000000000 --- a/src/Services/Location/Locations.API/appsettings.json +++ /dev/null @@ -1,25 +0,0 @@ -{ - "ConnectionString": "mongodb://nosql.data", - "Database": "LocationsDb", - "IdentityUrl": "https://localhost:4105", - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace", - "System": "Information", - "Microsoft": "Information" - } - }, - "AzureServiceBusEnabled": false, - "SubscriptionClientName": "Locations", - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "EventBusRetryCount": 5, - "UseVault": false, - "Vault": { - "Name": "eshop", - "ClientId": "your-clien-id", - "ClientSecret": "your-client-secret" - } -} \ No newline at end of file From 117d9f67a3078c5087c59a2288e518e0836f8c89 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:33:30 +0600 Subject: [PATCH 18/26] Delete appsettings.json --- .../Marketing/Marketing.API/appsettings.json | 26 ------------------- 1 file changed, 26 deletions(-) delete mode 100644 src/Services/Marketing/Marketing.API/appsettings.json diff --git a/src/Services/Marketing/Marketing.API/appsettings.json b/src/Services/Marketing/Marketing.API/appsettings.json deleted file mode 100644 index ece52a754..000000000 --- a/src/Services/Marketing/Marketing.API/appsettings.json +++ /dev/null @@ -1,26 +0,0 @@ -{ - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace" - } - }, - "ConnectionString": "Server=tcp:127.0.0.1,5433;Initial Catalog=Microsoft.eShopOnContainers.Services.MarketingDb;User Id=sa;Password=Pass@word", - "MongoConnectionString": "mongodb://nosql.data", - "MongoDatabase": "MarketingDb", - "IdentityUrl": "https://localhost:4105", - "PicBaseUrl": "http://localhost:5110/api/v1/campaigns/[0]/pic/", - "AzureServiceBusEnabled": false, - "SubscriptionClientName": "Marketing", - "AzureStorageEnabled": false, - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "EventBusRetryCount": 5, - "UseVault": false, - "Vault": { - "Name": "eshop", - "ClientId": "your-clien-id", - "ClientSecret": "your-client-secret" - } -} \ No newline at end of file From a11bc8b8e3996443c8fb264fad331bc30b653709 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:33:40 +0600 Subject: [PATCH 19/26] Delete appsettings.json --- .../Ordering/Ordering.API/appsettings.json | 27 ------------------- 1 file changed, 27 deletions(-) delete mode 100644 src/Services/Ordering/Ordering.API/appsettings.json diff --git a/src/Services/Ordering/Ordering.API/appsettings.json b/src/Services/Ordering/Ordering.API/appsettings.json deleted file mode 100644 index bd80e47cc..000000000 --- a/src/Services/Ordering/Ordering.API/appsettings.json +++ /dev/null @@ -1,27 +0,0 @@ -{ - "ConnectionString": "Server=tcp:127.0.0.1,5433;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word;", - "IdentityUrl": "https://localhost:4105", - "UseCustomizationData": false, - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace", - "System": "Information", - "Microsoft": "Information" - } - }, - "AzureServiceBusEnabled": false, - "SubscriptionClientName": "Ordering", - "CheckUpdateTime": "30000", - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "EventBusRetryCount": 5, - "EventBusConnection": "localhost", - "UseVault": false, - "Vault": { - "Name": "eshop", - "ClientId": "your-clien-id", - "ClientSecret": "your-client-secret" - } -} From 1bdb8bcbb1b0f4d4fe6409494f667ca23c06e6f5 Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:34:36 +0600 Subject: [PATCH 20/26] Delete appsettings.json --- .../Ordering/Ordering.SignalrHub/appsettings.json | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100644 src/Services/Ordering/Ordering.SignalrHub/appsettings.json diff --git a/src/Services/Ordering/Ordering.SignalrHub/appsettings.json b/src/Services/Ordering/Ordering.SignalrHub/appsettings.json deleted file mode 100644 index 8bf78a9d0..000000000 --- a/src/Services/Ordering/Ordering.SignalrHub/appsettings.json +++ /dev/null @@ -1,15 +0,0 @@ -{ - "IdentityUrl": "https://localhost:4105", - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace", - "System": "Information", - "Microsoft": "Information" - } - }, - "AzureServiceBusEnabled": false, - "SubscriptionClientName": "Ordering.signalrhub", - "EventBusRetryCount": 5, - "EventBusConnection": "localhost" -} \ No newline at end of file From 51be43441499866866d6bf35d83e0679864b7f9e Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:35:45 +0600 Subject: [PATCH 21/26] Delete appsettings.json --- src/Web/WebMVC/appsettings.json | 36 --------------------------------- 1 file changed, 36 deletions(-) delete mode 100644 src/Web/WebMVC/appsettings.json diff --git a/src/Web/WebMVC/appsettings.json b/src/Web/WebMVC/appsettings.json deleted file mode 100644 index 05a1f35c3..000000000 --- a/src/Web/WebMVC/appsettings.json +++ /dev/null @@ -1,36 +0,0 @@ -{ - "CatalogUrl": "http://localhost:5101", - "OrderingUrl": "http://localhost:5102", - "BasketUrl": "http://localhost:5103", - "MarketingUrl": "http://localhost:5110", - "IdentityUrl": "https://localhost:4105", - "CallBackUrl": "https://localhost:4100/", - "LocationsUrl": "http://localhost:5109/", - "IsClusterEnv": "False", - "UseResilientHttp": "True", - "UseLoadTest": false, - "ActivateCampaignDetailFunction": "False", - "UseCustomizationData": false, - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Trace", - "System": "Information", - "Microsoft": "Information" - } - }, - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "HttpClientRetryCount": 8, - "HttpClientExceptionsAllowedBeforeBreaking": 7, - "Kestrel": { - "Certificates": { - "Default": { - "Path": "./Certificates/eShopOnContainers.pfx", - "Password": "D0tNet@" - } - } - } - -} \ No newline at end of file From 0b2dc64f873343d675116febf8a617b83e04077f Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:36:08 +0600 Subject: [PATCH 22/26] Delete Dockerfile --- src/Web/WebSPA/Dockerfile | 28 ---------------------------- 1 file changed, 28 deletions(-) delete mode 100644 src/Web/WebSPA/Dockerfile diff --git a/src/Web/WebSPA/Dockerfile b/src/Web/WebSPA/Dockerfile deleted file mode 100644 index 9a03bce6d..000000000 --- a/src/Web/WebSPA/Dockerfile +++ /dev/null @@ -1,28 +0,0 @@ -ARG NODE_IMAGE=node:8.11 -FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base -WORKDIR /app -EXPOSE 80 -EXPOSE 443 - -FROM microsoft/dotnet:2.1-sdk as dotnet-build -WORKDIR /src - -FROM ${NODE_IMAGE} as node-build -WORKDIR /web -COPY src/Web/WebSPA . -RUN npm install -RUN npm run build:prod - -FROM dotnet-build as publish -WORKDIR /src/src/Web/WebSPA/wwwroot -COPY --from=node-build /web/wwwroot . -WORKDIR /src -COPY ./Certificates/eShopOnContainers.pfx /root/.aspnet/https/ -COPY . . -WORKDIR /src/src/Web/WebSPA -RUN dotnet publish -c Release -o /app - -FROM base AS final -WORKDIR /app -COPY --from=publish /app . -ENTRYPOINT ["dotnet", "WebSPA.dll"] From 218b97b274a139c986d6207d5c153648e8ba621d Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:36:51 +0600 Subject: [PATCH 23/26] Delete appsettings.json --- src/Web/WebStatus/appsettings.json | 21 --------------------- 1 file changed, 21 deletions(-) delete mode 100644 src/Web/WebStatus/appsettings.json diff --git a/src/Web/WebStatus/appsettings.json b/src/Web/WebStatus/appsettings.json deleted file mode 100644 index 1e04ced4e..000000000 --- a/src/Web/WebStatus/appsettings.json +++ /dev/null @@ -1,21 +0,0 @@ -{ - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Debug", - "System": "Information", - "Microsoft": "Information" - } - }, - "OrderingUrl": "http://localhost:5102/hc", - "OrderingBackgroundTasksUrl": "http://localhost:5111/hc", - "BasketUrl": "http://localhost:5103/hc", - "CatalogUrl": "http://localhost:5101/hc", - "IdentityUrl": "https://localhost:4105/hc", - "MarketingUrl": "http://localhost:5110/hc", - "LocationsUrl": "http://localhost:5109/hc", - "PaymentUrl": "http://localhost:5108/hc", - "ApplicationInsights": { - "InstrumentationKey": "" - } -} From 2ec4e41e43303933fec49b9e67acde044e9436ac Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:37:05 +0600 Subject: [PATCH 24/26] Delete appsettings.json --- src/Web/WebSPA/appsettings.json | 29 ----------------------------- 1 file changed, 29 deletions(-) delete mode 100644 src/Web/WebSPA/appsettings.json diff --git a/src/Web/WebSPA/appsettings.json b/src/Web/WebSPA/appsettings.json deleted file mode 100644 index d843edeec..000000000 --- a/src/Web/WebSPA/appsettings.json +++ /dev/null @@ -1,29 +0,0 @@ -{ - "IdentityUrl": "https://localhost:4105", - "MarketingUrl": "http://localhost:5110", - "CallBackUrl": "https://localhost:4104/", - "PurchaseUrl": "http://localhost:5200", - "UseCustomizationData": true, - "IsClusterEnv": "False", - "ActivateCampaignDetailFunction": true, - "Logging": { - "IncludeScopes": false, - "LogLevel": { - "Default": "Debug", - "System": "Information", - "Microsoft": "Information" - } - }, - "ApplicationInsights": { - "InstrumentationKey": "" - }, - "Kestrel": { - "Certificates": { - "Default": { - "Path": "./Certificates/eShopOnContainers.pfx", - "Password": "D0tNet@" - } - } - } - -} \ No newline at end of file From 22053e33b4a13a028f51f2c83582bab1c1db5b0f Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:37:44 +0600 Subject: [PATCH 25/26] Delete Dockerfile --- src/Web/WebMVC/Dockerfile | 31 ------------------------------- 1 file changed, 31 deletions(-) delete mode 100644 src/Web/WebMVC/Dockerfile diff --git a/src/Web/WebMVC/Dockerfile b/src/Web/WebMVC/Dockerfile deleted file mode 100644 index 3b0e08ea4..000000000 --- a/src/Web/WebMVC/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -ARG NODE_IMAGE=node:8.11 -FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base -WORKDIR /app -EXPOSE 80 -EXPOSE 443 - -FROM microsoft/dotnet:2.1-sdk as dotnet-build -WORKDIR /src - -FROM ${NODE_IMAGE} as node-build -WORKDIR /web -COPY src/Web/WebMVC . -RUN npm install -g bower@1.8.4 -RUN bower install --allow-root - -FROM dotnet-build as build -WORKDIR /src/src/Web/WebMVC/wwwroot -COPY --from=node-build /web/wwwroot . -WORKDIR /src -COPY ./Certificates/eShopOnContainers.pfx /root/.aspnet/https/ -COPY . . -WORKDIR /src/src/Web/WebMVC -RUN dotnet restore -nowarn:msb3202,nu1503 - -FROM build AS publish -RUN dotnet publish --no-restore -c Release -o /app - -FROM base AS final -WORKDIR /app -COPY --from=publish /app . -ENTRYPOINT ["dotnet", "WebMVC.dll"] From e5821ea6c805989852acf89c1765687171c1790f Mon Sep 17 00:00:00 2001 From: Rafsanul Hasan Date: Sat, 1 Sep 2018 17:39:21 +0600 Subject: [PATCH 26/26] Delete Startup.cs --- src/Web/WebSPA/Startup.cs | 160 -------------------------------------- 1 file changed, 160 deletions(-) delete mode 100644 src/Web/WebSPA/Startup.cs diff --git a/src/Web/WebSPA/Startup.cs b/src/Web/WebSPA/Startup.cs deleted file mode 100644 index c0c89f663..000000000 --- a/src/Web/WebSPA/Startup.cs +++ /dev/null @@ -1,160 +0,0 @@ -using eShopOnContainers.WebSPA; -using WebSPA.Infrastructure; - -namespace eShopConContainers.WebSPA -{ - public class Startup - { - public Startup(IConfiguration configuration) - { - Configuration = configuration; - } - - public IConfiguration Configuration { get; } - - private readonly IHostingEnvironment _hostingEnv; - public Startup(IHostingEnvironment env) - { - _hostingEnv = env; - - var localPath = new Uri(Configuration["ASPNETCORE_URLS"])?.LocalPath ?? "/"; - Configuration["BaseUrl"] = localPath; - } - - // This method gets called by the runtime. Use this method to add services to the container. - // For more information on how to configure your application, visit http://go.microsoft.com/fwlink/?LinkID=398940 - public void ConfigureServices(IServiceCollection services) - { - RegisterAppInsights(services); - - services.AddHealthChecks(checks => - { - var minutes = 1; - if (int.TryParse(Configuration["HealthCheck:Timeout"], out var minutesParsed)) - { - minutes = minutesParsed; - } - - checks.AddUrlCheck(Configuration["CatalogUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(Configuration["OrderingUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(Configuration["BasketUrlHC"], TimeSpan.Zero); //No cache for this HealthCheck, better just for demos - checks.AddUrlCheck(Configuration["IdentityUrlHC"], TimeSpan.FromMinutes(minutes)); - checks.AddUrlCheck(Configuration["MarketingUrlHC"], TimeSpan.FromMinutes(minutes)); - - }); - - services.Configure(Configuration); - - if (Configuration.GetValue("IsClusterEnv") == bool.TrueString) - { - services.AddDataProtection(opts => - { - opts.ApplicationDiscriminator = "eshop.webspa"; - }) - .PersistKeysToRedis(ConnectionMultiplexer.Connect(Configuration["DPConnectionString"]), "DataProtection-Keys"); - } - - services.AddAntiforgery(options => options.HeaderName = "X-XSRF-TOKEN"); - - services - .AddMvc(opts => - { - opts.SslPort = 4104; - opts.RequireHttpsPermanent = true; - }) - .AddJsonOptions(options => - { - options.SerializerSettings.ContractResolver = new CamelCasePropertyNamesContractResolver(); - }); - - services.AddHttpsRedirection(opts => - { - opts.HttpsPort = 4104; - }); - } - - - // This method gets called by the runtime. Use this method to configure the HTTP request pipeline. - public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory, IAntiforgery antiforgery) - { - - loggerFactory.AddAzureWebAppDiagnostics(); - loggerFactory.AddApplicationInsights(app.ApplicationServices, LogLevel.Trace); - - if (env.IsDevelopment()) - { - app.UseDeveloperExceptionPage(); - } - else - { - app.UseHsts(); - } - - app.UseHttpsRedirection(); - - // Configure XSRF middleware, This pattern is for SPA style applications where XSRF token is added on Index page - // load and passed back token on every subsequent async request - // app.Use(async (context, next) => - // { - // if (string.Equals(context.Request.Path.Value, "/", StringComparison.OrdinalIgnoreCase)) - // { - // var tokens = antiforgery.GetAndStoreTokens(context); - // context.Response.Cookies.Append("XSRF-TOKEN", tokens.RequestToken, new CookieOptions() { HttpOnly = false }); - // } - // await next.Invoke(); - // }); - - //Seed Data - WebContextSeed.Seed(app, env, loggerFactory); - - var pathBase = Configuration["PATH_BASE"]; - if (!string.IsNullOrEmpty(pathBase)) - { - loggerFactory.CreateLogger("init").LogDebug($"Using PATH BASE '{pathBase}'"); - app.UsePathBase(pathBase); - } - - -#pragma warning disable CS1998 // Async method lacks 'await' operators and will run synchronously - app.Map("/liveness", lapp => lapp.Run(async ctx => ctx.Response.StatusCode = 200)); -#pragma warning restore CS1998 // Async method lacks 'await' operators and will run synchronously - - app.Use(async (context, next) => - { - await next(); - - // If there's no available file and the request doesn't contain an extension, we're probably trying to access a page. - // Rewrite request to use app root - if (context.Response.StatusCode == 404 && !Path.HasExtension(context.Request.Path.Value) && !context.Request.Path.Value.StartsWith("/api")) - { - context.Request.Path = "/index.html"; - context.Response.StatusCode = 200; // Make sure we update the status code, otherwise it returns 404 - await next(); - } - }); - - app.UseDefaultFiles(); - app.UseStaticFiles(); - - app.UseMvcWithDefaultRoute(); - } - - private void RegisterAppInsights(IServiceCollection services) - { - services.AddApplicationInsightsTelemetry(Configuration); - var orchestratorType = Configuration.GetValue("OrchestratorType"); - - if (orchestratorType?.ToUpper() == "K8S") - { - // Enable K8s telemetry initializer - services.EnableKubernetes(); - } - if (orchestratorType?.ToUpper() == "SF") - { - // Enable SF telemetry initializer - services.AddSingleton((serviceProvider) => - new FabricTelemetryInitializer()); - } - } - } -}