Update README.md

.gitignore

@@ -1,6 +1,13 @@
 ## Ignore Visual Studio temporary files, build results, and
 ## files generated by popular Visual Studio add-ons.
 
+# docker-compose secrets
+src/docker-compose.certificates.yml
+
+# local history
+.history
+.vshistory
+
 # User-specific files
 *.suo
 *.user

deploy/certificates/.gitignore

@@ -0,0 +1,4 @@
+*.key
+*.pem
+*.pfx
+*.txt

deploy/certificates/README.md

@@ -0,0 +1,40 @@
+# Setup dev certificates deploying to Docker Desktop
+
+1. Create a self-signed certificate
+2. Install certificates
+3. Configure the services
+
+## 1 - Create the self-signed certificate (`.pem + .key`) and its `.pfx` file
+
+**From WSL**, run the `create-docker-certificate.sh` script with a strong password for the certificate.
+
+```bash
+./create-docker-certificate.sh "secure-COMPLEX-and-SECRET-password"
+```
+
+The script creates a certificate for both `host.docker.internal` and `localhost`.
+
+### 2 - Install the certificates
+
+Run the `install-docker-certificate.ps1` with the same password you used above:
+
+```powershell
+.\install-docker-certificate.ps1 "secure-COMPLEX-and-SECRET-password"
+```
+
+The above script:
+
+1. Imports the certificate in the current user root CA store.
+2. Copies the certificate files to the `%USERPROFILE%\.aspnet\https` folder. Servers will serve the certificate from this folder.
+3. Copies the `.pem` file as `.crt` to the src\certificates folder to add it as a root CA when building the images for some services.
+
+### 3 - Configure some services to serve the certificates
+
+1. Copy the `src\docker-compose.certificates.sample.yml` file as `src\docker-compose.certificates.yml`
+2. Configure the password you assigned to the certificates in the settings `ASPNETCORE_Kestrel__Certificates__Default__Password`
+
+> **IMPORTANT**
+>
+> The `src\docker-compose.certificates.yaml` file is .gitignore'd to avoid pushing it to the repo with the certificate password.
+>
+> To avoid security risks, **DON'T FORCE PUSH the file**.

deploy/certificates/create-docker-certificate.sh

@@ -0,0 +1,22 @@
+echo "creating base certificate (.pem) and private key (.key) files..."
+openssl req \
+  -x509 \
+  -days 365 \
+  -out docker-self-signed.pem \
+  -keyout docker-self-signed.key \
+  -newkey rsa:2048 -nodes -sha256 \
+  -subj '/CN=host.docker.internal' \
+  -extensions EXT \
+  -config <( \
+    printf "[dn]\nCN=host.docker.internal\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName='DNS.1:host.docker.internal,DNS.2:localhost'\nkeyUsage=digitalSignature,keyCertSign\nextendedKeyUsage=serverAuth")
+
+echo "printing text version..."
+openssl x509 -in docker-self-signed.pem -text -noout > docker-self-signed.txt
+
+echo "generating certificate container file (.pfx)..."
+openssl pkcs12 -export \
+  -inkey docker-self-signed.key \
+  -in docker-self-signed.pem \
+  -out docker-self-signed.pfx \
+  -name "Docker development certificate" \
+  -password pass:$1

deploy/certificates/install-docker-certificate.ps1

@@ -0,0 +1,17 @@
+param (
+    [Parameter(Mandatory = $true)]
+    [string]$Password
+)
+
+# Import into current user root CA store
+$CertPassword = ConvertTo-SecureString -String "$Password" -Force -AsPlainText
+Import-PfxCertificate -Exportable -FilePath .\docker-self-signed.pfx -CertStoreLocation Cert:\CurrentUser\Root\ -Password $CertPassword
+
+# Copy to user profile to use as HTTPS certificate in server containers
+mkdir $env:USERPROFILE\.aspnet\https -Force
+Copy-Item docker-self-signed.pem $env:USERPROFILE\.aspnet\https -Force
+Copy-Item docker-self-signed.key $env:USERPROFILE\.aspnet\https -Force
+Copy-Item docker-self-signed.pfx $env:USERPROFILE\.aspnet\https -Force
+
+# Copy to src folder to register as a root CA in client containers
+Copy-Item docker-self-signed.pem ..\..\src\certificates\docker-self-signed.crt  -Force

src/.env

@@ -6,8 +6,8 @@
 
 # Use this values to run the app locally in Windows
 ESHOP_EXTERNAL_DNS_NAME_OR_IP=host.docker.internal
-ESHOP_STORAGE_CATALOG_URL=http://host.docker.internal:5202/c/api/v1/catalog/items/[0]/pic/
-ESHOP_STORAGE_MARKETING_URL=http://host.docker.internal:5110/api/v1/campaigns/[0]/pic/
+ESHOP_STORAGE_CATALOG_URL=https://host.docker.internal:5202/c/api/v1/catalog/items/[0]/pic/
+ESHOP_STORAGE_MARKETING_URL=https://host.docker.internal:5110/api/v1/campaigns/[0]/pic/
 
 # Use this values to run the app locally in Mac
 # ESHOP_EXTERNAL_DNS_NAME_OR_IP=docker.for.mac.localhost

src/.gitignore

@@ -0,0 +1 @@
+certificates

src/ApiGateways/Envoy/config/webshopping/envoy.yaml

@@ -6,10 +6,11 @@ admin:
       port_value: 8001
 static_resources:
   listeners:
-  - address:
+  - name: listener_https
+    address:
       socket_address:
         address: 0.0.0.0
-        port_value: 80
+        port_value: 443
     filter_chains:
     - filters:
       - name: envoy.http_connection_manager
@@ -22,6 +23,109 @@ static_resources:
             - name: eshop_backend
               domains:
               - "*"
+              # - "localhost"
+              # - "host.docker.internal"
+              routes:
+              - name: "c-short"
+                match:
+                  prefix: "/c/"
+                route:
+                  auto_host_rewrite: true
+                  prefix_rewrite: "/catalog-api/"
+                  cluster: catalog
+              - name: "c-long"
+                match:
+                  prefix: "/catalog-api/"
+                route:
+                  auto_host_rewrite: true
+                  cluster: catalog
+              - name: "o-short"
+                match:
+                  prefix: "/o/"
+                route:
+                  auto_host_rewrite: true
+                  prefix_rewrite: "/ordering-api/"
+                  cluster: ordering
+              - name: "o-long"
+                match:
+                  prefix: "/ordering-api/"
+                route:
+                  auto_host_rewrite: true
+                  cluster: ordering
+              - name: "h-long"
+                match:
+                  prefix: "/hub/notificationhub"
+                route:
+                  auto_host_rewrite: true
+                  cluster: signalr-hub
+                  timeout: 300s
+                  upgrade_configs:
+                    upgrade_type: "websocket"
+                    enabled: true
+              - name: "b-short"
+                match:
+                  prefix: "/b/"
+                route:
+                  auto_host_rewrite: true
+                  prefix_rewrite: "/basket-api/"
+                  cluster: basket
+              - name: "b-long"
+                match:
+                  prefix: "/basket-api/"
+                route:
+                  auto_host_rewrite: true
+                  cluster: basket
+              - name: "agg"
+                match:
+                  prefix: "/"
+                route:
+                  auto_host_rewrite: true
+                  prefix_rewrite: "/"
+                  cluster: shoppingagg
+          http_filters:
+          - name: envoy.router
+          access_log:
+          - name: envoy.file_access_log
+            filter:
+              not_health_check_filter: {}
+            config:
+              json_format:
+                time: "%START_TIME%"
+                protocol: "%PROTOCOL%"
+                duration: "%DURATION%"
+                request_method: "%REQ(:METHOD)%"
+                request_host: "%REQ(HOST)%"
+                path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%"
+                response_flags: "%RESPONSE_FLAGS%"
+                route_name: "%ROUTE_NAME%"
+                upstream_host: "%UPSTREAM_HOST%"
+                upstream_cluster: "%UPSTREAM_CLUSTER%"
+                upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%"
+              path: "/tmp/access.log"
+      tls_context:
+        common_tls_context:
+          tls_certificates:
+            - certificate_chain:
+                filename: "/https/docker-self-signed.pem"
+              private_key:
+                filename: "/https/docker-self-signed.key"
+  - name: listener_http
+    address:
+      socket_address:
+        address: 0.0.0.0
+        port_value: 80
+    filter_chains:
+    - filters:
+      - name: envoy.http_connection_manager
+        config:
+          codec_type: auto
+          stat_prefix: ingress_http
+          route_config:
+            name: eshop_backend_route
+            virtual_hosts:
+            - name: eshop_backend
+              domains:
+              - "webshoppingapigw"
               routes:
               - name: "c-short"
                 match:

src/ApiGateways/Web.Bff.Shopping/aggregator/Dockerfile

@@ -1,5 +1,7 @@
 FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base
-WORKDIR /app
+WORKDIR /usr/local/share/ca-certificates
+COPY "certificates/docker-self-signed.crt" .
+RUN update-ca-certificates
 EXPOSE 80
 
 FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build

src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs

@@ -64,7 +64,7 @@ namespace Microsoft.eShopOnContainers.Web.Shopping.HttpAggregator
                 app.UseDeveloperExceptionPage();
             }
             
-            app.UseHttpsRedirection();
+            // app.UseHttpsRedirection();
 
             app.UseSwagger().UseSwaggerUI(c =>
             {

src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs

@@ -72,7 +72,7 @@ namespace Ordering.BackgroundTasks.Tasks
                     conn.Open();
                     orderIds = conn.Query<int>(
                         @"SELECT Id FROM [ordering].[orders] 
-                            WHERE DATEDIFF(minute, [OrderDate], GETDATE()) >= @GracePeriodTime
+                            WHERE DATEDIFF(second, [OrderDate], GETDATE()) >= @GracePeriodTime
                             AND [OrderStatusId] = 1",
                         new { _settings.GracePeriodTime });
                 }

src/Web/WebMVC/Dockerfile

@@ -1,5 +1,7 @@
 FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base
-WORKDIR /app
+WORKDIR /usr/local/share/ca-certificates
+COPY "certificates/docker-self-signed.crt" .
+RUN update-ca-certificates
 EXPOSE 80
 
 FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build

src/Web/WebMVC/Program.cs

@@ -52,18 +52,15 @@ namespace Microsoft.eShopOnContainers.WebMVC
         {
             var seqServerUrl = configuration["Serilog:SeqServerUrl"];
             var logstashUrl = configuration["Serilog:LogstashgUrl"];
-            var cfg = new LoggerConfiguration()
+            return new LoggerConfiguration()
                 .ReadFrom.Configuration(configuration)
                 .Enrich.WithProperty("ApplicationContext", AppName)
                 .Enrich.FromLogContext()
-                .WriteTo.Console();
-            if (!string.IsNullOrWhiteSpace(seqServerUrl)) {
-                cfg.WriteTo.Seq(seqServerUrl);
-            }
-            if (!string.IsNullOrWhiteSpace(logstashUrl)) {
-                cfg.WriteTo.Http(logstashUrl);
-            }
-            return cfg.CreateLogger();
+                .WriteTo.Console()
+                .WriteTo.Seq(string.IsNullOrWhiteSpace(seqServerUrl) ? "http://seq" : seqServerUrl)
+                .WriteTo.Http(string.IsNullOrWhiteSpace(logstashUrl) ? "http://logstash:8080" : logstashUrl)
+                .ReadFrom.Configuration(configuration)
+                .CreateLogger();
         }
 
         private static IConfiguration GetConfiguration()

src/docker-compose.certificates.sample.yml

@@ -0,0 +1,39 @@
+version: '3.4'
+
+services:
+
+  identity-api:
+    environment:
+      - ASPNETCORE_URLS=https://+:443;http://+:80
+      - ASPNETCORE_Kestrel__Certificates__Default__Password=<secure-COMPLEX-and-SECRET-password>
+      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx
+    volumes:
+      - ~/.aspnet/https:/https:ro
+
+  webstatus:
+    environment:
+      - ASPNETCORE_URLS=https://+:443
+      - ASPNETCORE_Kestrel__Certificates__Default__Password=<secure-COMPLEX-and-SECRET-password>
+      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx
+    volumes:
+      - ~/.aspnet/https:/https:ro
+
+  webmvc:
+    environment:
+      - ASPNETCORE_URLS=https://+:443;http://+:80
+      - ASPNETCORE_Kestrel__Certificates__Default__Password=<secure-COMPLEX-and-SECRET-password>
+      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx
+    volumes:
+      - ~/.aspnet/https:/https:ro
+
+  webspa:
+    environment:
+      - ASPNETCORE_URLS=https://+:443;http://+:80
+      - ASPNETCORE_Kestrel__Certificates__Default__Password=<secure-COMPLEX-and-SECRET-password>
+      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx
+    volumes:
+      - ~/.aspnet/https:/https:ro
+
+  webshoppingapigw:
+    volumes:
+      - ~/.aspnet/https:/https:ro

src/docker-compose.override.yml

@@ -41,32 +41,35 @@ services:
   identity-api:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
-      - SpaClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104
-      - XamarinCallback=http://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback
+      - ASPNETCORE_URLS=http://+:80
+      - SpaClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104
+      - XamarinCallback=https://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback
       - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word}
-      - MvcClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100
-      - LocationApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109
-      - MarketingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110
-      - BasketApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103
-      - OrderingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102
-      - MobileShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120
-      - WebShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121
-      - WebhooksApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113
-      - WebhooksWebClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114
+      - MvcClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100
+      - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/locations-api
+      - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/marketing-api
+      - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/basket-api
+      - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/ordering-api
+      - MobileShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120
+      - WebShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121
+      - WebhooksApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113
+      - WebhooksWebClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114
       - UseCustomizationData=True
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}
+      - Serilog__MinimumLevel__Override__IdentityServer4=Verbose
+      - Serilog__MinimumLevel__Override__Microsoft=Warning
     ports:
-      - "5105:80"
+      - "80" # We need internal HTTP access for inter-service communications
+      - "5105:443"
 
   basket-api:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - ConnectionString=${ESHOP_AZURE_REDIS_BASKET_DB:-basketdata}
       - identityUrl=http://identity-api
-      - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
+      - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
       - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq}
       - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME}
       - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD}
@@ -78,7 +81,8 @@ services:
       - GRPC_PORT=81
       - PORT=80
     ports:
-      - "5103:80"
+      - "80" # We need internal HTTP access for inter-service communications
+      - "5103:443"
       - "9103:81"
 
   catalog-api:
@@ -96,20 +100,22 @@ services:
       - AzureStorageEnabled=False
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}
+      - Serilog__MinimumLevel__Override__Microsoft=Warning
       - GRPC_PORT=81
       - PORT=80
       - PATH_BASE=/catalog-api
     ports:
-      - "5101:80"
+      - "80" # We need internal HTTP access for inter-service communications
+      - "5101:443"
       - "9101:81"
 
   ordering-api:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word}
       - identityUrl=http://identity-api
-      - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
+      - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
       - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq}
       - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME}
       - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD}
@@ -125,13 +131,14 @@ services:
       - GRPC_PORT=81
       - PORT=80
     ports:
-      - "5102:80"
+      - "80" # We need internal HTTP access for inter-service communications
+      - "5102:443"
       - "9102:81"
 
   ordering-backgroundtasks:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word}
       - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq}
       - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME}
@@ -139,7 +146,7 @@ services:
       - UseCustomizationData=True
       - AzureServiceBusEnabled=False
       - CheckUpdateTime=30000
-      - GracePeriodTime=1
+      - GracePeriodTime=15
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}
       - UseLoadTest=${USE_LOADTEST:-False}
@@ -170,12 +177,13 @@ services:
       - UseLoadTest=${USE_LOADTEST:-False}
       - PATH_BASE=/marketing-api
     ports:
-      - "5110:80"
+      - "80" # We need internal HTTP access for inter-service communications
+      - "5110:443"
 
   payment-api:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq}
       - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME}
       - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD}
@@ -183,6 +191,7 @@ services:
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}
       - Serilog__MinimumLevel__Override__payment-api.IntegrationEvents.EventHandling=Verbose
+      - Serilog__MinimumLevel__Override__Microsoft=Warning
       - Serilog__MinimumLevel__Override__Microsoft.eShopOnContainers.BuildingBlocks.EventBusRabbitMQ=Verbose
     ports:
       - "5108:80"
@@ -190,11 +199,11 @@ services:
   locations-api:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - ConnectionString=${ESHOP_AZURE_COSMOSDB:-mongodb://nosqldata}
       - Database=LocationsDb
       - identityUrl=http://identity-api
-      - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
+      - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
       - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq}
       - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME}
       - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD}
@@ -237,7 +246,7 @@ services:
     volumes:
       - ./ApiGateways/Envoy/config/webshopping:/etc/envoy
     ports:
-    - "5202:80"
+    - "5202:443"
     - "15202:8001"
 
   webmarketingapigw:
@@ -264,7 +273,7 @@ services:
       - MarketingUrlHC=http://marketing-api/hc
       - PaymentUrlHC=http://payment-api/hc
       - LocationUrlHC=http://locations-api/hc
-      - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
+      - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
     ports:
       - "5120:80"
 
@@ -285,14 +294,15 @@ services:
       - MarketingUrlHC=http://marketing-api/hc
       - PaymentUrlHC=http://payment-api/hc
       - LocationUrlHC=http://locations-api/hc
-      - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
+      - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
     ports:
-      - "5121:80"
+      - "80" # We need internal HTTP access for inter-service communications
+      - "5121:443"
 
   ordering-signalrhub:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq}
       - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME}
       - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD}
@@ -336,42 +346,45 @@ services:
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}
     ports:
-      - "5107:80"
+      - "5107:443"
 
   webspa:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
-      - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
-      - PurchaseUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202
-      - MarketingUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203
+      - ASPNETCORE_URLS=http://+:80
+      - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
+      - PurchaseUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202
+      - MarketingUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203
       - IdentityUrlHC=http://identity-api/hc
       - UseCustomizationData=True
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}
-      - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202
+      - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202
     ports:
-      - "5104:80"
+      - "80" # We need internal HTTP access for healthchecks
+      - "5104:443"
 
   webmvc:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - PurchaseUrl=http://webshoppingapigw
-      - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
+      - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
       - MarketingUrl=http://webmarketingapigw
-      - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202
+      - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202
       - IdentityUrlHC=http://identity-api/hc
       - UseCustomizationData=True
       - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY}
       - OrchestratorType=${ORCHESTRATOR_TYPE}
       - UseLoadTest=${USE_LOADTEST:-False}
+      - Serilog__MinimumLevel__Override__Microsoft=Warning
     ports:
-      - "5100:80"
+      - "80" # We need internal HTTP access for healthchecks
+      - "5100:443"
 
   webhooks-client:
     environment:
-      - ASPNETCORE_URLS=http://0.0.0.0:80
+      - ASPNETCORE_URLS=http://+:80
       - Token=6168DB8D-DC58-4094-AF24-483278923590      # Webhooks are registered with this token (any value is valid) but the client won't check it
       - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105
       - CallBackUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114

src/docker-compose.yml

@@ -186,7 +186,7 @@ services:
       - webhooks-api
 
   webshoppingapigw:
-    image: envoyproxy/envoy:v1.11.1
+    image: envoyproxy/envoy:v1.14.4
 
   webmarketingapigw:
-    image: envoyproxy/envoy:v1.11.1
+    image: envoyproxy/envoy:v1.14.4

src/start.ps1

@@ -0,0 +1,8 @@
+
+if ($args.Count -eq 0) {
+    docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d
+} elseif ($args.Count -eq 1 -and $args[0] -eq "infra") {
+    docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d seq sqldata nosqldata basketdata rabbitmq
+} else {
+    docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d $args
+}