Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/dockerise gateway #9

Closed
wants to merge 2 commits into from
Closed

Feature/dockerise gateway #9

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
df729ff
Added callback for authorize
tom-schier Jul 30, 2023
39903e5
Added dockerfile and conf file
Sep 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions Source/CdrAuthServer.TLS.Gateway/gateway-config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,22 @@
],
"DangerousAcceptAnyServerCertificateValidator": true
},
// authorize callback
{
"DownstreamPathTemplate": "/connect/authorize-callback",
"DownstreamScheme": "https",
"DownstreamHostAndPorts": [
{
"Host": "localhost",
"Port": 8001
}
],
"UpstreamPathTemplate": "/connect/authorize-callback",
"UpstreamHttpMethod": [
"GET"
],
"DangerousAcceptAnyServerCertificateValidator": true
},
// JWKS
{
"DownstreamPathTemplate": "/.well-known/openid-configuration/jwks",
Expand Down
69 changes: 69 additions & 0 deletions Source/Dockerfile.gateway.mtls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
# The "non-standalone" CdrAuthServer has gateways.
# This image seems to only be needed for the "build-for-fapi-testing" pipeline

###############################################################################
# Build base layer
###############################################################################
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base

WORKDIR /app
EXPOSE 8082

ENV ASPNETCORE_ENVIRONMENT=Release


###############################################################################
# Build CdrAuthServer API layer
###############################################################################
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ./ .

FROM build AS publish

COPY ./CdrAuthServer.Infrastructure/. /app/CdrAuthServer.Infrastructure
COPY ./CdrAuthServer.mTLS.Gateway/. /app/CdrAuthServer.mTLS.Gateway

WORKDIR /app/CdrAuthServer.mTLS.Gateway
RUN dotnet publish -c Release -o /app/publish/gateway-mtls

COPY supervisord.gateway.mtls.conf /app/publish/supervisord.gateway.mtls.conf

###############################################################################
# Build final layer
###############################################################################
FROM base AS final
WORKDIR /app

# Auth API ####################################################################
COPY --from=publish /app/publish/supervisord.gateway.mtls.conf .
COPY --from=publish /app/publish/gateway-mtls ./gateway-mtls


RUN apt-get update && apt-get install -y supervisor
RUN apt-get update && apt-get install -y sudo

# Install wget for use in health checks
RUN apt-get update && apt-get install -y wget && rm -rf /var/lib/apt/lists/*
RUN sudo cp ./gateway-mtls/Certificates/ca.crt /usr/local/share/ca-certificates/ca.crt
RUN sudo update-ca-certificates

# Run as non-root user
RUN addgroup --group appgroup --gid 2000
RUN adduser --uid 1000 --gid 2000 "appuser"
RUN chown -R appuser:appgroup /app
RUN chown -R appuser:appgroup /usr/bin
RUN chown -R appuser:appgroup /usr/local
RUN chown -R appuser:appgroup /tmp
USER appuser:appgroup

ENV ASPNETCORE_URLS=https://+:8081;https://+:8082
ENV CdrAuthServer__BaseUri=https://localhost:8081
ENV CdrAuthServer__SecureBaseUri=https://localhost:8082
ENV CdrAuthServer__Issuer=https://localhost:8081
ENV CdrAuthServer__CdrRegister__SsaJwksUri=https://localhost:7000/cdr-register/v1/jwks
ENV CdrAuthServer__HttpsPort=8001


# Entry point #################################################################
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/app/supervisord.gateway.mtls.conf", "-u", "1000"]
68 changes: 68 additions & 0 deletions Source/Dockerfile.gateway.tls
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,68 @@
# The "non-standalone" CdrAuthServer has gateways.
# This image seems to only be needed for the "build-for-fapi-testing" pipeline

###############################################################################
# Build base layer
###############################################################################
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base

WORKDIR /app
EXPOSE 8081

ENV ASPNETCORE_ENVIRONMENT=Release


###############################################################################
# Build CdrAuthServer API layer
###############################################################################
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ./ .

FROM build AS publish

COPY ./CdrAuthServer.Infrastructure/. /app/CdrAuthServer.Infrastructure
COPY ./CdrAuthServer.TLS.Gateway/. /app/CdrAuthServer.TLS.Gateway

WORKDIR /app/CdrAuthServer.TLS.Gateway
RUN dotnet publish -c Release -o /app/publish/gateway-tls

COPY supervisord.gateway.tls.conf /app/publish/supervisord.gateway.tls.conf
COPY ./CdrAuthServer.mTLS.Gateway/Certificates/ca.crt /app/publish/gateway-tls/Certificates/ca.crt
###############################################################################
# Build final layer
###############################################################################
FROM base AS final
WORKDIR /app

# Auth API ####################################################################
COPY --from=publish /app/publish/supervisord.gateway.tls.conf .
COPY --from=publish /app/publish/gateway-tls ./gateway-tls

RUN apt-get update && apt-get install -y supervisor
RUN apt-get update && apt-get install -y sudo

# Install wget for use in health checks
RUN apt-get update && apt-get install -y wget && rm -rf /var/lib/apt/lists/*
RUN sudo cp ./gateway-tls/Certificates/ca.crt /usr/local/share/ca-certificates/ca.crt
RUN sudo update-ca-certificates

# Run as non-root user
RUN addgroup --group appgroup --gid 2000
RUN adduser --uid 1000 --gid 2000 "appuser"
RUN chown -R appuser:appgroup /app
RUN chown -R appuser:appgroup /usr/bin
RUN chown -R appuser:appgroup /usr/local
RUN chown -R appuser:appgroup /tmp
USER appuser:appgroup

ENV ASPNETCORE_URLS=https://+:8081;https://+:8082
ENV CdrAuthServer__BaseUri=https://localhost:8081
ENV CdrAuthServer__SecureBaseUri=https://localhost:8082
ENV CdrAuthServer__Issuer=https://localhost:8081
ENV CdrAuthServer__CdrRegister__SsaJwksUri=https://localhost:7000/cdr-register/v1/jwks
ENV CdrAuthServer__HttpsPort=8001


# Entry point #################################################################
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/app/supervisord.gateway.tls.conf", "-u", "1000"]
11 changes: 11 additions & 0 deletions Source/supervisord.gateway.mtls.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[supervisord]
nodaemon=true
logfile=/tmp/supervisord.log
childlogdir=/tmp

[program:CdrAuthServer.mTLS.Gateway]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
directory=/app/gateway-mtls
command=/usr/bin/dotnet /app/gateway-mtls/CdrAuthServer.mTLS.Gateway.dll

11 changes: 11 additions & 0 deletions Source/supervisord.gateway.tls.conf
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
[supervisord]
nodaemon=true
logfile=/tmp/supervisord.log
childlogdir=/tmp

[program:CdrAuthServer.TLS.Gateway]
stdout_logfile=/dev/stdout
stdout_logfile_maxbytes=0
directory=/app/gateway-tls
command=/usr/bin/dotnet /app/gateway-tls/CdrAuthServer.TLS.Gateway.dll

Loading