diff --git a/.gitignore b/.gitignore index 2be2528096..483d813f24 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,13 @@ ## Ignore Visual Studio temporary files, build results, and ## files generated by popular Visual Studio add-ons. +# docker-compose secrets +src/docker-compose.certificates.yml + +# local history +.history +.vshistory + # User-specific files *.suo *.user diff --git a/deploy/certificates/.gitignore b/deploy/certificates/.gitignore new file mode 100644 index 0000000000..bddb2cc221 --- /dev/null +++ b/deploy/certificates/.gitignore @@ -0,0 +1,4 @@ +*.key +*.pem +*.pfx +*.txt diff --git a/deploy/certificates/README.md b/deploy/certificates/README.md new file mode 100644 index 0000000000..6e326db632 --- /dev/null +++ b/deploy/certificates/README.md @@ -0,0 +1,40 @@ +# Setup dev certificates deploying to Docker Desktop + +1. Create a self-signed certificate +2. Install certificates +3. Configure the services + +## 1 - Create the self-signed certificate (`.pem + .key`) and its `.pfx` file + +**From WSL**, run the `create-docker-certificate.sh` script with a strong password for the certificate. + +```bash +./create-docker-certificate.sh "secure-COMPLEX-and-SECRET-password" +``` + +The script creates a certificate for both `host.docker.internal` and `localhost`. + +### 2 - Install the certificates + +Run the `install-docker-certificate.ps1` with the same password you used above: + +```powershell +.\install-docker-certificate.ps1 "secure-COMPLEX-and-SECRET-password" +``` + +The above script: + +1. Imports the certificate in the current user root CA store. +2. Copies the certificate files to the `%USERPROFILE%\.aspnet\https` folder. Servers will serve the certificate from this folder. +3. Copies the `.pem` file as `.crt` to the src\certificates folder to add it as a root CA when building the images for some services. + +### 3 - Configure some services to serve the certificates + +1. Copy the `src\docker-compose.certificates.sample.yml` file as `src\docker-compose.certificates.yml` +2. Configure the password you assigned to the certificates in the settings `ASPNETCORE_Kestrel__Certificates__Default__Password` + +> **IMPORTANT** +> +> The `src\docker-compose.certificates.yaml` file is .gitignore'd to avoid pushing it to the repo with the certificate password. +> +> To avoid security risks, **DON'T FORCE PUSH the file**. diff --git a/deploy/certificates/create-docker-certificate.sh b/deploy/certificates/create-docker-certificate.sh new file mode 100644 index 0000000000..93cf932393 --- /dev/null +++ b/deploy/certificates/create-docker-certificate.sh @@ -0,0 +1,22 @@ +echo "creating base certificate (.pem) and private key (.key) files..." +openssl req \ + -x509 \ + -days 365 \ + -out docker-self-signed.pem \ + -keyout docker-self-signed.key \ + -newkey rsa:2048 -nodes -sha256 \ + -subj '/CN=host.docker.internal' \ + -extensions EXT \ + -config <( \ + printf "[dn]\nCN=host.docker.internal\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName='DNS.1:host.docker.internal,DNS.2:localhost'\nkeyUsage=digitalSignature,keyCertSign\nextendedKeyUsage=serverAuth") + +echo "printing text version..." +openssl x509 -in docker-self-signed.pem -text -noout > docker-self-signed.txt + +echo "generating certificate container file (.pfx)..." +openssl pkcs12 -export \ + -inkey docker-self-signed.key \ + -in docker-self-signed.pem \ + -out docker-self-signed.pfx \ + -name "Docker development certificate" \ + -password pass:$1 diff --git a/deploy/certificates/install-docker-certificate.ps1 b/deploy/certificates/install-docker-certificate.ps1 new file mode 100644 index 0000000000..90cf77a9da --- /dev/null +++ b/deploy/certificates/install-docker-certificate.ps1 @@ -0,0 +1,17 @@ +param ( + [Parameter(Mandatory = $true)] + [string]$Password +) + +# Import into current user root CA store +$CertPassword = ConvertTo-SecureString -String "$Password" -Force -AsPlainText +Import-PfxCertificate -Exportable -FilePath .\docker-self-signed.pfx -CertStoreLocation Cert:\CurrentUser\Root\ -Password $CertPassword + +# Copy to user profile to use as HTTPS certificate in server containers +mkdir $env:USERPROFILE\.aspnet\https -Force +Copy-Item docker-self-signed.pem $env:USERPROFILE\.aspnet\https -Force +Copy-Item docker-self-signed.key $env:USERPROFILE\.aspnet\https -Force +Copy-Item docker-self-signed.pfx $env:USERPROFILE\.aspnet\https -Force + +# Copy to src folder to register as a root CA in client containers +Copy-Item docker-self-signed.pem ..\..\src\certificates\docker-self-signed.crt -Force diff --git a/src/.env b/src/.env index 96b8016507..fbeaf495d2 100644 --- a/src/.env +++ b/src/.env @@ -6,8 +6,8 @@ # Use this values to run the app locally in Windows ESHOP_EXTERNAL_DNS_NAME_OR_IP=host.docker.internal -ESHOP_STORAGE_CATALOG_URL=http://host.docker.internal:5202/c/api/v1/catalog/items/[0]/pic/ -ESHOP_STORAGE_MARKETING_URL=http://host.docker.internal:5110/api/v1/campaigns/[0]/pic/ +ESHOP_STORAGE_CATALOG_URL=https://host.docker.internal:5202/c/api/v1/catalog/items/[0]/pic/ +ESHOP_STORAGE_MARKETING_URL=https://host.docker.internal:5110/api/v1/campaigns/[0]/pic/ # Use this values to run the app locally in Mac # ESHOP_EXTERNAL_DNS_NAME_OR_IP=docker.for.mac.localhost diff --git a/src/.gitignore b/src/.gitignore new file mode 100644 index 0000000000..fa69a6ea0c --- /dev/null +++ b/src/.gitignore @@ -0,0 +1 @@ +certificates diff --git a/src/ApiGateways/Envoy/config/webshopping/envoy.yaml b/src/ApiGateways/Envoy/config/webshopping/envoy.yaml index 688fb740cc..b3c6082512 100644 --- a/src/ApiGateways/Envoy/config/webshopping/envoy.yaml +++ b/src/ApiGateways/Envoy/config/webshopping/envoy.yaml @@ -6,10 +6,11 @@ admin: port_value: 8001 static_resources: listeners: - - address: + - name: listener_https + address: socket_address: address: 0.0.0.0 - port_value: 80 + port_value: 443 filter_chains: - filters: - name: envoy.http_connection_manager @@ -22,6 +23,109 @@ static_resources: - name: eshop_backend domains: - "*" + # - "localhost" + # - "host.docker.internal" + routes: + - name: "c-short" + match: + prefix: "/c/" + route: + auto_host_rewrite: true + prefix_rewrite: "/catalog-api/" + cluster: catalog + - name: "c-long" + match: + prefix: "/catalog-api/" + route: + auto_host_rewrite: true + cluster: catalog + - name: "o-short" + match: + prefix: "/o/" + route: + auto_host_rewrite: true + prefix_rewrite: "/ordering-api/" + cluster: ordering + - name: "o-long" + match: + prefix: "/ordering-api/" + route: + auto_host_rewrite: true + cluster: ordering + - name: "h-long" + match: + prefix: "/hub/notificationhub" + route: + auto_host_rewrite: true + cluster: signalr-hub + timeout: 300s + upgrade_configs: + upgrade_type: "websocket" + enabled: true + - name: "b-short" + match: + prefix: "/b/" + route: + auto_host_rewrite: true + prefix_rewrite: "/basket-api/" + cluster: basket + - name: "b-long" + match: + prefix: "/basket-api/" + route: + auto_host_rewrite: true + cluster: basket + - name: "agg" + match: + prefix: "/" + route: + auto_host_rewrite: true + prefix_rewrite: "/" + cluster: shoppingagg + http_filters: + - name: envoy.router + access_log: + - name: envoy.file_access_log + filter: + not_health_check_filter: {} + config: + json_format: + time: "%START_TIME%" + protocol: "%PROTOCOL%" + duration: "%DURATION%" + request_method: "%REQ(:METHOD)%" + request_host: "%REQ(HOST)%" + path: "%REQ(X-ENVOY-ORIGINAL-PATH?:PATH)%" + response_flags: "%RESPONSE_FLAGS%" + route_name: "%ROUTE_NAME%" + upstream_host: "%UPSTREAM_HOST%" + upstream_cluster: "%UPSTREAM_CLUSTER%" + upstream_local_address: "%UPSTREAM_LOCAL_ADDRESS%" + path: "/tmp/access.log" + tls_context: + common_tls_context: + tls_certificates: + - certificate_chain: + filename: "/https/docker-self-signed.pem" + private_key: + filename: "/https/docker-self-signed.key" + - name: listener_http + address: + socket_address: + address: 0.0.0.0 + port_value: 80 + filter_chains: + - filters: + - name: envoy.http_connection_manager + config: + codec_type: auto + stat_prefix: ingress_http + route_config: + name: eshop_backend_route + virtual_hosts: + - name: eshop_backend + domains: + - "webshoppingapigw" routes: - name: "c-short" match: diff --git a/src/ApiGateways/Web.Bff.Shopping/aggregator/Dockerfile b/src/ApiGateways/Web.Bff.Shopping/aggregator/Dockerfile index 037105cb40..cb366bc2b4 100644 --- a/src/ApiGateways/Web.Bff.Shopping/aggregator/Dockerfile +++ b/src/ApiGateways/Web.Bff.Shopping/aggregator/Dockerfile @@ -1,5 +1,7 @@ FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base -WORKDIR /app +WORKDIR /usr/local/share/ca-certificates +COPY "certificates/docker-self-signed.crt" . +RUN update-ca-certificates EXPOSE 80 FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build diff --git a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs index 1ea6c0f4f1..143a204009 100644 --- a/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs +++ b/src/ApiGateways/Web.Bff.Shopping/aggregator/Startup.cs @@ -64,7 +64,7 @@ public void Configure(IApplicationBuilder app, IWebHostEnvironment env, ILoggerF app.UseDeveloperExceptionPage(); } - app.UseHttpsRedirection(); + // app.UseHttpsRedirection(); app.UseSwagger().UseSwaggerUI(c => { diff --git a/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs b/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs index 247ed9d67e..53753a6ffc 100644 --- a/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs +++ b/src/Services/Ordering/Ordering.BackgroundTasks/Tasks/GracePeriodManagerTask.cs @@ -72,7 +72,7 @@ private IEnumerable GetConfirmedGracePeriodOrders() conn.Open(); orderIds = conn.Query( @"SELECT Id FROM [ordering].[orders] - WHERE DATEDIFF(minute, [OrderDate], GETDATE()) >= @GracePeriodTime + WHERE DATEDIFF(second, [OrderDate], GETDATE()) >= @GracePeriodTime AND [OrderStatusId] = 1", new { _settings.GracePeriodTime }); } diff --git a/src/Web/WebMVC/Dockerfile b/src/Web/WebMVC/Dockerfile index a21c9d9a73..74d4b72a85 100644 --- a/src/Web/WebMVC/Dockerfile +++ b/src/Web/WebMVC/Dockerfile @@ -1,5 +1,7 @@ FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS base -WORKDIR /app +WORKDIR /usr/local/share/ca-certificates +COPY "certificates/docker-self-signed.crt" . +RUN update-ca-certificates EXPOSE 80 FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build diff --git a/src/Web/WebMVC/Program.cs b/src/Web/WebMVC/Program.cs index eb99cd42e0..414fe81ed9 100644 --- a/src/Web/WebMVC/Program.cs +++ b/src/Web/WebMVC/Program.cs @@ -52,18 +52,15 @@ private static Serilog.ILogger CreateSerilogLogger(IConfiguration configuration) { var seqServerUrl = configuration["Serilog:SeqServerUrl"]; var logstashUrl = configuration["Serilog:LogstashgUrl"]; - var cfg = new LoggerConfiguration() + return new LoggerConfiguration() .ReadFrom.Configuration(configuration) .Enrich.WithProperty("ApplicationContext", AppName) .Enrich.FromLogContext() - .WriteTo.Console(); - if (!string.IsNullOrWhiteSpace(seqServerUrl)) { - cfg.WriteTo.Seq(seqServerUrl); - } - if (!string.IsNullOrWhiteSpace(logstashUrl)) { - cfg.WriteTo.Http(logstashUrl); - } - return cfg.CreateLogger(); + .WriteTo.Console() + .WriteTo.Seq(string.IsNullOrWhiteSpace(seqServerUrl) ? "http://seq" : seqServerUrl) + .WriteTo.Http(string.IsNullOrWhiteSpace(logstashUrl) ? "http://logstash:8080" : logstashUrl) + .ReadFrom.Configuration(configuration) + .CreateLogger(); } private static IConfiguration GetConfiguration() diff --git a/src/docker-compose.certificates.sample.yml b/src/docker-compose.certificates.sample.yml new file mode 100644 index 0000000000..b667b2184e --- /dev/null +++ b/src/docker-compose.certificates.sample.yml @@ -0,0 +1,39 @@ +version: '3.4' + +services: + + identity-api: + environment: + - ASPNETCORE_URLS=https://+:443;http://+:80 + - ASPNETCORE_Kestrel__Certificates__Default__Password= + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + + webstatus: + environment: + - ASPNETCORE_URLS=https://+:443 + - ASPNETCORE_Kestrel__Certificates__Default__Password= + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + + webmvc: + environment: + - ASPNETCORE_URLS=https://+:443;http://+:80 + - ASPNETCORE_Kestrel__Certificates__Default__Password= + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + + webspa: + environment: + - ASPNETCORE_URLS=https://+:443;http://+:80 + - ASPNETCORE_Kestrel__Certificates__Default__Password= + - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/docker-self-signed.pfx + volumes: + - ~/.aspnet/https:/https:ro + + webshoppingapigw: + volumes: + - ~/.aspnet/https:/https:ro diff --git a/src/docker-compose.override.yml b/src/docker-compose.override.yml index 8ec8426ec0..4ea8261154 100644 --- a/src/docker-compose.override.yml +++ b/src/docker-compose.override.yml @@ -41,32 +41,35 @@ services: identity-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - SpaClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104 - - XamarinCallback=http://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback + - ASPNETCORE_URLS=http://+:80 + - SpaClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5104 + - XamarinCallback=https://${ESHOP_PROD_EXTERNAL_DNS_NAME_OR_IP}:5105/xamarincallback - ConnectionString=${ESHOP_AZURE_IDENTITY_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Service.IdentityDb;User Id=sa;Password=Pass@word} - - MvcClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 - - LocationApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5109 - - MarketingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5110 - - BasketApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5103 - - OrderingApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5102 - - MobileShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 - - WebShoppingAggClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 - - WebhooksApiClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113 - - WebhooksWebClient=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114 + - MvcClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5100 + - LocationApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/locations-api + - MarketingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/marketing-api + - BasketApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/basket-api + - OrderingApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202/ordering-api + - MobileShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5120 + - WebShoppingAggClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5121 + - WebhooksApiClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5113 + - WebhooksWebClient=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114 - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} + - Serilog__MinimumLevel__Override__IdentityServer4=Verbose + - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - - "5105:80" + - "80" # We need internal HTTP access for inter-service communications + - "5105:443" basket-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_REDIS_BASKET_DB:-basketdata} - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -78,7 +81,8 @@ services: - GRPC_PORT=81 - PORT=80 ports: - - "5103:80" + - "80" # We need internal HTTP access for inter-service communications + - "5103:443" - "9103:81" catalog-api: @@ -96,20 +100,22 @@ services: - AzureStorageEnabled=False - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} + - Serilog__MinimumLevel__Override__Microsoft=Warning - GRPC_PORT=81 - PORT=80 - PATH_BASE=/catalog-api ports: - - "5101:80" + - "80" # We need internal HTTP access for inter-service communications + - "5101:443" - "9101:81" ordering-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -125,13 +131,14 @@ services: - GRPC_PORT=81 - PORT=80 ports: - - "5102:80" + - "80" # We need internal HTTP access for inter-service communications + - "5102:443" - "9102:81" ordering-backgroundtasks: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_ORDERING_DB:-Server=sqldata;Database=Microsoft.eShopOnContainers.Services.OrderingDb;User Id=sa;Password=Pass@word} - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} @@ -139,7 +146,7 @@ services: - UseCustomizationData=True - AzureServiceBusEnabled=False - CheckUpdateTime=30000 - - GracePeriodTime=1 + - GracePeriodTime=15 - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - UseLoadTest=${USE_LOADTEST:-False} @@ -170,12 +177,13 @@ services: - UseLoadTest=${USE_LOADTEST:-False} - PATH_BASE=/marketing-api ports: - - "5110:80" + - "80" # We need internal HTTP access for inter-service communications + - "5110:443" payment-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -183,6 +191,7 @@ services: - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - Serilog__MinimumLevel__Override__payment-api.IntegrationEvents.EventHandling=Verbose + - Serilog__MinimumLevel__Override__Microsoft=Warning - Serilog__MinimumLevel__Override__Microsoft.eShopOnContainers.BuildingBlocks.EventBusRabbitMQ=Verbose ports: - "5108:80" @@ -190,11 +199,11 @@ services: locations-api: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - ConnectionString=${ESHOP_AZURE_COSMOSDB:-mongodb://nosqldata} - Database=LocationsDb - identityUrl=http://identity-api - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -237,7 +246,7 @@ services: volumes: - ./ApiGateways/Envoy/config/webshopping:/etc/envoy ports: - - "5202:80" + - "5202:443" - "15202:8001" webmarketingapigw: @@ -264,7 +273,7 @@ services: - MarketingUrlHC=http://marketing-api/hc - PaymentUrlHC=http://payment-api/hc - LocationUrlHC=http://locations-api/hc - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 ports: - "5120:80" @@ -285,14 +294,15 @@ services: - MarketingUrlHC=http://marketing-api/hc - PaymentUrlHC=http://payment-api/hc - LocationUrlHC=http://locations-api/hc - - IdentityUrlExternal=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrlExternal=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 ports: - - "5121:80" + - "80" # We need internal HTTP access for inter-service communications + - "5121:443" ordering-signalrhub: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - EventBusConnection=${ESHOP_AZURE_SERVICE_BUS:-rabbitmq} - EventBusUserName=${ESHOP_SERVICE_BUS_USERNAME} - EventBusPassword=${ESHOP_SERVICE_BUS_PASSWORD} @@ -336,42 +346,45 @@ services: - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} ports: - - "5107:80" + - "5107:443" webspa: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - - PurchaseUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - - MarketingUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 + - ASPNETCORE_URLS=http://+:80 + - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - PurchaseUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - MarketingUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5203 - IdentityUrlHC=http://identity-api/hc - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 ports: - - "5104:80" + - "80" # We need internal HTTP access for healthchecks + - "5104:443" webmvc: environment: - ASPNETCORE_ENVIRONMENT=Development - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - PurchaseUrl=http://webshoppingapigw - - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 + - IdentityUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - MarketingUrl=http://webmarketingapigw - - SignalrHubUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 + - SignalrHubUrl=https://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5202 - IdentityUrlHC=http://identity-api/hc - UseCustomizationData=True - ApplicationInsights__InstrumentationKey=${INSTRUMENTATION_KEY} - OrchestratorType=${ORCHESTRATOR_TYPE} - UseLoadTest=${USE_LOADTEST:-False} + - Serilog__MinimumLevel__Override__Microsoft=Warning ports: - - "5100:80" + - "80" # We need internal HTTP access for healthchecks + - "5100:443" webhooks-client: environment: - - ASPNETCORE_URLS=http://0.0.0.0:80 + - ASPNETCORE_URLS=http://+:80 - Token=6168DB8D-DC58-4094-AF24-483278923590 # Webhooks are registered with this token (any value is valid) but the client won't check it - IdentityUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5105 - CallBackUrl=http://${ESHOP_EXTERNAL_DNS_NAME_OR_IP}:5114 diff --git a/src/docker-compose.yml b/src/docker-compose.yml index b51c656210..ebad591106 100644 --- a/src/docker-compose.yml +++ b/src/docker-compose.yml @@ -186,7 +186,7 @@ services: - webhooks-api webshoppingapigw: - image: envoyproxy/envoy:v1.11.1 + image: envoyproxy/envoy:v1.14.4 webmarketingapigw: - image: envoyproxy/envoy:v1.11.1 + image: envoyproxy/envoy:v1.14.4 diff --git a/src/start.ps1 b/src/start.ps1 new file mode 100644 index 0000000000..28a4019e2a --- /dev/null +++ b/src/start.ps1 @@ -0,0 +1,8 @@ + +if ($args.Count -eq 0) { + docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d +} elseif ($args.Count -eq 1 -and $args[0] -eq "infra") { + docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d seq sqldata nosqldata basketdata rabbitmq +} else { + docker-compose.exe -f docker-compose.yml -f docker-compose.override.yml -f docker-compose.certificates.yml up -d $args +}