tsai
/
abp
mirror of https://github.com/abpframework/abp.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Moved deployment docs from old docs

pull/21161/head
selmankoc 1 year ago
parent
422a2cffd2
commit
a949b302e5
10 changed files with 4200 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 36
      docs/en/solution-templates/layered-web-application/deployment/azure-deployment/azure-deployment.md
  2. 174
      docs/en/solution-templates/layered-web-application/deployment/azure-deployment/step1-create-azure-resources.md
  3. 231
      docs/en/solution-templates/layered-web-application/deployment/azure-deployment/step2-configuration-application.md
  4. 735
      docs/en/solution-templates/layered-web-application/deployment/azure-deployment/step3-deployment-github-action.md
  5. 572
      docs/en/solution-templates/layered-web-application/deployment/azure-deployment/terraform-web-app-service.md
  6. 1933
      docs/en/solution-templates/layered-web-application/deployment/deployment-docker-compose.md
  7. 261
      docs/en/solution-templates/layered-web-application/deployment/deployment-iis.md
  8. 111
      docs/en/solution-templates/layered-web-application/deployment/identityserver-deployment.md
  9. 20
      docs/en/solution-templates/layered-web-application/deployment/index.md
  10. 127
      docs/en/solution-templates/layered-web-application/deployment/openiddict-deployment.md

36
docs/en/solution-templates/layered-web-application/deployment/azure-deployment/azure-deployment.md
View File

@ -0,0 +1,36 @@
# Azure Deployment using Application Service
````json
//[doc-params]
{
"UI": ["MVC", "Blazor", "BlazorServer", "NG"],
"DB": ["EF", "Mongo"],
"Tiered": ["Yes", "No"]
}
````
> This document assumes that you prefer to use **{{ UI_Value }}** as the UI framework and **{{ DB_Value }}** as the database provider. For other options, please change the preference on top of this document.
## Prerequisites
- An active Azure account. If you don't have one, you can sign up for a [free account](https://azure.microsoft.com/en-us/free/)
- Your ABP **{{ UI_Value }}** project must be ready at a GitHub repository because we will use GitHub Actions to deploy the ABP application to the Azure Web App Service.
- **{{ DB_Value }}** database must be ready to use with your project. If you don't have a database, you can create a new Azure SQL database or Cosmos DB by following the instructions below:
- [Create a new Azure SQL Database](https://docs.microsoft.com/en-us/azure/azure-sql/database/single-database-create-quickstart?tabs=azure-portal)
- [Create a new Azure Cosmos DB](https://docs.microsoft.com/en-us/azure/cosmos-db/create-cosmosdb-resources-portal)
### Description of the process in three steps:
1. [Creating an Azure Web App Service Environment ](step1-create-azure-resources)
2. [Customizing the Configuration of Your ABP Application](step2-configuration-application)
3. [Deploying Your Application to Azure Web App Service](step3-deployment-github-action)
## What's next?
- [Creating an Azure Web App Service Environment](step1-create-azure-resources)

174
docs/en/solution-templates/layered-web-application/deployment/azure-deployment/step1-create-azure-resources.md
View File

@ -0,0 +1,174 @@
````json
//[doc-params]
{
"UI": ["MVC", "Blazor", "BlazorServer", "NG"],
"DB": ["EF", "Mongo"],
"Tiered": ["Yes", "No"]
}
````
## Step 1: Creating an Azure Web App Service Environment
To create a new Azure Web App Service, choose one of the following options:
- [Create a new Azure Web App Service using the Azure Portal](#create-a-new-azure-web-app-service-using-the-azure-portal) (Recommended)
- [Create a new Azure Web App Service using the Terraform Template](terraform-web-app-service.md) (If you have experience with Terraform)
{{ if UI == "MVC" && Tiered == "No" }}
### Create a new Azure Web App service using the Azure Portal
1. Log in to the [Azure Portal](https://portal.azure.com/).
2. Click the **Create a resource** button.
3. Search for **Web App** and select **Web App** from the results.
![Create a resource](../../../images/azure-deploy-create-a-resource.png)
4. Click the **Create** button.
5. Fill in the required fields and click the **Review + create** button.
6. Click the **Create** button.
![Create Web App](../../../images/azure-deploy-create-web-app-2.png)
7. Wait for the deployment to complete.
![Create Web App](../../../images/azure-deploy-create-web-app-3.png)
{{else}}
{{ if UI == "BlazorServer" || UI == "MVC" }}
### Create a new Azure Web App service using the Azure Portal
1. Log in to the [Azure Portal](https://portal.azure.com/).
2. Click the **Create a resource** button.
3. Search for **Web App** and select **Web App** from the results.
![Create a resource](../../../images/azure-deploy-create-a-resource.png)
4. Click the **Create** button.
5. Fill in the required fields and click the **Review + create** button.
6. Click the **Create** button.
![Create Web App](../../../images/azure-deploy-create-web-app-2.png)
7. Wait for the deployment to complete.
![Create Web App](../../../images/azure-deploy-create-web-app-3.png)
{{ else if UI == 'NG' }}
### Create a new Azure Static Web App for Angular using the Azure Portal
1. Log in to the [Azure Portal](https://portal.azure.com/).
2. Click the **Create a resource** button.
3. Search for **Static Web App** and select **Static Web App** from the results.
![Create a resource angular](../../../images/azure-deploy-create-a-resource-angular.png)
4. Click the **Create** button.
5. Fill in the required fields and click the **Review + create** button.
6. Click the **Create** button.
![Create Web App](../../../images/azure-deploy-create-web-app-4.png)
7. Wait for the deployment to complete.
![Create Web App](../../../images/azure-deploy-create-web-app-5.png)
{{else}}
### Create a new Azure Static Web App for Blazor using the Azure Portal
1. Log in to the [Azure Portal](https://portal.azure.com/).
2. Click the **Create a resource** button.
3. Search for **Static Web App** and select **Static Web App** from the results.
![Create a resource blazor](../../../images/azure-deploy-create-a-resource-angular.png)
4. Click the **Create** button.
5. Fill in the required fields and click the **Review + create** button.
6. Click the **Create** button.
![Create Web App](../../../images/azure-deploy-create-web-app-7.png)
7. Wait for the deployment to complete.
![Create Web App](../../../images/azure-deploy-create-web-app-8.png)
{{end}}
### Create a new Azure Web App Service for API application
1. You can create a new Azure Web App Service for an API application in the same resource group.
2. Click the **Create** button on the top of the resource group page.
3. Search for **Web App** and select **Web App** from the results.
![Create a resource](../../../images/azure-deploy-create-a-resource.png)
4. Click the **Create** button.
5. Fill in the required fields and click the **Review + create** button.
6. Click the **Create** button.
![Create Web App](../../../images/azure-deploy-create-web-app-6.png)
7. Wait for the deployment to complete.
![Create Web App](../../../images/azure-deploy-create-web-app-3.png)
{{ if Tiered == "Yes" && (UI == "MVC" || UI == "BlazorServer")}}
### Create a new Azure Web App Service for AuthServer application
Similar to the API application, you can create a new Azure Web App Service for an AuthServer application in the same resource group.
Same as above, but you only need to modify the name of the web app service to **authserver-yourapp** in step 5.
### Create Azure Cache for Redis
1. Click the **Create** button on the top of the resource group page.
2. Search for **Redis Cache** and select **Redis Cache** from the results.
![Create a resource](../../../images/azure-deploy-create-redis.png)
3. Click the **Create** button.
4. Fill in the required fields and click the **Review + create** button.
5. Click the **Create** button.
![Create Redis](../../../images/azure-deploy-create-redis-2.png)
6. Wait for the deployment to complete.
![Create Redis](../../../images/azure-deploy-create-redis-3.png)
{{ end }}
{{ end }}
## What's next?
- [Customizing the Azure Web App Service](step2-configuration-application.md)

231
docs/en/solution-templates/layered-web-application/deployment/azure-deployment/step2-configuration-application.md
View File

@ -0,0 +1,231 @@
````json
//[doc-params]
{
"UI": ["MVC", "Blazor", "BlazorServer", "NG"],
"DB": ["EF", "Mongo"],
"Tiered": ["Yes", "No"]
}
````
## Step 2: Customizing the Configuration of the ABP Application
- To customize the configuration of your ABP application, modify the `ConnectionString` values in every location throughout your project. The `ConnectionString` values are stored in the `appsettings.json` files.
This includes the following files:
{{ if UI == "MVC" && Tiered == "No" }}
**./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.Web/appsettings.json**
{{else}}
**./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
{{end}}
{{if Tiered == "Yes"}}
**./src/yourapp.AuthServer/appsettings.json**
{{end}}
```json
"ConnectionStrings": {
"Default": "Server=tcp:yourserver.database.windows.net,1433;Initial Catalog=yourdatabase;Persist Security Info=False;User ID=yourusername;Password=yourpassword;MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=False;Connection Timeout=30;"
}
```
{{ if UI == "MVC" }}
{{if Tiered == "No"}}
- Modify the **yourapp.Web** URL in every location throughout your project, especially within the **./src/yourapp.Web/appsettings.json** and **./src/yourapp.DbMigrator/appsettings.json** files, to match your Azure Web App Service URL.
```json
"App": {
"SelfUrl": "https://yourapp.azurewebsites.net"
}
```
{{else}}
- Modify the **yourapp.Web** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Web/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** , **./src/yourapp.HttpApi.Host/appsettings.json** and **./src/yourapp.AuthServer/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp.azurewebsites.net"
}
```
- Modify the **yourapp.ApiHost** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.HttpApi.Host/appsettings.json** , **./src/yourapp.Web/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.AuthServer/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp-apihost.azurewebsites.net"
}
```
- Modify the **yourapp.AuthServer** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Web/appsettings.json** , **./src/yourapp.AuthServer/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp-authserver.azurewebsites.net"
}
```
- Modify the **Redis__Configuration** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Web/appsettings.json** , **./src/yourapp.AuthServer/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
```json
"Redis": {
"Configuration": "redis-abpdemo.redis.cache.windows.net:6380,password={yourpassword},ssl=true,abortConnect=False"
},
```
{{end}}
{{ else if UI == "NG" }}
- Modify the **`localhost:4200`** in every location throughout your project.
This includes the following files:
**./angular/src/environments/environment.prod.ts** , **./aspnet-core/src/yourapp.DbMigrator/appsettings.json** and **./aspnet-core/src/yourapp.HttpApi.Host/appsettings.json**
```typescript
application: {
baseUrl: 'https://yourapp.azurestaticapps.net'
}
```
- Modify the **yourapp.HttpApi.Host** URL in every location throughout your project.
This includes the following files:
**./angular/src/environments/environment.prod.ts** , **./aspnet-core/src/yourapp.DbMigrator/appsettings.json** and **./aspnet-core/src/yourapp.HttpApi.Host/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourApiHost.azurewebsites.net"
}
```
{{ else if UI == "Blazor" }}
- Modify the **yourapp.Blazor** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Blazor/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp.azurewebsites.net"
}
```
- Modify the **yourapp.HttpApi.Host** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Blazor/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourApiHost.azurewebsites.net"
}
```
{{ else }}
{{if Tiered == "No"}}
- Modify the **yourapp.Web** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Blazor/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp.azurewebsites.net"
}
```
- Modify the **yourapp.ApiHost** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.HttpApi.Host/appsettings.json** , **./src/yourapp.Blazor/appsettings.json** and **./src/yourapp.DbMigrator/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp-apihost.azurewebsites.net"
}
```
{{else}}
- Modify the **yourapp.Web** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Blazor/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** , **./src/yourapp.HttpApi.Host/appsettings.json** and **./src/yourapp.AuthServer/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp.azurewebsites.net"
}
```
- Modify the **yourapp.ApiHost** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.HttpApi.Host/appsettings.json** , **./src/yourapp.Blazor/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.AuthServer/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp-apihost.azurewebsites.net"
}
```
- Modify the **yourapp.AuthServer** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Blazor/appsettings.json** , **./src/yourapp.AuthServer/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
```json
"App": {
"SelfUrl": "https://yourapp-authserver.azurewebsites.net"
}
```
- Modify the **Redis__Configuration** URL in every location throughout your project.
This includes the following files:
**./src/yourapp.Blazor/appsettings.json** , **./src/yourapp.AuthServer/appsettings.json** , **./src/yourapp.DbMigrator/appsettings.json** and **./src/yourapp.HttpApi.Host/appsettings.json**
```json
"Redis": {
"Configuration": "redis-abpdemo.redis.cache.windows.net:6380,password={yourpassword},ssl=true,abortConnect=False"
},
```
{{end}}
{{end}}
## What's next?
- [Deploying Your ABP Application to Azure](step3-deployment-github-action.md)

735
docs/en/solution-templates/layered-web-application/deployment/azure-deployment/step3-deployment-github-action.md
View File

@ -0,0 +1,735 @@
````json
//[doc-params]
{
"UI": ["MVC", "Blazor", "BlazorServer", "NG"],
"DB": ["EF", "Mongo"],
"Tiered": ["Yes", "No"]
}
````
## Step 3: Deploying the ABP Application to Azure Web App Service
### Deploying the ABP Application to Azure Web App Service using GitHub Actions
1. Create a new GitHub repository for your project if you don't have one.
2. Push your project to the new GitHub repository.
3. Navigate to the **Actions** tab of your GitHub repository.
4. Click the **set up a workflow yourself** button.
![Set up this workflow](../../../images/azure-deploy-set-up-this-workflow.png)
5. Copy this content to the opened file and commit it.
{{if UI == "NG"}}
{%{
```yaml
# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy ASP.Net Core with Angular app to Azure Web App
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build-backend:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
include-prerelease: true
- name: Install ABP CLI
run: |
dotnet tool install -g Volo.Abp.Cli
abp install-libs
shell: bash
- name: Build with dotnet
run: dotnet build --configuration Release
working-directory: ./aspnet-core
- name: Run migrations
run: dotnet run -- "${{ secrets.CONNECTION_STRING }}"
working-directory: ./aspnet-core/src/Demo.AzureAppsAngular.DbMigrator # Replace with your project name
- name: dotnet publish apihost
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/apihost
working-directory: ./aspnet-core/src/Demo.AzureAppsAngular.HttpApi.Host # Replace with your project name
- name: Generate authserver.pfx
run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/apihost/authserver.pfx -p 2D7AA457-5D33-48D6-936F-C48E5EF468ED # Replace with your password
- name: Upload artifact for apihost
uses: actions/upload-artifact@v4
with:
name: .net-apihost
path: ${{env.DOTNET_ROOT}}/apihost
deploy-backend:
runs-on: ubuntu-latest
needs: build-backend
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp-1.outputs.webapp-url }}
steps:
- name: Download artifact from apihost
uses: actions/download-artifact@v1
with:
name: .net-apihost
path: ./apihost
- name: Deploy apihost
id: deploy-to-webapp-1
uses: azure/webapps-deploy@v3
with:
app-name: 'apihost-angular' # Replace with your app name
slot-name: 'Production'
publish-profile: ${{ secrets.apihostangularPublishSettings }} # Set your Azure Web App to publish your profile as a secret in your repository settings
path: ./apihost
build-deploy-frontend:
runs-on: ubuntu-latest
needs: deploy-backend
name: Build and Deploy Angular App
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Build And Deploy
id: builddeploy
uses: Azure/static-web-apps-deploy@v1
with:
azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_PROUD_STONE }} # Set your Azure Static Web App API token as a secret in your repository settings
repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for GitHub integrations (eg: PR comments)
action: "upload"
app_location: "angular" # App source code path
api_location: "" # Api source code path - optional
output_location: "dist/AzureAppsAngular" # Built app content directory - optional
```
}%}
{{ else if UI == "Blazor" }}
{%{
```yaml
# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy ASP.Net Core with Blazor to Azure Web App
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build-apihost:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
include-prerelease: true
- name: Install ABP CLI
run: |
dotnet tool install -g Volo.Abp.Cli
abp install-libs
shell: bash
- name: Build with dotnet
run: dotnet build --configuration Release
- name: Run migrations
run: dotnet run -- "${{ secrets.CONNECTION_STRING }}"
working-directory: ./src/demo.BlazorNonTierEfCore.DbMigrator # Replace with your project name
- name: dotnet publish apihost
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/apihost
working-directory: ./src/demo.BlazorNonTierEfCore.HttpApi.Host # Replace with your project name
- name: Generate authserver.pfx
run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/apihost/authserver.pfx -p 2D7AA457-5D33-48D6-936F-C48E5EF468ED # Replace with your password
- name: Upload artifact for apihost
uses: actions/upload-artifact@v4
with:
name: .net-apihost
path: ${{env.DOTNET_ROOT}}/apihost
deploy-apihost:
runs-on: ubuntu-latest
needs: build-apihost
environment:
name: 'Production'
steps:
- name: Download artifact from apihost
uses: actions/download-artifact@v4
with:
name: .net-apihost
path: ./apihost
- name: Deploy apihost
id: deploy-to-webapp-2
uses: azure/webapps-deploy@v3
with:
app-name: 'apihost-blazor' # Replace with your app name
slot-name: 'Production'
publish-profile: ${{ secrets.apihostblazorPublishSettings }} # Set your Azure Web App to publish your profile as a secret in your repository settings
build-deploy-frontend:
runs-on: ubuntu-latest
needs: deploy-apihost
name: Build and Deploy Job
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Build And Deploy
id: builddeploy
uses: Azure/static-web-apps-deploy@v1
with:
azure_static_web_apps_api_token: ${{ secrets.AZURE_STATIC_WEB_APPS_API_TOKEN_AMBITIOUS }} # Set your Azure Static Web App API token as a secret in your repository settings
repo_token: ${{ secrets.GITHUB_TOKEN }} # Used for GitHub integrations (eg: PR comments)
action: "upload"
app_location: "src/demo.BlazorNonTierEfCore.Blazor" # App source code path
api_location: "" # Api source code path - optional
output_location: "wwwroot" # Built app content directory - optional
```
}%}
{{ else if UI == "BlazorServer" }}
{{ if Tiered == "No" }}
{%{
```yaml
# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy ASP.Net Core with BlazorServer to Azure Web App
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
include-prerelease: true
- name: Install ABP CLI
run: |
dotnet tool install -g Volo.Abp.Cli
abp install-libs
shell: bash
- name: Build with dotnet
run: dotnet build --configuration Release
- name: Run migrations
run: dotnet run -- "${{ secrets.CONNECTION_STRING }}" # Set your connection string as a secret in your repository settings
working-directory: ./src/blazorservertierdemo.DbMigrator # Replace with your project name
- name: dotnet publish apihost
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/apihost
working-directory: ./src/blazorservertierdemo.HttpApi.Host # Replace with your project name
- name: Generate authserver.pfx
run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/apihost/authserver.pfx -p 2D7AA457-5D33-48D6-936F-C48E5EF468ED # Replace with your password
- name: dotnet publish webapp
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/webapp
working-directory: ./src/blazorservertierdemo.Blazor # Replace with your project name
- name: Upload artifact for apihost
uses: actions/upload-artifact@v4
with:
name: .net-apihost
path: ${{env.DOTNET_ROOT}}/apihost
- name: Upload artifact for webapp
uses: actions/upload-artifact@v4
with:
name: .net-webapp
path: ${{env.DOTNET_ROOT}}/webapp
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp-3.outputs.webapp-url }}
- name: Download artifact from apihost
uses: actions/download-artifact@v4
with:
name: .net-apihost
path: ./apihost
- name: Deploy apihost
id: deploy-to-webapp-2
uses: azure/webapps-deploy@v3
with:
app-name: 'apihost-blazorserver' # Replace with your app name
slot-name: 'Production'
publish-profile: ${{ secrets.apihostblazorserverPublishSettings }} # Set your Azure Web App to publish your profile as a secret in your repository settings
package: ./apihost
- name: Download artifact from webapp
uses: actions/download-artifact@v4
with:
name: .net-webapp
path: ./webapp
- name: Deploy webapp
id: deploy-to-webapp-3
uses: azure/webapps-deploy@v3
with:
app-name: 'webapp-blazorserver' # Replace with your app name
slot-name: 'Production'
publish-profile: ${{ secrets.webappblazorserverPublishSettings }} # Set your Azure Web App to publish your profile as a secret in your repository settings
package: ./webapp
```
}%}
{{ else }}
{%{
```yaml
# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy ASP.Net Core with BlazorServer to Azure Web App
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
include-prerelease: true
- name: Install ABP CLI
run: |
dotnet tool install -g Volo.Abp.Cli
abp install-libs
shell: bash
- name: Build with dotnet
run: dotnet build --configuration Release
- name: Run migrations
run: dotnet run -- "${{ secrets.CONNECTION_STRING }}" # Set your connection string as a secret in your repository settings
working-directory: ./src/blazorservertierdemo.DbMigrator # Replace with your project name
- name: dotnet publish authserver
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/authserver
working-directory: ./src/blazorservertierdemo.AuthServer # Replace with your project name
- name: Generate authserver.pfx
run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/authserver/authserver.pfx -p 2D7AA457-5D33-48D6-936F-C48E5EF468ED # Replace with your password
- name: dotnet publish apihost
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/apihost
working-directory: ./src/blazorservertierdemo.HttpApi.Host # Replace with your project name
- name: dotnet publish webapp
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/webapp
working-directory: ./src/blazorservertierdemo.Blazor # Replace with your project name
- name: Upload artifact for authserver
uses: actions/upload-artifact@v4
with:
name: .net-authserver
path: ${{env.DOTNET_ROOT}}/authserver
- name: Upload artifact for apihost
uses: actions/upload-artifact@v4
with:
name: .net-apihost
path: ${{env.DOTNET_ROOT}}/apihost
- name: Upload artifact for webapp
uses: actions/upload-artifact@v4
with:
name: .net-webapp
path: ${{env.DOTNET_ROOT}}/webapp
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp-3.outputs.webapp-url }}
steps:
- name: Download artifact from authserver
uses: actions/download-artifact@v4
with:
name: .net-authserver
path: ./authserver
- name: Deploy authserver
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: 'authserver-blazorserver' # Replace with your app name
slot-name: 'Production'
publish-profile: ${{ secrets.authserverblazorserverPublishSettings }} # Set your Azure Web App to publish your profile as a secret in your repository settings
package: ./authserver
- name: Download artifact from apihost
uses: actions/download-artifact@v4
with:
name: .net-apihost
path: ./apihost
- name: Deploy apihost
id: deploy-to-webapp-2
uses: azure/webapps-deploy@v3
with:
app-name: 'apihost-blazorserver' # Replace with your app name
slot-name: 'Production'
publish-profile: ${{ secrets.apihostblazorserverPublishSettings }} # Set your Azure Web App to publish your profile as a secret in your repository settings
package: ./apihost
- name: Download artifact from webapp
uses: actions/download-artifact@v4
with:
name: .net-webapp
path: ./webapp
- name: Deploy webapp
id: deploy-to-webapp-3
uses: azure/webapps-deploy@v3
with:
app-name: 'webapp-blazorserver' # Replace with your app name
slot-name: 'Production'
publish-profile: ${{ secrets.webappblazorserverPublishSettings }} # Set your Azure Web App publish your profile as a secret in your repository settings
```
}%}
{{end}}
{{ else if UI == "MVC" }}
{{ if Tiered == "No" }}
{%{
```yaml
# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy ASP.Net Core with MVC to Azure Web App
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
include-prerelease: true
- name: Install ABP CLI
run: |
dotnet tool install -g Volo.Abp.Cli
abp install-libs
shell: bash
- name: Build with dotnet
run: dotnet build --configuration Release
- name: Run migrations
run: dotnet run -- "${{ secrets.CONNECTION_STRING }}" # Set your connection string as a secret in your repository settings
working-directory: ./src/yourapp.DbMigrator # Replace with your project name
- name: dotnet publish
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/myapp
working-directory: ./src/yourapp.Web # Replace with your project name
- name: Generate authserver.pfx
run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/myapp/authserver.pfx -p 2D7AA457-5D33-48D6-936F-C48E5EF468ED # Replace with your password
- name: Upload artifact for deployment job
uses: actions/upload-artifact@v4
with:
name: .net-app
path: ${{env.DOTNET_ROOT}}/myapp
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp.outputs.webapp-url }}
steps:
- name: Download artifact from build job
uses: actions/download-artifact@v4
with:
name: .net-app
- name: Deploy to Azure Web App
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: 'yourapp' # Replace with your azure web app name
slot-name: 'Production'
publish-profile: ${{ secrets.AZUREAPPSERVICE_PUBLISHPROFILE }} # Set your Azure Web App publish your profile as a secret in your repository settings
package: .
```
}%}
{{ else }}
{%{
```yaml
# Docs for the Azure Web Apps Deploy action: https://github.com/Azure/webapps-deploy
# More GitHub Actions for Azure: https://github.com/Azure/actions
name: Build and deploy ASP.Net Core with MVC to Azure Web App
on:
push:
branches:
- main
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Set up .NET Core
uses: actions/setup-dotnet@v4
with:
dotnet-version: '8.x'
include-prerelease: true
- name: Install ABP CLI
run: |
dotnet tool install -g Volo.Abp.Cli
abp install-libs
shell: bash
- name: Build with dotnet
run: dotnet build --configuration Release
- name: Run migrations
run: dotnet run -- "${{ secrets.CONNECTION_STRING }}" # Set your connection string as a secret in your repository settings
working-directory: ./src/mvctierdemo.DbMigrator # Replace with your project name
- name: dotnet publish authserver
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/authserver
working-directory: ./src/mvctierdemo.AuthServer # Replace with your project name
- name: Generate authserver.pfx
run: dotnet dev-certs https -v -ep ${{env.DOTNET_ROOT}}/authserver/authserver.pfx -p 2D7AA457-5D33-48D6-936F-C48E5EF468ED # Replace with your password
- name: dotnet publish apihost
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/apihost
working-directory: ./src/mvctierdemo.HttpApi.Host # Replace with your project name
- name: dotnet publish webapp
run: dotnet publish -c Release -o ${{env.DOTNET_ROOT}}/webapp
working-directory: ./src/mvctierdemo.Web # Replace with your project name
- name: Upload artifact for authserver
uses: actions/upload-artifact@v4
with:
name: .net-authserver
path: ${{env.DOTNET_ROOT}}/authserver
- name: Upload artifact for apihost
uses: actions/upload-artifact@v4
with:
name: .net-apihost
path: ${{env.DOTNET_ROOT}}/apihost
- name: Upload artifact for webapp
uses: actions/upload-artifact@v4
with:
name: .net-webapp
path: ${{env.DOTNET_ROOT}}/webapp
deploy:
runs-on: ubuntu-latest
needs: build
environment:
name: 'Production'
url: ${{ steps.deploy-to-webapp-3.outputs.webapp-url }}
steps:
- name: Download artifact from apihost
uses: actions/download-artifact@v4
with:
name: .net-apihost
path: ./apihost
- name: Deploy apihost
id: deploy-to-webapp-2
uses: azure/webapps-deploy@v3
with:
app-name: 'apihost-prodemo'
slot-name: 'Production'
publish-profile: ${{ secrets.apihostprodemoPublishSettings }} # Set your Azure Web App publish your profile as a secret in your repository settings
package: ./apihost
- name: Download artifact from authserver
uses: actions/download-artifact@v4
with:
name: .net-authserver
path: ./authserver
- name: Deploy authserver
id: deploy-to-webapp
uses: azure/webapps-deploy@v3
with:
app-name: 'authserver-prodemo'
slot-name: 'Production'
publish-profile: ${{ secrets.authserverprodemoPublishSettings }} # Set your Azure Web App publish your profile as a secret in your repository settings
package: ./authserver
- name: Download artifact from webapp
uses: actions/download-artifact@v4
with:
name: .net-webapp
path: ./webapp
- name: Deploy webapp
id: deploy-to-webapp-3
uses: azure/webapps-deploy@v3
with:
app-name: 'webapp-prodemo'
slot-name: 'Production'
publish-profile: ${{ secrets.webappprodemoPublishSettings }} # Set your Azure Web App publish your profile as a secret in your repository settings
package: ./webapp
```
}%}
{{end}}
{{end}}
7. Navigate to the **Settings** tab of your GitHub repository.
8. Click the **Secrets** button.
9. Click the **New repository secret** button.
![New repository secret](../../../images/azure-deploy-new-repository-secret.png)
10. Add the following secrets:
- **CONNECTION_STRING**: The connection string of your database.
Example of Azure SQL connection string:
![Azure sql connection string](../../../images/azure-deploy-connection-string.png)
- **AZUREAPPSERVICE_PUBLISHPROFILE**: The publish the profile of your Azure Web App Service. You can download it from the **Overview** tab of your Azure Web App Service.
![Publish profile](../../../images/azure-deploy-publish-profile.png)
{{ if UI == "NG" || UI == "Blazor"}}
- **AZURE_STATIC_WEB_APPS_API_TOKEN_AMBITIOUS**: The API token of your Azure Static Web App. You can get it from the **Overview** tab of your Azure Static Web App.
![API token](../../../images/azure-deploy-api-token.png)
{{end}}
11. Navigate to the **Actions** tab of your GitHub repository.
12. Click the **Deploy to Azure Web App** workflow.
![Deploy to Azure Web App](../../../images/azure-deploy-deploy-to-azure-web-app.png)
13. Click the **Run workflow** button.
![Run workflow](../../../images/azure-deploy-run-workflow.png)
14. Navigate to the web app URL to see the deployed application.
![Azure Web App](../../../images/azure-deploy-runtime-stack2.png)
> If deploying your application was unsuccessful, you can check the logs of the deployment by clicking the **Deploy to Azure Web App** workflow and then clicking the **deploy-to-webapp** job.
> If deployment is successful, but you get an error when you navigate to the web app url, you can check the logs of the web app by clicking the **Logs** button on the **Overview** tab of your Azure Web App Service.
> Finally, you have the CI/CD pipeline for your application. Every time you push your code to the main branch, your application will be deployed to Azure Web App Service automatically.
## What's next?
- [Docker Deployment using Docker Compose](../deployment-docker-compose.md)
- [IIS Deployment](../deployment-iis.md)

572
docs/en/solution-templates/layered-web-application/deployment/azure-deployment/terraform-web-app-service.md
View File

@ -0,0 +1,572 @@
# Provisioning an Azure Web App using Terraform
````json
//[doc-params]
{
"UI": ["MVC", "Blazor", "BlazorServer", "NG"],
"DB": ["EF", "Mongo"],
"Tiered": ["Yes", "No"]
}
````
In this tutorial, we'll walk through the steps to provision an Azure Web App using Terraform. Terraform is an open-source infrastructure as a code tool that allows you to define and manage your infrastructure in a declarative way.
## Prerequisites
Before you begin, you'll need the following:
- [Azure account](https://azure.microsoft.com/en-us/free/)
- [Terraform installed](https://developer.hashicorp.com/terraform/downloads) on your local machine
- [Azure CLI installed](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) on your local machine
## Creating a Service Principal for Terraform in Azure
When working with Terraform on Azure, you'll need a "Service Principal" for authentication. A "Service Principal" is an identity created to be used with applications, hosted services, and automated tools to access Azure resources.
[To create a service principal](https://learn.microsoft.com/en-us/azure/developer/terraform/authenticate-to-azure?tabs=bash#create-a-service-principal), run the following command in the Azure CLI:
1. Login to Azure CLI
Before you begin, make sure you are logged into your Azure account with the Azure CLI:
```bash
az login
```
2. Set your Subscription:
If you have multiple Azure subscriptions, specify the one you intend to use:
```bash
az account set --subscription="YOUR_SUBSCRIPTION_ID"
```
3. Create the Service Principal:
The following command will create a service principal. Replace YOUR_APP_NAME with a suitable name for your application:
```bash
az ad sp create-for-rbac --name "YOUR_APP_NAME" --role contributor --scopes /subscriptions/YOUR_SUBSCRIPTION_ID
```
> Replace `YOUR_SUBSCRIPTION_ID` with your subscription id.
The output of this command will provide the **appId**, **displayName**, **name**, **password**, and **tenant**. It's crucial to note these values, especially **appId (Client ID)** and **password (Client Secret)**, as you'll need them for Terraform authentication.
4. Specify the service principal credentials in environment variables
bash:
```bash
export ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
export ARM_TENANT_ID="<azure_subscription_tenant_id>"
export ARM_CLIENT_ID="<service_principal_appid>"
export ARM_CLIENT_SECRET="<service_principal_password>"
```
To execute the ~/.bashrc script, run source ~/.bashrc (or its abbreviated equivalent . ~/.bashrc). You can also exit and reopen Cloud Shell for the script to run automatically.
Run the following bash command to verify the Azure environment variables:
```bash
. ~/.bashrc
```
powershell:
```powershell
$env:ARM_SUBSCRIPTION_ID="<azure_subscription_id>"
$env:ARM_TENANT_ID="<azure_subscription_tenant_id>"
$env:ARM_CLIENT_ID="<service_principal_appid>"
$env:ARM_CLIENT_SECRET="<service_principal_password>"
```
Run the following PowerShell command to verify the Azure environment variables:
```powershell
gci env:ARM_*
```
> Replace the values with your own.
## Creating a Terraform Configuration
1. Create a new directory for your Terraform configuration files.
2. Create a new file named `main.tf` in the directory and add the following code:
{{if UI == "NG"}}
```terraform
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.0"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
# Create the resource group
resource "azurerm_resource_group" "rg" {
name = "demo-angular-web-app-rg"
location = "westeurope"
}
# Create the Linux App Service Plan
resource "azurerm_service_plan" "appserviceplan" {
name = "demo-angular-web-app-plan"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
os_type = "Linux"
sku_name = "B3"
}
resource "azurerm_linux_web_app" "apihost" {
name = "apihost-angular"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
}
resource "azurerm_static_site" "angularweb" {
name = "angularweb"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
```
{{ else if UI == "Blazor" }}
```terraform
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.0"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
# Create the resource group
resource "azurerm_resource_group" "rg" {
name = "blazor-app-nontier-rg"
location = "westeurope"
}
# Create the Linux App Service Plan
resource "azurerm_service_plan" "appserviceplan" {
name = "blazor-app-nontier-plan"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
os_type = "Linux"
sku_name = "B3"
}
# Create the web app, pass in the App Service Plan ID
resource "azurerm_linux_web_app" "apihost" {
name = "apihost-blazor"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
}
resource "azurerm_static_site" "blazorweb" {
name = "blazorweb"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
}
```
{{ else if UI == "BlazorServer" }}
{{if Tiered == "No"}}
```terraform
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.0"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
# Create the resource group
resource "azurerm_resource_group" "rg" {
name = "blazorserver-app-nontier-rg"
location = "westeurope"
}
# Create the Linux App Service Plan
resource "azurerm_service_plan" "appserviceplan" {
name = "blazorserver-app-nontier-plan"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
os_type = "Linux"
sku_name = "B3"
}
# Create the web app, pass in the App Service Plan ID
resource "azurerm_linux_web_app" "authserver" {
name = "authserver-blazorserver"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
}
resource "azurerm_linux_web_app" "apihost" {
name = "apihost-blazorserver"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
}
resource "azurerm_linux_web_app" "webapp" {
name = "webapp-blazorserver"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
}
```
{{ else }}
```terraform
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.0"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
# Create the resource group
resource "azurerm_resource_group" "rg" {
name = "blazorserver-app-tier-rg"
location = "westeurope"
}
# Create the Linux App Service Plan
resource "azurerm_service_plan" "appserviceplan" {
name = "blazorserver-app-tier-plan"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
os_type = "Linux"
sku_name = "B3"
}
# Create the web app, pass in the App Service Plan ID
resource "azurerm_linux_web_app" "authserver" {
name = "authserver-blazorserver"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
app_settings = {
"Redis__Configuration" = azurerm_redis_cache.redis.primary_connection_string
}
}
resource "azurerm_linux_web_app" "apihost" {
name = "apihost-blazorserver"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
app_settings = {
"Redis__Configuration" = azurerm_redis_cache.redis.primary_connection_string
}
}
resource "azurerm_linux_web_app" "webapp" {
name = "webapp-blazorserver"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
app_settings = {
"Redis__Configuration" = azurerm_redis_cache.redis.primary_connection_string
}
}
resource "azurerm_redis_cache" "redis" {
name = "redis-blazorserver"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
capacity = 0
family = "C"
sku_name = "Basic"
enable_non_ssl_port = false
minimum_tls_version = "1.2"
redis_configuration {
maxmemory_reserved = 2
maxmemory_delta = 2
maxmemory_policy = "volatile-lru"
}
}
```
{{end}}
{{ else if UI == "MVC" }}
{{ if Tiered == "No" }}
```terraform
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.0"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
# Create the resource group
resource "azurerm_resource_group" "rg" {
name = "demo-abp-web-app"
location = "westeurope"
}
# Create the Linux App Service Plan
resource "azurerm_service_plan" "appserviceplan" {
name = "demo-abp-web-app-plan"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
os_type = "Linux"
sku_name = "B3"
}
# Create the web app, pass in the App Service Plan ID
resource "azurerm_linux_web_app" "webapp" {
name = "demo-abp-web-app"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
}
output "webappurl" {
value = "${azurerm_linux_web_app.webapp.name}.azurewebsites.net"
}
```
{{ else }}
```terraform
# Configure the Azure provider
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "~> 3.0.0"
}
}
required_version = ">= 0.14.9"
}
provider "azurerm" {
features {}
}
# Create the resource group
resource "azurerm_resource_group" "rg" {
name = "demo-abp-web-app-tier-rg"
location = "westeurope"
}
# Create the Linux App Service Plan
resource "azurerm_service_plan" "appserviceplan" {
name = "demo-abp-web-app-tier-plan"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
os_type = "Linux"
sku_name = "B3"
}
# Create the web app, pass in the App Service Plan ID
resource "azurerm_linux_web_app" "authserver" {
name = "authserver-prodemo"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
app_settings = {
"Redis__Configuration" = azurerm_redis_cache.redis.primary_connection_string
}
}
resource "azurerm_linux_web_app" "apihost" {
name = "apihost-prodemo"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
app_settings = {
"Redis__Configuration" = azurerm_redis_cache.redis.primary_connection_string
}
}
resource "azurerm_linux_web_app" "webapp" {
name = "webapp-prodemo"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
service_plan_id = azurerm_service_plan.appserviceplan.id
https_only = true
site_config {
application_stack {
dotnet_version = "6.0"
}
minimum_tls_version = "1.2"
}
app_settings = {
"Redis__Configuration" = azurerm_redis_cache.redis.primary_connection_string
}
}
resource "azurerm_redis_cache" "redis" {
name = "redis-prodemo"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
capacity = 0
family = "C"
sku_name = "Basic"
enable_non_ssl_port = false
minimum_tls_version = "1.2"
redis_configuration {
maxmemory_reserved = 2
maxmemory_delta = 2
maxmemory_policy = "volatile-lru"
}
}
output "authserver" {
value = "${azurerm_linux_web_app.authserver.name}.azurewebsites.net"
}
output "apihost" {
value = "${azurerm_linux_web_app.apihost.name}.azurewebsites.net"
}
output "webapp" {
value = "${azurerm_linux_web_app.webapp.name}.azurewebsites.net"
}
output "redis_hostname" {
value = azurerm_redis_cache.redis.hostname
description = "The hostname for the Redis instance."
}
```
{{end}}
{{end}}
3. Run `terraform init` to initialize the directory.
4. Run `terraform plan` to see the execution plan.
5. Run `terraform apply` to apply the changes. Write `yes` when prompted to confirm the deployment.
6. Wait for the deployment to complete.
7. Navigate to the web app URL to see the deployed application.
> You can also see the web app URL in the output of the `terraform apply` command.
> You have to change the **dotnet version** of the runtime stack according to your application. For example, if you are using .NET 7, you should change `dotnet_version = "6.0"` to `dotnet_version = "7.0"`.
![Azure Web App](../../../images/azure-deploy-runtime-stack.png)
## Destroying the Terraform Configuration
1. Run `terraform destroy` to destroy the created resources.
2. Type `yes` when prompted to confirm the destruction.

1933
docs/en/solution-templates/layered-web-application/deployment/deployment-docker-compose.md
View File

File diff suppressed because it is too large

261
docs/en/solution-templates/layered-web-application/deployment/deployment-iis.md
View File

@ -0,0 +1,261 @@
# IIS Deployment
````json
//[doc-params]
{
"UI": ["MVC", "Blazor", "BlazorServer", "NG"],
"DB": ["EF", "Mongo"],
"Tiered": ["Yes", "No"]
}
````
> This document assumes that you prefer to use **{{ UI_Value }}** as the UI framework and **{{ DB_Value }}** as the database provider. For other options, please change the preference on top of this document.
## Prerequisites
- An IIS Server that is ready for deployment.
- Install the [hosting bundle](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/hosting-bundle).
- **{{ DB_Value }}** database must be ready to use with your project.
- If you want to publish in a local environment, this guide will use mkcert to create self-signed certificates. Follow the [installation guide](https://github.com/FiloSottile/mkcert#installation) to install mkcert.
{{ if Tiered == "Yes" }}
- A Redis instance prepared for caching.
{{end}}
## Generate an Authentication Certificate
If you're using OpenIddict, you need to generate an authentication certificate. You can execute this command in {{ if Tiered == "Yes" }}AuthServer{{ else if UI == "NG" || UI == "Blazor" }}HttpApi.Host{{ else if UI == "BlazorServer" }}Blazor{{ else }}Web{{ end }} folder.
````bash
dotnet dev-certs https -v -ep authserver.pfx -p 00000000-0000-0000-0000-000000000000
````
> `00000000-0000-0000-0000-000000000000` is the password of the certificate, you can change it to any password you want.
## Creating the Publish Files
You can execute this commands in your project root folder.
````bash
dotnet publish ./src/Volo.Sample.DbMigrator/Volo.Sample.DbMigrator.csproj -c Release -o ./publish/dbmigrator # Replace with your project name
````
{{ if UI == "NG" }}
````bash
cd angular && yarn build:prod --output-path ../publish/angular && cd ..
dotnet publish ./aspnet-core/src/Volo.Sample.HttpApi.Host/Volo.Sample.HttpApi.Host.csproj -c Release -o ./publish/apihost # Replace with your project name
{{ if Tiered == "Yes" }}
dotnet publish ./aspnet-core/src/Volo.Sample.AuthServer/Volo.Sample.AuthServer.csproj -c Release -o ./publish/authserver # Replace with your project name
{{ end }}
````
{{ else if UI == "Blazor" }}
````bash
dotnet publish ./src/Volo.Sample.Blazor/Volo.Sample.Blazor.csproj -c Release -o ./publish/blazor # Replace with your project name
dotnet publish ./src/Volo.Sample.HttpApi.Host/Volo.Sample.HttpApi.Host.csproj -c Release -o ./publish/apihost # Replace with your project name
{{ if Tiered == "Yes" }}
dotnet publish ./src/Volo.Sample.AuthServer/Volo.Sample.AuthServer.csproj -c Release -o ./publish/authserver # Replace with your project name
{{ end }}
````
{{ else if UI == "BlazorServer" }}
````bash
dotnet publish ./src/Volo.Sample.Blazor/Volo.Sample.Blazor.csproj -c Release -o ./publish/blazor # Replace with your project name
{{ if Tiered == "Yes" }}
dotnet publish ./src/Volo.Sample.HttpApi.Host/Volo.Sample.HttpApi.Host.csproj -c Release -o ./publish/apihost # Replace with your project name
dotnet publish ./src/Volo.Sample.AuthServer/Volo.Sample.AuthServer.csproj -c Release -o ./publish/authserver # Replace with your project name
{{ end }}
````
{{ else }}
````bash
dotnet publish ./src/Volo.Sample.Web/Volo.Sample.Web.csproj -c Release -o ./publish/web # Replace with your project name
{{ if Tiered == "Yes" }}
dotnet publish ./src/Volo.Sample.HttpApi.Host/Volo.Sample.HttpApi.Host.csproj -c Release -o ./publish/apihost # Replace with your project name
dotnet publish ./src/Volo.Sample.AuthServer/Volo.Sample.AuthServer.csproj -c Release -o ./publish/authserver # Replace with your project name
{{ end }}
````
{{ end }}
## Run the DbMigrator With Your Custom Settings
Update the connection string and OpenIddict section with your domain names. Run the DbMigrator app.
> For example, in a tiered MVC project.
````json
{
"ConnectionStrings": {
"Default": "Server=volo.sample;Database=Sample;User Id=sa;Password=1q2w3E**;TrustServerCertificate=true"
},
"Redis": {
"Configuration": "volo.sample"
},
"OpenIddict": {
"Applications": {
"Sample_Web": {
"ClientId": "Sample_Web",
"ClientSecret": "1q2w3e*",
"RootUrl": "https://web.sample"
},
"Sample_Swagger": {
"ClientId": "Sample_Swagger",
"RootUrl": "https://api.sample"
}
}
}
}
````
## Preparing for Local Deployment
You can skip this part if you're going to deploy on a server with real domain names.
### Creating a Self-Signed Certificate with mkcert
You can execute this command in your command prompt.
````bash
cd Desktop # or another path
mkcert -pkcs12 auth.sample api.sample web.sample # Replace with your domain names
````
Rename the created file extension to ".pfx"
Import the certificate to IIS
![Import the certificate](../../images/iis-install-cert.gif)
### Add domain names to hosts file
Add domain names to hosts file(in Windows: `C:\Windows\System32\drivers\etc\hosts`, in Linux and macOS: `/etc/hosts`).
> For example, in a tiered MVC project.
````json
127.0.0.1 auth.sample
127.0.0.1 api.sample
127.0.0.1 web.sample
````
## Publish the Application(s) On IIS
### Update the appsettings
Update the appsettings according to your project type and domain names.
> For example, in a tiered MVC project.
````json
//AuthServer
{
"App": {
"SelfUrl": "https://auth.sample",
"CorsOrigins": "https://api.sample,https://web.sample",
"RedirectAllowedUrls": "https://api.sample,https://web.sample",
"DisablePII": "false"
},
"ConnectionStrings": {
"Default": "Server=volo.sample;Database=Sample;User Id=sa;Password=1q2w3E**;TrustServerCertificate=true"
},
"AuthServer": {
"Authority": "https://auth.sample",
"RequireHttpsMetadata": "true"
},
"StringEncryption": {
"DefaultPassPhrase": "f9uRkTLdtAZLmlh3"
},
"Redis": {
"Configuration": "volo.sample"
}
}
//HttpApi.Host
{
"App": {
"SelfUrl": "https://api.sample",
"CorsOrigins": "https://web.sample",
"DisablePII": "false",
"HealthCheckUrl": "/health-status"
},
"ConnectionStrings": {
"Default": "Server=volo.sample;Database=Sample;User Id=sa;Password=1q2w3E**;TrustServerCertificate=true"
},
"Redis": {
"Configuration": "volo.sample"
},
"AuthServer": {
"Authority": "https://auth.sample",
"RequireHttpsMetadata": "true",
"SwaggerClientId": "Sample_Swagger"
},
"StringEncryption": {
"DefaultPassPhrase": "f9uRkTLdtAZLmlh3"
}
}
//Web
{
"App": {
"SelfUrl": "https://web.sample",
"DisablePII": "false"
},
"RemoteServices": {
"Default": {
"BaseUrl": "https://api.sample/"
},
"AbpAccountPublic": {
"BaseUrl": "https://auth.sample/"
}
},
"Redis": {
"Configuration": "volo.sample"
},
"AuthServer": {
"Authority": "https://auth.sample",
"RequireHttpsMetadata": "true",
"ClientId": "Sample_Web",
"ClientSecret": "1q2w3e*"
},
"StringEncryption": {
"DefaultPassPhrase": "f9uRkTLdtAZLmlh3"
}
}
````
### Copy the .pfx file
You need to copy pfx file from ./src/{{ if Tiered == "Yes" }}AuthServer{{ else if UI == "NG" || UI == "Blazor" }}HttpApi.Host{{ else if UI == "BlazorServer" }}Blazor{{ else }}Web{{ end }} to ./publish/{{ if Tiered == "Yes" }}authserver{{ else if UI == "NG" || UI == "Blazor" }}apihost{{ else if UI == "BlazorServer" }}blazor{{ else }}web{{ end }} folder.
### Publish the Applications(s)
You can add as website from IIS.
> For {{ if Tiered == "Yes" }}authserver{{ else if UI == "NG" || UI == "Blazor" }}apihost{{ else if UI == "BlazorServer" }}blazor{{ else }}web{{ end }} we need to enable load user profile to true from application pool for created web site.
![Load User Profile](../../images/load-user-profile-iis.png)
> For local deployment select the SSL certificate when you add the web site.
![SSL Certificate Selection](../../images/ssl-cert-selection-in-iis.png)
The final result should look like this (depending on your project type).
![IIS deployment](../../images/iis-sample-deployment.png)
We can visit the websites from a browser.
![Tiered IIS deployment](../../images/iis-sample-tiered-deployment.gif)
## What's next?
- [Docker Deployment using Docker Compose](deployment-docker-compose.md)
- [Azure Deployment using Application Service](deployment-azure-application-service.md)

111
docs/en/solution-templates/layered-web-application/deployment/identityserver-deployment.md
View File

@ -0,0 +1,111 @@
# IdentityServer Deployment
IdentityServer configuration may be different based on deployment configurations. Basically, you need update identityserver client related data and update your hosting preferences based on your deployment environment.
## Update Cors Origins
Cors origins configuration for **gateways**, **microservices** swagger authorization and **Angular/Blazor** (web assembly) must be updated for deployment. This can be found under **App** configuration in *appsettings.json*
```json
"CorsOrigins": "https://*.MyProjectName.com,http://localhost:4200,https://localhost:44307,https://localhost:44325,https://localhost:44353,https://localhost:44367,https://localhost:44388,https://localhost:44381,https://localhost:44361",
```
## Update Redirect Allowed Urls
This configuration must be done if **Angular** or **Blazor** (web assembly) is used as back-office web application. It is found under **App** configuration in appsettings.json
```json
"RedirectAllowedUrls": "http://localhost:4200,https://localhost:44307"
```
## Update DbMigrator
`IdentityServerDataSeedContributor` uses **IdentityServer.Clients** section of `appsettings.json` for `ClientId`, `RedirectUri`, `PostLogoutRedirectUri`, `CorsOrigins`.
Update DbMigrator project `appsettings.json` **IdentityServer.Clients.RootUrls** with production values:
![db-migrator-appsettings](../../images/db-migrator-appsettings.png)
Or, manually add production values to `IdentityServerClientRedirectUris`, `IdentityServerClientPostLogoutRedirectUris`, `IdentityServerClientCorsOrigins` tables in your database.
> If you are using microservice template on-the-fly migration and not using dbmigrator project, update **IdentityService** appsettings.
Eventually, you shouldn't have `localhost` related data.
## Update IdentityServer
You need to update token signing certificate and identityserver midware based on your hosting environment.
### Signing Certificate
Default development environment uses [developer signing certificates option](https://github.com/abpframework/abp/blob/dev/modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerBuilderOptions.cs#L29). Using developer signing certificates may cause *IDX10501: Signature validation failed* error on production.
Update **IdentityServerModule** with using real certificate on `IIdentityServerBuilder` pre-configuration.
![idsrv-certificate](../../images/idsrv-certificate.png)
You can also [create self-signed certificate](https://docs.abp.io/en/commercial/5.0/startup-templates/microservice/tye-integration#create-developer-certificates) and use it.
> If you are using self signed certificate, do not forget to set the certificate (.pfx file) as `EmbeddedResource` and set `CopyToOutputDirectory`. File needs to exist physically.
### Use HTTPS
Update **IdentityServerModule** to [enfcore https](https://docs.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-6.0&tabs=visual-studio). Add `UseHsts` to add hsts headers to clients, add `UseHttpsRedirection` to redirect http requests to https.
![use-https](../../images/use-https.png)
### Behind Load Balancer
To redirect http requests to https from load balancer, update `OnApplicationInitialization` method of the **IdentityServerModule** with the midware below:
```csharp
app.Use((httpContext, next) =>
{
httpContext.Request.Scheme = "https";
return next();
});
```
### Kubernetes
A common scenario is running applications in kubernetes environment. While IdentityServer needs to face internet on https, internal requests can be done using http.
![idsrv-k8s](../../images/idsrv-k8s.png)
**HttpApi.Host** and **Web** applications authority should be set to http since token validations will done using http request.
![api-resource-internal-idsrv](../../images/api-resource-internal-idsrv.png)
> You can use different appsettings files like *appsettings.production.json* to override these values or directly override environment values from kubernetes.
To isolate internal identityserver requests from external network (internet), append extra header instead of overwriting.
For ingress, you can use `nginx.ingress.kubernetes.io/configuration-snippet`:
```yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myidentityserver-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-buffer-size: "32k"
nginx.ingress.kubernetes.io/proxy-buffers-number: "8"
nginx.ingress.kubernetes.io/configuration-snippet: |
more_set_input_headers "from-ingress: true";
spec:
```
You need to set the IdentityServer origin based on header. Update `OnApplicationInitialization` method of the **IdentityServerModule** with the midware below:
```csharp
app.Use(async (ctx, next) =>
{
if (ctx.Request.Headers.ContainsKey("from-ingress"))
{
ctx.SetIdentityServerOrigin("https://myidentityserver.com");
}
await next();
});
```

20
docs/en/solution-templates/layered-web-application/deployment/index.md
View File

@ -0,0 +1,20 @@
# Deployment
````json
//[doc-params]
{
"UI": ["MVC", "Blazor", "BlazorServer", "NG"],
"DB": ["EF", "Mongo"],
"Tiered": ["Yes", "No"]
}
````
> This document assumes that you prefer to use **{{ UI_Value }}** as the UI framework and **{{ DB_Value }}** as the database provider. For other options, please change the preference on top of this document.
This guide explains how to deploy your application in staging and production environments based on your application architecture;
- [Docker Deployment using Docker Compose](deployment-docker-compose.md)
- [Azure Deployment using Application Service](azure-deployment/azure-deployment.md)
- [IIS Deployment](deployment-iis.md)

127
docs/en/solution-templates/layered-web-application/deployment/openiddict-deployment.md
View File

@ -0,0 +1,127 @@
# OpenIddict Deployment
[OpenIddict](https://github.com/openiddict/openiddict-core) is the default OpenId Provider library used by ABP templates through the [OpenIddict Module](https://docs.abp.io/en/abp/latest/Modules/OpenIddict). It is hosted by the **AuthServer** project in the tiered/seperate-authserver application templates. For non-tiered applications, it is hosted by the Web (MVC/Razor), BlazorServer or the **HttpApi.Host** project for Blazor and Angular applications.
## Update Cors Origins
Cors origins configuration for ***gateways***, ***microservices*** swagger authorization, and ***Angular/Blazor*** (web assembly) must be updated for deployment. This can be found under the ***App*** configuration in **appsettings.json**
```json
"CorsOrigins": "https://*.MyProjectName.com,http://localhost:4200,https://localhost:44307,https://localhost:44325,https://localhost:44353,https://localhost:44367,https://localhost:44388,https://localhost:44381,https://localhost:44361",
```
## Update Redirect Allowed URLs
If **Angular** or **Blazor** (Web Assembly) is used as a back-office web application, this configuration must be done. It is found under **App** configuration in `appsettings.json`.
```json
"RedirectAllowedUrls": "http://localhost:4200,https://localhost:44307"
```
## Update DbMigrator
`OpenIddictDataSeedContributor` uses **OpenIddict.Applications** section of `appsettings.json` for `ClientId`, `RedirectUri`, `PostLogoutRedirectUri` and `CorsOrigins`.
Update DbMigrator project `appsettings.json` **OpenIddict.Applications.RootUrls** with production values or override them:
![db-migrator-appsettings](../images/db-migrator-openiddict-appsettings.png)
> If you are using microservice template self-migration and not using DbMigrator project, update **IdentityService** appsettings.
Eventually, you shouldn't have any `localhost` related data.
## Update AuthServer
In the development environment, OpenIddict uses a development encryption and signing certificate. In the production environment, this must be disabled. OpenIddict needs a real certificate for signing and encrypting the tokens.
### Signing and Encryption Certificate
The default development environment uses [developer signing certificates option](https://github.com/abpframework/abp/blob/bda231b319b62582dee4f8389494cd4442ac474f/modules/openiddict/src/Volo.Abp.OpenIddict.AspNetCore/Volo/Abp/OpenIddict/AbpOpenIddictAspNetCoreModule.cs#L104-L105). Using developer signing certificates may cause *IDX10501: Signature validation failed* error on production.
Update **AuthServerModule** by using a real certificate on `OpenIddictBuilder` pre-configuration.
![openiddict-certificate](../images/openiddict-certificate.png)
When you create a new application from the application template, ABP CLI automatically generates a new self-signed certificate with the name `openiddict.pfx` and a random password. This file and the password are provided in the `GetSigningCertificate` method.
> Note: If you are receiving errors about not being able to reach the `openiddict.pfx` file on the server, make sure you have the necessary permissions.
The best place to store your certificates will depend on your host:
- For IIS applications, [storing the certificates in the machine store](https://www.sonicwall.com/support/knowledge-base/how-can-i-import-certificates-into-the-ms-windows-local-machine-certificate-store/170504615105398/) is the recommended option.
- On Azure, certificates can be uploaded and exposed to Azure App Service applications using the special `WEBSITE_LOAD_CERTIFICATES` flag. For more information, visit the [Use a TLS/SSL certificate in your code in Azure App Service](https://docs.microsoft.com/en-us/azure/app-service/configure-ssl-certificate-in-code) document.
Please check [OpenIddict documentation](https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html#registering-a-certificate-recommended-for-production-ready-scenarios) for more information and using different types of signing/encryption keys.
### Using or Disabling the HTTPS
AuthServer that hosts the OpenIddict openid-provider library uses the SSL/TLS binding of the ASP.NET Core middleware. If you host it on `HTTPS`, the **Issuer** will be hosted on `HTTPS`.
In some deployment scenarios, you may come across an error:
```json
error: invalid_request
error_description: This server only accepts HTTPS requests.
error_uri: https//documnentation.openiddict.com/errors/ID2083
```
You can easily disable the HTTPS requirement from the **appsettings.json**:
```json
"AuthServer": {
"Authority": "https://localhost:44369",
"RequireHttpsMetadata": "false"
},
```
This configuration can be found under the `ConfigureServices` method of the AuthServer project:
```csharp
if (!Convert.ToBoolean(configuration["AuthServer:RequireHttpsMetadata"]))
{
Configure<OpenIddictServerAspNetCoreOptions>(options =>
{
options.DisableTransportSecurityRequirement = true;
});
}
```
### Behind Load Balancer
You may need to forward the headers if you are using [Nginx](https://www.nginx.com/) or [Kubernetes Nginx Ingress](https://github.com/kubernetes/ingress-nginx).
Configure the options in the **ConfigureServices** method of `AuthServerModule`:
```csharp
Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
```
And use the middleware in the **OnApplicationInitialization** method of `AuthServerModule`:
```csharp
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseForwardedHeaders();
...
```
Sometimes, including forwarded headers in requests proxied to the application may be impossible.
If the proxy enforces that all public external requests are HTTPS, the scheme can be manually set before using any middleware.
Configure it under the **OnApplicationInitialization** method of `AuthServerModule`:
```csharp
app.Use((httpContext, next) =>
{
httpContext.Request.Scheme = "https";
return next();
});
```
# FAQ
- I see `Server Error 502!`
- Check your application logs under the *Logs* folder. A misconfiguration can prevent your application from starting up, and the easiest way is to pinpoint the problem by checking the logs.
- `System.IO.FileNotFoundException: Signing Certificate couldn't found!:`
- Ensure you have the **.pfx** file in the related location. The **.pfx** file should be marked as an embedded resource, and it should be in the publish directory when you publish your application.
- I can't see the login page! It shows an `HTTP 400` error.
- This is related to the generated URL from the application that tries to authenticate against the AuthServer. Check the AuthServer logs and make sure you have **valid redirect_uri** seeded from the *OpenIddictDataSeedContributor* and the application that redirects to AuthServer has the same configuration.
Write Preview
Loading…
Cancel
Save