mirror of https://github.com/abpframework/eventhub
committed by
GitHub
101 changed files with 1426 additions and 143 deletions
Binary file not shown.
@ -0,0 +1,21 @@ |
|||
### Pre-requirements |
|||
|
|||
* Docker Desktop with Kubernetes enabled |
|||
* Install [NGINX ingress](https://kubernetes.github.io/ingress-nginx/deploy/) for k8s |
|||
|
|||
### How to run? |
|||
|
|||
* Add entries to the hosts file (in Windows: `C:\Windows\System32\drivers\etc\hosts`): |
|||
|
|||
```` |
|||
127.0.0.1 eh-st-account |
|||
127.0.0.1 eh-st-www |
|||
127.0.0.1 eh-st-api |
|||
127.0.0.1 eh-st-admin |
|||
127.0.0.1 eh-st-admin-api |
|||
```` |
|||
|
|||
* Run `build-images.ps1` in the `scripts` directory. |
|||
* Run `helm install eh-st eventhub` in the `helm-chart` directory. |
|||
* Browse https://eh-st-www and https://eh-st-admin |
|||
* Username: `admin`, password: `1q2w3E*`. |
|||
@ -0,0 +1 @@ |
|||
helm upgrade --install eh-az eventhub -f .\eventhub\values.azure.yaml --namespace eventhub --create-namespace |
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: eventhub |
|||
appVersion: "1.0" |
|||
description: EventHub solution |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: account |
|||
appVersion: "1.0" |
|||
description: EventHub Account Application |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,28 @@ |
|||
apiVersion: networking.k8s.io/v1 |
|||
kind: Ingress |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }}-ingress |
|||
annotations: |
|||
nginx.ingress.kubernetes.io/rewrite-target: / |
|||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" |
|||
nginx.ingress.kubernetes.io/proxy-buffer-size: "{{ .Values.global.nginxProxyBufferSize }}" |
|||
nginx.ingress.kubernetes.io/proxy-buffers-number: "{{ .Values.global.nginxProxyBuffersNumber }}" |
|||
cert-manager.io/cluster-issuer: letsencrypt |
|||
nginx.ingress.kubernetes.io/configuration-snippet: | |
|||
more_set_input_headers "from-ingress: true"; |
|||
spec: |
|||
tls: |
|||
- hosts: |
|||
- {{ .Values.global.accountDomain }} |
|||
secretName: {{ .Release.Name }}-{{ .Chart.Name }}-tls |
|||
rules: |
|||
- host: "{{ .Values.global.accountDomain }}" |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: Prefix |
|||
backend: |
|||
service: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
port: |
|||
number: 80 |
|||
@ -0,0 +1,14 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
ports: |
|||
- name: "80" |
|||
port: 80 |
|||
- name: "443" |
|||
port: 443 |
|||
selector: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
@ -0,0 +1,27 @@ |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
containers: |
|||
- image: {{ .Values.containerImage }} |
|||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
ports: |
|||
- name: http |
|||
containerPort: 80 |
|||
- name: https |
|||
containerPort: 443 |
|||
env: |
|||
{{ include "eventhub.global.env" . | indent 8 }} |
|||
- name: "ConnectionStrings__Default" |
|||
value: {{ .Values.global.defaultConnString }} |
|||
|
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: admin-api |
|||
appVersion: "1.0" |
|||
description: EventHub Admin API Application |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,26 @@ |
|||
apiVersion: networking.k8s.io/v1 |
|||
kind: Ingress |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }}-ingress |
|||
annotations: |
|||
nginx.ingress.kubernetes.io/rewrite-target: / |
|||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" |
|||
nginx.ingress.kubernetes.io/proxy-buffer-size: "{{ .Values.global.nginxProxyBufferSize }}" |
|||
nginx.ingress.kubernetes.io/proxy-buffers-number: "{{ .Values.global.nginxProxyBuffersNumber }}" |
|||
cert-manager.io/cluster-issuer: letsencrypt |
|||
spec: |
|||
tls: |
|||
- hosts: |
|||
- {{ .Values.global.adminApiDomain }} |
|||
secretName: {{ .Release.Name }}-{{ .Chart.Name }}-tls |
|||
rules: |
|||
- host: "{{ .Values.global.adminApiDomain }}" |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: Prefix |
|||
backend: |
|||
service: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
port: |
|||
number: 80 |
|||
@ -0,0 +1,14 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
ports: |
|||
- name: "80" |
|||
port: 80 |
|||
- name: "443" |
|||
port: 443 |
|||
selector: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
@ -0,0 +1,27 @@ |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
containers: |
|||
- image: {{ .Values.containerImage }} |
|||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
ports: |
|||
- name: http |
|||
containerPort: 80 |
|||
- name: https |
|||
containerPort: 443 |
|||
env: |
|||
{{ include "eventhub.global.env" . | indent 8 }} |
|||
- name: "ConnectionStrings__Default" |
|||
value: {{ .Values.global.defaultConnString }} |
|||
|
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: admin |
|||
appVersion: "1.0" |
|||
description: EventHub Admin Application |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,28 @@ |
|||
apiVersion: networking.k8s.io/v1 |
|||
kind: Ingress |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }}-ingress |
|||
annotations: |
|||
nginx.ingress.kubernetes.io/rewrite-target: / |
|||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" |
|||
nginx.ingress.kubernetes.io/proxy-buffer-size: "{{ .Values.global.nginxProxyBufferSize }}" |
|||
nginx.ingress.kubernetes.io/proxy-buffers-number: "{{ .Values.global.nginxProxyBuffersNumber }}" |
|||
cert-manager.io/cluster-issuer: letsencrypt |
|||
nginx.ingress.kubernetes.io/configuration-snippet: | |
|||
more_set_headers "blazor-environment: {{ .Values.global.dotnetEnvironment }}"; |
|||
spec: |
|||
tls: |
|||
- hosts: |
|||
- {{ .Values.global.adminDomain }} |
|||
secretName: {{ .Release.Name }}-{{ .Chart.Name }}-tls |
|||
rules: |
|||
- host: "{{ .Values.global.adminDomain }}" |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: Prefix |
|||
backend: |
|||
service: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
port: |
|||
number: 80 |
|||
@ -0,0 +1,14 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
ports: |
|||
- name: "80" |
|||
port: 80 |
|||
- name: "443" |
|||
port: 443 |
|||
selector: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
@ -0,0 +1,24 @@ |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
containers: |
|||
- image: {{ .Values.containerImage }} |
|||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
ports: |
|||
- name: http |
|||
containerPort: 80 |
|||
- name: https |
|||
containerPort: 443 |
|||
env: |
|||
{{ include "eventhub.global.env" . | indent 8 }} |
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: api |
|||
appVersion: "1.0" |
|||
description: EventHub API Application |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,26 @@ |
|||
apiVersion: networking.k8s.io/v1 |
|||
kind: Ingress |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }}-ingress |
|||
annotations: |
|||
nginx.ingress.kubernetes.io/rewrite-target: / |
|||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" |
|||
nginx.ingress.kubernetes.io/proxy-buffer-size: "{{ .Values.global.nginxProxyBufferSize }}" |
|||
nginx.ingress.kubernetes.io/proxy-buffers-number: "{{ .Values.global.nginxProxyBuffersNumber }}" |
|||
cert-manager.io/cluster-issuer: letsencrypt |
|||
spec: |
|||
tls: |
|||
- hosts: |
|||
- {{ .Values.global.apiDomain }} |
|||
secretName: {{ .Release.Name }}-{{ .Chart.Name }}-tls |
|||
rules: |
|||
- host: "{{ .Values.global.apiDomain }}" |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: Prefix |
|||
backend: |
|||
service: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
port: |
|||
number: 80 |
|||
@ -0,0 +1,14 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
ports: |
|||
- name: "80" |
|||
port: 80 |
|||
- name: "443" |
|||
port: 443 |
|||
selector: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
@ -0,0 +1,27 @@ |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
containers: |
|||
- image: {{ .Values.containerImage }} |
|||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
ports: |
|||
- name: http |
|||
containerPort: 80 |
|||
- name: https |
|||
containerPort: 443 |
|||
env: |
|||
{{ include "eventhub.global.env" . | indent 8 }} |
|||
- name: "ConnectionStrings__Default" |
|||
value: {{ .Values.global.defaultConnString }} |
|||
|
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: background-services |
|||
appVersion: "1.0" |
|||
description: EventHub Background Services Application |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,18 @@ |
|||
apiVersion: batch/v1 |
|||
kind: Job |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
activeDeadlineSeconds: 180 |
|||
template: |
|||
spec: |
|||
containers: |
|||
- name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
image: {{ .Values.containerImage }} |
|||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} |
|||
env: |
|||
{{ include "eventhub.global.env" . | indent 8 }} |
|||
- name: "ConnectionStrings__Default" |
|||
value: {{ .Values.global.defaultConnString }} |
|||
restartPolicy: Never |
|||
backoffLimit: 10 |
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: dbmigrator |
|||
appVersion: "1.0" |
|||
description: EventHub Migrator Application |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,24 @@ |
|||
apiVersion: batch/v1 |
|||
kind: Job |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
activeDeadlineSeconds: 180 |
|||
template: |
|||
spec: |
|||
containers: |
|||
- name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
image: {{ .Values.containerImage }} |
|||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} |
|||
env: |
|||
{{ include "eventhub.global.env" . | indent 8 }} |
|||
- name: "ConnectionStrings__Default" |
|||
value: {{ .Values.global.defaultConnString }} |
|||
- name: "IdentityServer__Clients__EventHub_Web__RootUrl" |
|||
value: {{ .Values.global.wwwUrl }} |
|||
- name: "IdentityServer__Clients__EventHub_Blazor__RootUrl" |
|||
value: {{ .Values.global.adminUrl }} |
|||
- name: "IdentityServer__Clients__EventHub_Swagger__RootUrl" |
|||
value: {{ .Values.global.apiUrl }} |
|||
restartPolicy: Never |
|||
backoffLimit: 10 |
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: postgresql |
|||
appVersion: "1.0" |
|||
description: Runs PostgreSQL Instance |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,14 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
type: ClusterIP |
|||
ports: |
|||
- name: postgresql |
|||
port: 5432 |
|||
selector: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
|
|||
@ -0,0 +1,43 @@ |
|||
apiVersion: apps/v1 |
|||
kind: StatefulSet |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
serviceName: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
replicas: 1 |
|||
selector: |
|||
matchLabels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
containers: |
|||
- image: postgres |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
{{- if eq .Release.Name "eh-az" }} |
|||
volumeMounts: |
|||
- mountPath: "/var/lib/postgresql/data" |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }}-database-volume |
|||
subPath: postgresql-data |
|||
{{- end }} |
|||
ports: |
|||
- name: postgresql |
|||
containerPort: 5432 |
|||
env: |
|||
- name: POSTGRES_USER |
|||
value: "root" |
|||
- name: POSTGRES_PASSWORD |
|||
value: "root" |
|||
{{- if eq .Release.Name "eh-az" }} |
|||
volumeClaimTemplates: |
|||
- metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }}-database-volume |
|||
spec: |
|||
accessModes: [ "ReadWriteOnce" ] |
|||
storageClassName: "managed-premium-retain" |
|||
resources: |
|||
requests: |
|||
storage: 64Gi |
|||
{{- end }} |
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: redis |
|||
appVersion: "1.0" |
|||
description: Runs Redis instance |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,13 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
type: ClusterIP |
|||
ports: |
|||
- name: redis |
|||
port: 6379 |
|||
selector: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
@ -0,0 +1,20 @@ |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
replicas: 1 |
|||
selector: |
|||
matchLabels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
containers: |
|||
- image: redis:6.0.10-alpine |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
ports: |
|||
- name: redis |
|||
containerPort: 6379 |
|||
@ -0,0 +1,6 @@ |
|||
apiVersion: v2 |
|||
name: www |
|||
appVersion: "1.0" |
|||
description: EventHub WWW Application |
|||
version: 1.0.0 |
|||
type: application |
|||
@ -0,0 +1,36 @@ |
|||
apiVersion: networking.k8s.io/v1 |
|||
kind: Ingress |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }}-ingress |
|||
annotations: |
|||
nginx.ingress.kubernetes.io/rewrite-target: / |
|||
nginx.ingress.kubernetes.io/force-ssl-redirect: "true" |
|||
nginx.ingress.kubernetes.io/proxy-buffer-size: "{{ .Values.global.nginxProxyBufferSize }}" |
|||
nginx.ingress.kubernetes.io/proxy-buffers-number: "{{ .Values.global.nginxProxyBuffersNumber }}" |
|||
{{- if eq .Release.Name "eh-az" }} |
|||
nginx.ingress.kubernetes.io/from-to-www-redirect: "true" |
|||
{{- end }} |
|||
cert-manager.io/cluster-issuer: letsencrypt |
|||
spec: |
|||
tls: |
|||
- hosts: |
|||
- {{ .Values.global.wwwDomain }} |
|||
{{- if eq .Release.Name "eh-az" }} |
|||
- {{ print "www." .Values.global.wwwDomain }} |
|||
{{- end }} |
|||
secretName: {{ .Release.Name }}-{{ .Chart.Name }}-tls |
|||
rules: |
|||
{{- if eq .Release.Name "eh-az" }} |
|||
- host: "{{ print "www." .Values.global.wwwDomain }}" |
|||
{{- else }} |
|||
- host: "{{ .Values.global.wwwDomain }}" |
|||
{{- end }} |
|||
http: |
|||
paths: |
|||
- path: / |
|||
pathType: Prefix |
|||
backend: |
|||
service: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
port: |
|||
number: 80 |
|||
@ -0,0 +1,14 @@ |
|||
apiVersion: v1 |
|||
kind: Service |
|||
metadata: |
|||
labels: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
ports: |
|||
- name: "80" |
|||
port: 80 |
|||
- name: "443" |
|||
port: 443 |
|||
selector: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
@ -0,0 +1,24 @@ |
|||
apiVersion: apps/v1 |
|||
kind: Deployment |
|||
metadata: |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
selector: |
|||
matchLabels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
template: |
|||
metadata: |
|||
labels: |
|||
app: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
spec: |
|||
containers: |
|||
- image: {{ .Values.containerImage }} |
|||
imagePullPolicy: {{ .Values.global.imagePullPolicy }} |
|||
name: {{ .Release.Name }}-{{ .Chart.Name }} |
|||
ports: |
|||
- name: http |
|||
containerPort: 80 |
|||
- name: https |
|||
containerPort: 443 |
|||
env: |
|||
{{ include "eventhub.global.env" . | indent 8 }} |
|||
@ -0,0 +1,24 @@ |
|||
{{- define "eventhub.global.env" -}} |
|||
- name: "DOTNET_ENVIRONMENT" |
|||
value: "{{ .Values.global.dotnetEnvironment }}" |
|||
- name: "AppUrls__Account" |
|||
value: "{{ .Values.global.accountUrl }}" |
|||
- name: "AppUrls__Www" |
|||
value: "{{ .Values.global.wwwUrl }}" |
|||
- name: "AppUrls__Api" |
|||
value: "{{ .Values.global.apiUrl }}" |
|||
- name: "AppUrls__ApiInternal" |
|||
value: "{{ .Values.global.apiUrlInternal }}" |
|||
- name: "AppUrls__Admin" |
|||
value: "{{ .Values.global.adminUrl }}" |
|||
- name: "AppUrls__AdminApi" |
|||
value: "{{ .Values.global.adminApiUrl }}" |
|||
- name: "Redis__Configuration" |
|||
value: "{{ .Values.global.redisConfiguration }}" |
|||
- name: "AuthServer__Authority" |
|||
value: "{{ .Values.global.internalAuthServerAuthority }}" |
|||
- name: "AuthServer__RequireHttpsMetadata" |
|||
value: "{{ .Values.global.internalAuthServerRequireHttpsMetadata }}" |
|||
- name: "StringEncryption__DefaultPassPhrase" |
|||
value: "{{ .Values.global.stringEncryptionDefaultPassPhrase }}" |
|||
{{- end }} |
|||
@ -0,0 +1,11 @@ |
|||
{{- if eq .Release.Name "eh-az" }} |
|||
kind: StorageClass |
|||
apiVersion: storage.k8s.io/v1 |
|||
metadata: |
|||
name: managed-premium-retain |
|||
provisioner: kubernetes.io/azure-disk |
|||
reclaimPolicy: Retain |
|||
parameters: |
|||
storageaccounttype: Premium_LRS |
|||
kind: Managed |
|||
{{- end }} |
|||
@ -0,0 +1,35 @@ |
|||
global: |
|||
dotnetEnvironment: 'Production' |
|||
accountDomain: account.openeventhub.com |
|||
accountUrl: https://account.openeventhub.com |
|||
apiDomain: api.openeventhub.com |
|||
apiUrl: https://api.openeventhub.com |
|||
apiUrlInternal: http://eh-az-api |
|||
wwwDomain: openeventhub.com |
|||
wwwUrl: "https://www.openeventhub.com" |
|||
adminDomain: admin.openeventhub.com |
|||
adminUrl: https://admin.openeventhub.com |
|||
adminApiDomain: admin-api.openeventhub.com |
|||
adminApiUrl: https://admin-api.openeventhub.com |
|||
nginxProxyBufferSize: "32k" |
|||
nginxProxyBuffersNumber: "8" |
|||
defaultConnString: "Host=eh-az-postgresql;Port=5432;Database=EventHub;Username=root;Password=root" |
|||
redisConfiguration: "eh-az-redis" |
|||
internalAuthServerAuthority: "http://account.openeventhub.com" |
|||
internalAuthServerRequireHttpsMetadata: "false" |
|||
stringEncryptionDefaultPassPhrase: "TxVIZFPxK33czbbv" |
|||
imagePullPolicy: Always |
|||
account: |
|||
containerImage: "volocr.azurecr.io/eventhub.account" |
|||
api: |
|||
containerImage: "volocr.azurecr.io/eventhub.api" |
|||
www: |
|||
containerImage: "volocr.azurecr.io/eventhub.www" |
|||
admin-api: |
|||
containerImage: "volocr.azurecr.io/eventhub.admin-api" |
|||
admin: |
|||
containerImage: "volocr.azurecr.io/eventhub.admin" |
|||
dbmigrator: |
|||
containerImage: "volocr.azurecr.io/eventhub.dbmigrator" |
|||
background-services: |
|||
containerImage: "volocr.azurecr.io/eventhub.background-services" |
|||
@ -0,0 +1,35 @@ |
|||
global: |
|||
dotnetEnvironment: 'Staging' |
|||
accountDomain: eh-st-account |
|||
accountUrl: https://eh-st-account |
|||
apiDomain: eh-st-api |
|||
apiUrl: https://eh-st-api |
|||
apiUrlInternal: http://eh-st-api |
|||
wwwDomain: eh-st-www |
|||
wwwUrl: "https://eh-st-www" |
|||
adminDomain: eh-st-admin |
|||
adminUrl: https://eh-st-admin |
|||
adminApiDomain: eh-st-admin-api |
|||
adminApiUrl: https://eh-st-admin-api |
|||
nginxProxyBufferSize: "32k" |
|||
nginxProxyBuffersNumber: "8" |
|||
defaultConnString: "Host=eh-st-postgresql;Port=5432;Database=EventHub;Username=root;Password=root" |
|||
redisConfiguration: "eh-st-redis" |
|||
internalAuthServerAuthority: "http://eh-st-account" |
|||
internalAuthServerRequireHttpsMetadata: "false" |
|||
stringEncryptionDefaultPassPhrase: "TxVIZFPxK33czbbv" |
|||
imagePullPolicy: Never |
|||
account: |
|||
containerImage: "eventhub.account" |
|||
api: |
|||
containerImage: "eventhub.api" |
|||
www: |
|||
containerImage: "eventhub.www" |
|||
admin-api: |
|||
containerImage: "eventhub.admin-api" |
|||
admin: |
|||
containerImage: "eventhub.admin" |
|||
dbmigrator: |
|||
containerImage: "eventhub.dbmigrator" |
|||
background-services: |
|||
containerImage: "eventhub.background-services" |
|||
@ -0,0 +1,18 @@ |
|||
apiVersion: cert-manager.io/v1 |
|||
kind: ClusterIssuer |
|||
metadata: |
|||
name: letsencrypt |
|||
spec: |
|||
acme: |
|||
server: https://acme-v02.api.letsencrypt.org/directory |
|||
email: info@volosoft.com |
|||
privateKeySecretRef: |
|||
name: letsencrypt |
|||
solvers: |
|||
- http01: |
|||
ingress: |
|||
class: nginx |
|||
podTemplate: |
|||
spec: |
|||
nodeSelector: |
|||
"kubernetes.io/os": linux |
|||
@ -0,0 +1,2 @@ |
|||
kubectl apply -f .\corednsms.yaml |
|||
kubectl delete pod --namespace kube-system -l k8s-app=kube-dns |
|||
@ -0,0 +1,8 @@ |
|||
apiVersion: v1 |
|||
kind: ConfigMap |
|||
metadata: |
|||
name: coredns-custom |
|||
namespace: kube-system |
|||
data: |
|||
Corefile.override: | |
|||
rewrite name substring account.openeventhub.com eh-az-account |
|||
@ -0,0 +1,69 @@ |
|||
$REGISTRY_NAME="volocr.azurecr.io" |
|||
$ACR_URL="volocr.azurecr.io" |
|||
$CONTROLLER_REGISTRY="k8s.gcr.io" |
|||
$CONTROLLER_IMAGE="ingress-nginx/controller" |
|||
$CONTROLLER_TAG="v0.48.1" |
|||
$PATCH_REGISTRY="docker.io" |
|||
$PATCH_IMAGE="jettech/kube-webhook-certgen" |
|||
$PATCH_TAG="v1.5.1" |
|||
$DEFAULTBACKEND_REGISTRY="k8s.gcr.io" |
|||
$DEFAULTBACKEND_IMAGE="defaultbackend-amd64" |
|||
$DEFAULTBACKEND_TAG="1.5" |
|||
$CERT_MANAGER_REGISTRY="quay.io" |
|||
$CERT_MANAGER_TAG="v1.3.1" |
|||
$CERT_MANAGER_IMAGE_CONTROLLER="jetstack/cert-manager-controller" |
|||
$CERT_MANAGER_IMAGE_WEBHOOK="jetstack/cert-manager-webhook" |
|||
$CERT_MANAGER_IMAGE_CAINJECTOR="jetstack/cert-manager-cainjector" |
|||
|
|||
az acr import --name $REGISTRY_NAME --source ${CONTROLLER_REGISTRY}/${CONTROLLER_IMAGE}:${CONTROLLER_TAG} --image ${CONTROLLER_IMAGE}:${CONTROLLER_TAG} |
|||
az acr import --name $REGISTRY_NAME --source ${PATCH_REGISTRY}/${PATCH_IMAGE}:${PATCH_TAG} --image ${PATCH_IMAGE}:${PATCH_TAG} |
|||
az acr import --name $REGISTRY_NAME --source ${DEFAULTBACKEND_REGISTRY}/${DEFAULTBACKEND_IMAGE}:${DEFAULTBACKEND_TAG} --image ${DEFAULTBACKEND_IMAGE}:${DEFAULTBACKEND_TAG} |
|||
az acr import --name $REGISTRY_NAME --source ${CERT_MANAGER_REGISTRY}/${CERT_MANAGER_IMAGE_CONTROLLER}:${CERT_MANAGER_TAG} --image ${CERT_MANAGER_IMAGE_CONTROLLER}:${CERT_MANAGER_TAG} |
|||
az acr import --name $REGISTRY_NAME --source ${CERT_MANAGER_REGISTRY}/${CERT_MANAGER_IMAGE_WEBHOOK}:${CERT_MANAGER_TAG} --image ${CERT_MANAGER_IMAGE_WEBHOOK}:${CERT_MANAGER_TAG} |
|||
az acr import --name $REGISTRY_NAME --source ${CERT_MANAGER_REGISTRY}/${CERT_MANAGER_IMAGE_CAINJECTOR}:${CERT_MANAGER_TAG} --image ${CERT_MANAGER_IMAGE_CAINJECTOR}:${CERT_MANAGER_TAG} |
|||
|
|||
# Create a namespace for your ingress resources |
|||
kubectl create namespace ingress-basic |
|||
|
|||
# Add the ingress-nginx repository |
|||
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx |
|||
|
|||
# Use Helm to deploy an NGINX ingress controller |
|||
helm install nginx-ingress ingress-nginx/ingress-nginx ` |
|||
--namespace ingress-basic ` |
|||
--set controller.replicaCount=1 ` |
|||
--set controller.nodeSelector."kubernetes\.io/os"=linux ` |
|||
--set controller.image.registry=$ACR_URL ` |
|||
--set controller.image.image=$CONTROLLER_IMAGE ` |
|||
--set controller.image.tag=$CONTROLLER_TAG ` |
|||
--set controller.image.digest="" ` |
|||
--set controller.admissionWebhooks.patch.nodeSelector."kubernetes\.io/os"=linux ` |
|||
--set controller.admissionWebhooks.patch.image.registry=$ACR_URL ` |
|||
--set controller.admissionWebhooks.patch.image.image=$PATCH_IMAGE ` |
|||
--set controller.admissionWebhooks.patch.image.tag=$PATCH_TAG ` |
|||
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux ` |
|||
--set defaultBackend.image.registry=$ACR_URL ` |
|||
--set defaultBackend.image.image=$DEFAULTBACKEND_IMAGE ` |
|||
--set defaultBackend.image.tag=$DEFAULTBACKEND_TAG |
|||
|
|||
# Label the ingress-basic namespace to disable resource validation |
|||
kubectl label namespace ingress-basic cert-manager.io/disable-validation=true |
|||
|
|||
# Add the Jetstack Helm repository |
|||
helm repo add jetstack https://charts.jetstack.io |
|||
|
|||
# Update your local Helm chart repository cache |
|||
helm repo update |
|||
|
|||
# Install the cert-manager Helm chart |
|||
helm install cert-manager jetstack/cert-manager ` |
|||
--namespace ingress-basic ` |
|||
--version ${CERT_MANAGER_TAG} ` |
|||
--set installCRDs=true ` |
|||
--set nodeSelector."kubernetes\.io/os"=linux ` |
|||
--set image.repository=${ACR_URL}/${CERT_MANAGER_IMAGE_CONTROLLER} ` |
|||
--set image.tag=${CERT_MANAGER_TAG} ` |
|||
--set webhook.image.repository=${ACR_URL}/${CERT_MANAGER_IMAGE_WEBHOOK} ` |
|||
--set webhook.image.tag=${CERT_MANAGER_TAG} ` |
|||
--set cainjector.image.repository=${ACR_URL}/${CERT_MANAGER_IMAGE_CAINJECTOR} ` |
|||
--set cainjector.image.tag=${CERT_MANAGER_TAG} |
|||
@ -0,0 +1,22 @@ |
|||
az acr login --name volocr |
|||
|
|||
docker tag eventhub.dbmigrator:latest volocr.azurecr.io/eventhub.dbmigrator:latest |
|||
docker push volocr.azurecr.io/eventhub.dbmigrator:latest |
|||
|
|||
docker tag eventhub.www:latest volocr.azurecr.io/eventhub.www:latest |
|||
docker push volocr.azurecr.io/eventhub.www:latest |
|||
|
|||
docker tag eventhub.api:latest volocr.azurecr.io/eventhub.api:latest |
|||
docker push volocr.azurecr.io/eventhub.api:latest |
|||
|
|||
docker tag eventhub.admin:latest volocr.azurecr.io/eventhub.admin:latest |
|||
docker push volocr.azurecr.io/eventhub.admin:latest |
|||
|
|||
docker tag eventhub.admin-api:latest volocr.azurecr.io/eventhub.admin-api:latest |
|||
docker push volocr.azurecr.io/eventhub.admin-api:latest |
|||
|
|||
docker tag eventhub.account:latest volocr.azurecr.io/eventhub.account:latest |
|||
docker push volocr.azurecr.io/eventhub.account:latest |
|||
|
|||
docker tag eventhub.background-services:latest volocr.azurecr.io/eventhub.background-services:latest |
|||
docker push volocr.azurecr.io/eventhub.background-services:latest |
|||
@ -0,0 +1,63 @@ |
|||
$currentFolder = (Get-Item -Path "./" -Verbose).FullName |
|||
$slnFolder = Join-Path $currentFolder "../../../" |
|||
$dbmigratorFolder = Join-Path $slnFolder "src/EventHub.DbMigrator" |
|||
$webFolder = Join-Path $slnFolder "src/EventHub.Web" |
|||
$apiFolder = Join-Path $slnFolder "src/EventHub.HttpApi.Host" |
|||
$adminFolder = Join-Path $slnFolder "src/EventHub.Admin.Web" |
|||
$adminApiFolder = Join-Path $slnFolder "src/EventHub.Admin.HttpApi.Host" |
|||
$identityServerFolder = Join-Path $slnFolder "src/EventHub.IdentityServer" |
|||
$backgroundServicesFolder = Join-Path $slnFolder "src/EventHub.BackgroundServices" |
|||
|
|||
### DB MIGRATOR |
|||
|
|||
Write-Host "*** BUILDING DB MIGRATOR ****************" -ForegroundColor Green |
|||
Set-Location $dbmigratorFolder |
|||
dotnet publish -c Release |
|||
docker build -t eventhub.dbmigrator . |
|||
|
|||
### WEB (WWW) |
|||
|
|||
Write-Host "*** BUILDING WEB (WWW) ****************" -ForegroundColor Green |
|||
Set-Location $webFolder |
|||
dotnet publish -c Release |
|||
docker build -t eventhub.www . |
|||
|
|||
### API |
|||
|
|||
Write-Host "*** BUILDING API ****************" -ForegroundColor Green |
|||
Set-Location $apiFolder |
|||
dotnet publish -c Release |
|||
docker build -t eventhub.api . |
|||
|
|||
### ADMIN (BLAZOR) |
|||
|
|||
Write-Host "*** BUILDING ADMIN (BLAZOR) ****************" -ForegroundColor Green |
|||
Set-Location $adminFolder |
|||
dotnet publish -c Release |
|||
docker build -t eventhub.admin . |
|||
|
|||
### ADMIN API |
|||
|
|||
Write-Host "*** BUILDING ADMIN API ****************" -ForegroundColor Green |
|||
Set-Location $adminApiFolder |
|||
dotnet publish -c Release |
|||
docker build -t eventhub.admin-api . |
|||
|
|||
### IDENTITY SERVER (ACCOUNT) |
|||
|
|||
Write-Host "*** BUILDING IDENTITY SERVER (ACCOUNT) ****************" -ForegroundColor Green |
|||
Set-Location $identityServerFolder |
|||
dotnet publish -c Release |
|||
docker build -t eventhub.account . |
|||
|
|||
### BACKGROUND SERVICES |
|||
|
|||
Write-Host "*** BUILDING BACKGROUND SERVICES ****************" -ForegroundColor Green |
|||
Set-Location $backgroundServicesFolder |
|||
dotnet publish -c Release |
|||
docker build -t eventhub.background-services . |
|||
|
|||
### ALL COMPLETED |
|||
|
|||
Write-Host "ALL COMPLETED" -ForegroundColor Green |
|||
Set-Location $currentFolder |
|||
@ -0,0 +1,7 @@ |
|||
minikube image load eventhub.dbmigrator:latest |
|||
minikube image load eventhub.www:latest |
|||
minikube image load eventhub.api:latest |
|||
minikube image load eventhub.admin:latest |
|||
minikube image load eventhub.admin-api:latest |
|||
minikube image load eventhub.account:latest |
|||
minikube image load eventhub.background-services:latest |
|||
@ -0,0 +1,4 @@ |
|||
FROM mcr.microsoft.com/dotnet/aspnet:5.0 |
|||
COPY bin/Release/net5.0/publish/ app/ |
|||
WORKDIR /app |
|||
ENTRYPOINT ["dotnet", "EventHub.Admin.HttpApi.Host.dll"] |
|||
@ -0,0 +1,71 @@ |
|||
using Microsoft.AspNetCore.Builder; |
|||
using Microsoft.AspNetCore.Http; |
|||
using Microsoft.Extensions.DependencyInjection; |
|||
|
|||
namespace EventHub.Admin.Utils |
|||
{ |
|||
public static class SameSiteCookiesServiceCollectionExtensions |
|||
{ |
|||
public static IServiceCollection AddSameSiteCookiePolicy(this IServiceCollection services) |
|||
{ |
|||
services.Configure<CookiePolicyOptions>(options => |
|||
{ |
|||
options.MinimumSameSitePolicy = SameSiteMode.Unspecified; |
|||
options.OnAppendCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
options.OnDeleteCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
}); |
|||
|
|||
return services; |
|||
} |
|||
|
|||
private static void CheckSameSite(HttpContext httpContext, CookieOptions options) |
|||
{ |
|||
if (options.SameSite == SameSiteMode.None) |
|||
{ |
|||
var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); |
|||
if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent)) |
|||
{ |
|||
// For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
|
|||
options.SameSite = SameSiteMode.Unspecified; |
|||
} |
|||
} |
|||
} |
|||
|
|||
private static bool DisallowsSameSiteNone(string userAgent) |
|||
{ |
|||
// Cover all iOS based browsers here. This includes:
|
|||
// - Safari on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - Chrome on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// All of which are broken by SameSite=None, because they use the iOS networking stack
|
|||
if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
|
|||
// - Safari on Mac OS X.
|
|||
// This does not include:
|
|||
// - Chrome on Mac OS X
|
|||
// Because they do not use the Mac OS networking stack.
|
|||
if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && |
|||
userAgent.Contains("Version/") && userAgent.Contains("Safari")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Chrome 50-69, because some versions are broken by SameSite=None,
|
|||
// and none in this range require it.
|
|||
// Note: this covers some pre-Chromium Edge versions,
|
|||
// but pre-Chromium Edge does not require SameSite=None.
|
|||
if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
return false; |
|||
} |
|||
} |
|||
} |
|||
@ -1,2 +0,0 @@ |
|||
{ |
|||
} |
|||
@ -1,20 +1,14 @@ |
|||
{ |
|||
"App": { |
|||
"CorsOrigins": "https://*.openeventhub.com,https://localhost:44307,https://localhost:44308" |
|||
}, |
|||
"ConnectionStrings": { |
|||
"Default": "Host=localhost;Database=EventHub;Username=root;Password=root;Port=5432" |
|||
}, |
|||
"Redis": { |
|||
"Configuration": "127.0.0.1" |
|||
"Configuration": "localhost" |
|||
}, |
|||
"AuthServer": { |
|||
"Authority": "https://localhost:44313", |
|||
"RequireHttpsMetadata": "true", |
|||
"SwaggerClientId": "EventHub_Swagger", |
|||
"SwaggerClientSecret": "1q2w3e*" |
|||
}, |
|||
"StringEncryption": { |
|||
"DefaultPassPhrase": "TxVIZFPxK33czbbv" |
|||
} |
|||
} |
|||
|
|||
@ -0,0 +1,3 @@ |
|||
FROM nginx:latest |
|||
COPY ./bin/Release/net5.0/publish/wwwroot/ /usr/share/nginx/html/ |
|||
COPY ./nginx.conf /etc/nginx/conf.d/default.conf |
|||
@ -0,0 +1,7 @@ |
|||
server { |
|||
listen 80; |
|||
location / { |
|||
root /usr/share/nginx/html; |
|||
try_files $uri /index.html; |
|||
} |
|||
} |
|||
@ -1,3 +0,0 @@ |
|||
{ |
|||
|
|||
} |
|||
@ -0,0 +1,13 @@ |
|||
{ |
|||
"App": { |
|||
"SelfUrl": "https://admin.openeventhub.com" |
|||
}, |
|||
"AuthServer": { |
|||
"Authority": "https://account.openeventhub.com" |
|||
}, |
|||
"RemoteServices": { |
|||
"Default": { |
|||
"BaseUrl": "https://admin-api.openeventhub.com" |
|||
} |
|||
} |
|||
} |
|||
@ -0,0 +1,13 @@ |
|||
{ |
|||
"App": { |
|||
"SelfUrl": "https://eh-st-admin" |
|||
}, |
|||
"AuthServer": { |
|||
"Authority": "https://eh-st-account" |
|||
}, |
|||
"RemoteServices": { |
|||
"Default": { |
|||
"BaseUrl": "https://eh-st-admin-api" |
|||
} |
|||
} |
|||
} |
|||
@ -0,0 +1,4 @@ |
|||
FROM mcr.microsoft.com/dotnet/aspnet:5.0 |
|||
COPY bin/Release/net5.0/ app/ |
|||
WORKDIR /app |
|||
ENTRYPOINT ["dotnet", "EventHub.BackgroundServices.dll"] |
|||
@ -0,0 +1,4 @@ |
|||
FROM mcr.microsoft.com/dotnet/aspnet:5.0 |
|||
COPY bin/Release/net5.0/ app/ |
|||
WORKDIR /app |
|||
ENTRYPOINT ["dotnet", "EventHub.DbMigrator.dll"] |
|||
@ -1,18 +0,0 @@ |
|||
namespace EventHub.Web |
|||
{ |
|||
public static class EventHubExternalUrls |
|||
{ |
|||
#if DEBUG
|
|||
public const string EhAccount = "https://localhost:44313"; |
|||
public const string EhApi = "https://localhost:44362"; |
|||
public const string EhAdmin = "https://localhost:44307"; |
|||
public const string EhWww = "https://localhost:44308"; |
|||
#else
|
|||
// TODO: Change these production links
|
|||
public const string EhAccount = "https://localhost:44313"; |
|||
public const string EhApi = "https://localhost:44362"; |
|||
public const string EhAdmin = "https://localhost:44307"; |
|||
public const string EhWww = "https://localhost:44308"; |
|||
#endif
|
|||
} |
|||
} |
|||
@ -0,0 +1,49 @@ |
|||
namespace EventHub.Web |
|||
{ |
|||
public class EventHubUrlOptions |
|||
{ |
|||
private const string ConfigurationName = "AppUrls"; |
|||
|
|||
public string Account { get; set; } = "https://localhost:44313"; |
|||
public string Www { get; set; } = "https://localhost:44308"; |
|||
public string Api { get; set; } = "https://localhost:44362"; |
|||
public string ApiInternal { get; set; } = "https://localhost:44362"; |
|||
public string Admin { get; set; } = "https://localhost:44307"; |
|||
public string AdminApi { get; set; } = "https://localhost:44305"; |
|||
|
|||
public static string GetAccountConfigKey() |
|||
{ |
|||
return GetConfigKey(nameof(Account)); |
|||
} |
|||
|
|||
public static string GetWwwConfigKey() |
|||
{ |
|||
return GetConfigKey(nameof(Www)); |
|||
} |
|||
|
|||
public static string GetApiInternalConfigKey() |
|||
{ |
|||
return GetConfigKey(nameof(ApiInternal)); |
|||
} |
|||
|
|||
public static string GetApiConfigKey() |
|||
{ |
|||
return GetConfigKey(nameof(Api)); |
|||
} |
|||
|
|||
public static string GetAdminConfigKey() |
|||
{ |
|||
return GetConfigKey(nameof(Admin)); |
|||
} |
|||
|
|||
public static string GetAdminApiConfigKey() |
|||
{ |
|||
return GetConfigKey(nameof(AdminApi)); |
|||
} |
|||
|
|||
private static string GetConfigKey(string appName) |
|||
{ |
|||
return $"{ConfigurationName}:{appName}"; |
|||
} |
|||
} |
|||
} |
|||
@ -0,0 +1,4 @@ |
|||
FROM mcr.microsoft.com/dotnet/aspnet:5.0 |
|||
COPY bin/Release/net5.0/publish/ app/ |
|||
WORKDIR /app |
|||
ENTRYPOINT ["dotnet", "EventHub.HttpApi.Host.dll"] |
|||
@ -0,0 +1,71 @@ |
|||
using Microsoft.AspNetCore.Builder; |
|||
using Microsoft.AspNetCore.Http; |
|||
using Microsoft.Extensions.DependencyInjection; |
|||
|
|||
namespace EventHub.Utils |
|||
{ |
|||
public static class SameSiteCookiesServiceCollectionExtensions |
|||
{ |
|||
public static IServiceCollection AddSameSiteCookiePolicy(this IServiceCollection services) |
|||
{ |
|||
services.Configure<CookiePolicyOptions>(options => |
|||
{ |
|||
options.MinimumSameSitePolicy = SameSiteMode.Unspecified; |
|||
options.OnAppendCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
options.OnDeleteCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
}); |
|||
|
|||
return services; |
|||
} |
|||
|
|||
private static void CheckSameSite(HttpContext httpContext, CookieOptions options) |
|||
{ |
|||
if (options.SameSite == SameSiteMode.None) |
|||
{ |
|||
var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); |
|||
if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent)) |
|||
{ |
|||
// For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
|
|||
options.SameSite = SameSiteMode.Unspecified; |
|||
} |
|||
} |
|||
} |
|||
|
|||
private static bool DisallowsSameSiteNone(string userAgent) |
|||
{ |
|||
// Cover all iOS based browsers here. This includes:
|
|||
// - Safari on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - Chrome on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// All of which are broken by SameSite=None, because they use the iOS networking stack
|
|||
if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
|
|||
// - Safari on Mac OS X.
|
|||
// This does not include:
|
|||
// - Chrome on Mac OS X
|
|||
// Because they do not use the Mac OS networking stack.
|
|||
if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && |
|||
userAgent.Contains("Version/") && userAgent.Contains("Safari")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Chrome 50-69, because some versions are broken by SameSite=None,
|
|||
// and none in this range require it.
|
|||
// Note: this covers some pre-Chromium Edge versions,
|
|||
// but pre-Chromium Edge does not require SameSite=None.
|
|||
if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
return false; |
|||
} |
|||
} |
|||
} |
|||
@ -1,2 +0,0 @@ |
|||
{ |
|||
} |
|||
@ -1,20 +1,14 @@ |
|||
{ |
|||
"App": { |
|||
"CorsOrigins": "https://*.openeventhub.com,https://localhost:44307,https://localhost:44308" |
|||
}, |
|||
"ConnectionStrings": { |
|||
"Default": "Host=localhost;Database=EventHub;Username=root;Password=root;Port=5432" |
|||
}, |
|||
"Redis": { |
|||
"Configuration": "127.0.0.1" |
|||
"Configuration": "localhost" |
|||
}, |
|||
"AuthServer": { |
|||
"Authority": "https://localhost:44313", |
|||
"RequireHttpsMetadata": "true", |
|||
"SwaggerClientId": "EventHub_Swagger", |
|||
"SwaggerClientSecret": "1q2w3e*" |
|||
}, |
|||
"StringEncryption": { |
|||
"DefaultPassPhrase": "TxVIZFPxK33czbbv" |
|||
} |
|||
} |
|||
|
|||
@ -0,0 +1,4 @@ |
|||
FROM mcr.microsoft.com/dotnet/aspnet:5.0 |
|||
COPY bin/Release/net5.0/publish/ app/ |
|||
WORKDIR /app |
|||
ENTRYPOINT ["dotnet", "EventHub.IdentityServer.dll"] |
|||
@ -0,0 +1,71 @@ |
|||
using Microsoft.AspNetCore.Builder; |
|||
using Microsoft.AspNetCore.Http; |
|||
using Microsoft.Extensions.DependencyInjection; |
|||
|
|||
namespace EventHub.Utils |
|||
{ |
|||
public static class SameSiteCookiesServiceCollectionExtensions |
|||
{ |
|||
public static IServiceCollection AddSameSiteCookiePolicy(this IServiceCollection services) |
|||
{ |
|||
services.Configure<CookiePolicyOptions>(options => |
|||
{ |
|||
options.MinimumSameSitePolicy = SameSiteMode.Unspecified; |
|||
options.OnAppendCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
options.OnDeleteCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
}); |
|||
|
|||
return services; |
|||
} |
|||
|
|||
private static void CheckSameSite(HttpContext httpContext, CookieOptions options) |
|||
{ |
|||
if (options.SameSite == SameSiteMode.None) |
|||
{ |
|||
var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); |
|||
if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent)) |
|||
{ |
|||
// For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
|
|||
options.SameSite = SameSiteMode.Unspecified; |
|||
} |
|||
} |
|||
} |
|||
|
|||
private static bool DisallowsSameSiteNone(string userAgent) |
|||
{ |
|||
// Cover all iOS based browsers here. This includes:
|
|||
// - Safari on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - Chrome on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// All of which are broken by SameSite=None, because they use the iOS networking stack
|
|||
if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
|
|||
// - Safari on Mac OS X.
|
|||
// This does not include:
|
|||
// - Chrome on Mac OS X
|
|||
// Because they do not use the Mac OS networking stack.
|
|||
if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && |
|||
userAgent.Contains("Version/") && userAgent.Contains("Safari")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Chrome 50-69, because some versions are broken by SameSite=None,
|
|||
// and none in this range require it.
|
|||
// Note: this covers some pre-Chromium Edge versions,
|
|||
// but pre-Chromium Edge does not require SameSite=None.
|
|||
if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
return false; |
|||
} |
|||
} |
|||
} |
|||
Binary file not shown.
@ -1,2 +0,0 @@ |
|||
{ |
|||
} |
|||
@ -1,27 +1,8 @@ |
|||
{ |
|||
"App": { |
|||
"SelfUrl": "https://localhost:44313", |
|||
"CorsOrigins": "https://*.EventHub.com,http://localhost:4200,https://localhost:44307,https://localhost:44362", |
|||
"RedirectAllowedUrls": "http://localhost:4200,https://localhost:44307" |
|||
}, |
|||
"ConnectionStrings": { |
|||
"Default": "Host=localhost;Database=EventHub;Username=root;Password=root;Port=5432" |
|||
}, |
|||
"Redis": { |
|||
"Configuration": "127.0.0.1" |
|||
}, |
|||
"StringEncryption": { |
|||
"DefaultPassPhrase": "TxVIZFPxK33czbbv" |
|||
}, |
|||
"Settings": { |
|||
"Abp.Mailing.Smtp.Host": "127.0.0.1", |
|||
"Abp.Mailing.Smtp.Port": "25", |
|||
"Abp.Mailing.Smtp.UserName": "", |
|||
"Abp.Mailing.Smtp.Password": "", |
|||
"Abp.Mailing.Smtp.Domain": "", |
|||
"Abp.Mailing.Smtp.EnableSsl": "false", |
|||
"Abp.Mailing.Smtp.UseDefaultCredentials": "true", |
|||
"Abp.Mailing.DefaultFromAddress": "noreply@abp.io", |
|||
"Abp.Mailing.DefaultFromDisplayName": "ABP application" |
|||
"Configuration": "localhost" |
|||
} |
|||
} |
|||
|
|||
@ -0,0 +1,4 @@ |
|||
FROM mcr.microsoft.com/dotnet/aspnet:5.0 |
|||
COPY bin/Release/net5.0/publish/ app/ |
|||
WORKDIR /app |
|||
ENTRYPOINT ["dotnet", "EventHub.Web.dll"] |
|||
@ -0,0 +1,71 @@ |
|||
using Microsoft.AspNetCore.Builder; |
|||
using Microsoft.AspNetCore.Http; |
|||
using Microsoft.Extensions.DependencyInjection; |
|||
|
|||
namespace EventHub.Web.Utils |
|||
{ |
|||
public static class SameSiteCookiesServiceCollectionExtensions |
|||
{ |
|||
public static IServiceCollection AddSameSiteCookiePolicy(this IServiceCollection services) |
|||
{ |
|||
services.Configure<CookiePolicyOptions>(options => |
|||
{ |
|||
options.MinimumSameSitePolicy = SameSiteMode.Unspecified; |
|||
options.OnAppendCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
options.OnDeleteCookie = cookieContext => |
|||
CheckSameSite(cookieContext.Context, cookieContext.CookieOptions); |
|||
}); |
|||
|
|||
return services; |
|||
} |
|||
|
|||
private static void CheckSameSite(HttpContext httpContext, CookieOptions options) |
|||
{ |
|||
if (options.SameSite == SameSiteMode.None) |
|||
{ |
|||
var userAgent = httpContext.Request.Headers["User-Agent"].ToString(); |
|||
if (!httpContext.Request.IsHttps || DisallowsSameSiteNone(userAgent)) |
|||
{ |
|||
// For .NET Core < 3.1 set SameSite = (SameSiteMode)(-1)
|
|||
options.SameSite = SameSiteMode.Unspecified; |
|||
} |
|||
} |
|||
} |
|||
|
|||
private static bool DisallowsSameSiteNone(string userAgent) |
|||
{ |
|||
// Cover all iOS based browsers here. This includes:
|
|||
// - Safari on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - WkWebview on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// - Chrome on iOS 12 for iPhone, iPod Touch, iPad
|
|||
// All of which are broken by SameSite=None, because they use the iOS networking stack
|
|||
if (userAgent.Contains("CPU iPhone OS 12") || userAgent.Contains("iPad; CPU OS 12")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Mac OS X based browsers that use the Mac OS networking stack. This includes:
|
|||
// - Safari on Mac OS X.
|
|||
// This does not include:
|
|||
// - Chrome on Mac OS X
|
|||
// Because they do not use the Mac OS networking stack.
|
|||
if (userAgent.Contains("Macintosh; Intel Mac OS X 10_14") && |
|||
userAgent.Contains("Version/") && userAgent.Contains("Safari")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
// Cover Chrome 50-69, because some versions are broken by SameSite=None,
|
|||
// and none in this range require it.
|
|||
// Note: this covers some pre-Chromium Edge versions,
|
|||
// but pre-Chromium Edge does not require SameSite=None.
|
|||
if (userAgent.Contains("Chrome/5") || userAgent.Contains("Chrome/6")) |
|||
{ |
|||
return true; |
|||
} |
|||
|
|||
return false; |
|||
} |
|||
} |
|||
} |
|||
@ -1,3 +0,0 @@ |
|||
{ |
|||
|
|||
} |
|||
Some files were not shown because too many files changed in this diff
Loading…
Reference in new issue