Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Skoruba docker run: #252

Open
messaddek opened this issue Jan 20, 2025 · 0 comments
Open

Skoruba docker run: #252

messaddek opened this issue Jan 20, 2025 · 0 comments
Assignees
@skoruba
Labels
question Further information is requested

Comments

@messaddek
Copy link

Question

I am unable to run on docker (debian)

docker-compose.yml

   version: '3.8'

services:
  admin-ui:
    image: skoruba/duende-identityserver-admin:2.5.0
    container_name: skoruba-admin-ui
    restart: unless-stopped
    environment:
      - VIRTUAL_HOST=admin-sts.bliysa.com
      - ASPNETCORE_ENVIRONMENT=Production
      - AdminConfiguration__PageTitle=IS-Admin
      - AdminConfiguration__FaviconUri=~/favicon.ico
      - AdminConfiguration__IdentityAdminRedirectUri=https://admin-sts.bliysa.com/signin-oidc
      - AdminConfiguration__IdentityServerBaseUrl=https://sts.bliysa.com
      - AdminConfiguration__IdentityAdminCookieName=IdentityServerAdmin
      - AdminConfiguration__IdentityAdminCookieExpiresUtcHours=12
      - AdminConfiguration__RequireHttpsMetadata=true
      - AdminConfiguration__TokenValidationClaimName=name
      - AdminConfiguration__TokenValidationClaimRole=role
      - AdminConfiguration__ClientId=admin.client
      - AdminConfiguration__ClientSecret=01948049-90fc-7132-96a2-d3c390c31a51
      - AdminConfiguration__OidcResponseType=code
      - AdminConfiguration__Scopes__0=openid
      - AdminConfiguration__Scopes__1=profile
      - AdminConfiguration__Scopes__2=email
      - AdminConfiguration__Scopes__3=roles
      - AdminConfiguration__AdministrationRole=Admin
      - ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - DatabaseProviderConfiguration__ProviderType=SqlServer
    depends_on:
      db:
        condition: service_healthy
    networks:
      - skoruba-network

  admin-api:
    image: skoruba/duende-identityserver-admin-api:2.5.0
    container_name: skoruba-admin-api
    restart: unless-stopped
    environment:
      - VIRTUAL_HOST=admin-api.bliysa.com
      - ASPNETCORE_ENVIRONMENT=Production
      - AdminApiConfiguration__ApiName=IS-Admin Api
      - AdminApiConfiguration__ApiVersion=v1
      - AdminApiConfiguration__ApiBaseUrl=https://admin-api.bliysa.com
      - AdminApiConfiguration__IdentityServerBaseUrl=https://sts.bliysa.com
      - AdminApiConfiguration__OidcSwaggerUIClientId=admin.client_api_swaggerui
      - AdminApiConfiguration__OidcApiName=admin.client_api
      - AdminApiConfiguration__AdministrationRole=Admin
      - AdminApiConfiguration__RequireHttpsMetadata=true
      - AdminApiConfiguration__CorsAllowAnyOrigin=false
      - AdminApiConfiguration__CorsAllowOrigins__0=https://admin-sts.bliysa.com
      - ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
    depends_on:
      db:
        condition: service_healthy
    networks:
      - skoruba-network

  sts-identity:
    image: skoruba/duende-identityserver-sts-identity:2.5.0
    container_name: skoruba-sts
    restart: unless-stopped
    environment:
      - VIRTUAL_HOST=sts.bliysa.com
      - ASPNETCORE_ENVIRONMENT=Production
      - AdminConfiguration__PageTitle=Skoruba Duende IdentityServer
      - AdminConfiguration__HomePageLogoUri=~/images/skoruba-icon.png
      - AdminConfiguration__FaviconUri=~/favicon.ico
      - AdminConfiguration__IdentityAdminBaseUrl=https://admin-sts.bliysa.com
      - AdminConfiguration__AdministrationRole=Admin
      - ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServerAdmin;User Id=sa;Password=P@8xK#mN9$$vL2^pH5qW;TrustServerCertificate=True;Timeout=30;ConnectRetryCount=3;ConnectRetryInterval=10
      - DatabaseProviderConfiguration__ProviderType=SqlServer
      - CertificateConfiguration__UseTemporarySigningKeyForDevelopment=false
      - IdentityServerOptions__Events__RaiseErrorEvents=true
      - IdentityServerOptions__Events__RaiseInformationEvents=true
      - IdentityServerOptions__Events__RaiseFailureEvents=true
      - IdentityServerOptions__Events__RaiseSuccessEvents=true
    depends_on:
      db:
        condition: service_healthy
    networks:
      - skoruba-network

  db:
    image: mcr.microsoft.com/mssql/server:2022-latest
    container_name: skoruba-db
    restart: unless-stopped
    environment:
      - ACCEPT_EULA=Y
      - MSSQL_SA_PASSWORD=P@8xK#mN9$$vL2^pH5qW
      - MSSQL_MEMORY_LIMIT_MB=2048
    volumes:
      - type: volume
        source: dbdata
        target: /var/opt/mssql
    healthcheck:
      test: /opt/mssql-tools18/bin/sqlcmd -S localhost -U sa -P "P@8xK#mN9$$vL2^pH5qW" -Q "SELECT 1" || exit 1
      interval: 30s
      timeout: 30s
      retries: 3
      start_period: 120s
    networks:
      - skoruba-network

  nginx-proxy:
    image: nginx:alpine
    container_name: nginx-proxy
    restart: unless-stopped
    ports:
      - "8080:80"
      - "8443:443"
    volumes:
      - type: bind
        source: ./nginx/conf.d
        target: /etc/nginx/conf.d
      - type: bind
        source: ./nginx/certs
        target: /etc/nginx/certs
      - type: bind
        source: /etc/letsencrypt/live
        target: /etc/letsencrypt/live
        read_only: true
      - type: bind
        source: /etc/letsencrypt/archive
        target: /etc/letsencrypt/archive
        read_only: true
    networks:
      - skoruba-network

networks:
  skoruba-network:
    driver: bridge

volumes:
  dbdata:
    driver: local

Nginx.conf on /root/skoruba-admin/nginx/conf.d/skoruba.conf:

server {
listen 80;
server_name sts.bliysa.com admin-sts.bliysa.com admin-api.bliysa.com;
return 301 https://$server_name$request_uri;
}

server {
listen 443 ssl;
server_name sts.bliysa.com;

ssl_certificate /etc/letsencrypt/live/sts.bliysa.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sts.bliysa.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
    proxy_pass http://skoruba-sts:80;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

server {
listen 443 ssl;
server_name admin-sts.bliysa.com;

ssl_certificate /etc/letsencrypt/live/admin-sts.bliysa.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin-sts.bliysa.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
    proxy_pass http://skoruba-admin-ui:80;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

server {
listen 443 ssl;
server_name admin-api.bliysa.com;

ssl_certificate /etc/letsencrypt/live/admin-api.bliysa.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/admin-api.bliysa.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;

location / {
    proxy_pass http://skoruba-admin-api:80;
    proxy_http_version 1.1;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

}

Where i am wrong ?

SSL has been created correctly
@messaddek messaddek added the question Further information is requested label Jan 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skoruba skoruba

Labels
question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@messaddek @skoruba