Identity Server - Dockerization - Part 1

• Identity Server - Example
• Identity Server - EF to PostgreSQL
• Identity Server - Dockerization (1)
• Identity Server - Dockerization (2)
• Identity Server - Kubernetes

This example is for local (dev) environment, not for production environment

In Docker branch (based on PostgreSQL branch), all the components will be containerized, and the whole solution can be started using docker-compose.

The challenge of dockerizing this solution is issuing self-signed certificate, so that containers can talk with each other via HTTPS. PowerShell New-SelfSignedCertificate can issue certificate, however, Linux container won’t trust it. openssl (from WSL2) is used to generate certificate.

1. Add Docker Compose for each project
   • Right click on project in Visual Studio > Add > Container Orchestrator Support…
   • It will generate Dockerfile for each project
   • It will generate docker-compose.yml and docker-compose.override.yml at the root
2. Merge PostgreSQL docker-compose into the main one

   version: '3.4'
   
   services:
     client:
       image: ${DOCKER_REGISTRY-}client
       build:
         context: .
         dockerfile: Client/Dockerfile
   
     api:
       image: ${DOCKER_REGISTRY-}api
       build:
         context: .
         dockerfile: API/Dockerfile
   
     is4:
       image: ${DOCKER_REGISTRY-}is4
       build:
         context: .
         dockerfile: IdentityProvider/Dockerfile
       depends_on:
         - "db"
   
     db:
       image: postgres:latest
       restart: always
       ports:
         - 5432:5432
       environment:
         POSTGRES_PASSWORD: P@ssword!
         POSTGRES_DB: IS4Database 
   
     adminer:
       image: adminer
       restart: always
       ports:
         - 8080:8080
   

   NOTE: Add depends_on in Identity Server (is4) service to provision after PostgreSQL service.

3. Generate certificate to support HTTPS

   dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p P@ssword!
   dotnet dev-certs https --trust
   

   NOTE: The certificate generated by dotnet dev-certs can ONLY support “localhost”

4. Update docker-compose.override.yml to update environment variables and volumes

   is4:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
       - ASPNETCORE_URLS=https://+:443;http://+:80
       - ASPNETCORE_Kestrel__Certificates__Default__Password=P@ssword!
       - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
     volumes:
       - ~/.aspnet/https:/https:ro
   

   NOTE: Client and API will share the same certificate by using the same Kestrel environment variables and volumes

5. Update docker-compose.override.yml to map ports
   • Client - 5002:443
   • API - 5001: 443
   • Identity Server - 5000: 443

   Identity Server part:

   is4:
     environment:
       - ASPNETCORE_ENVIRONMENT=Development
       - ASPNETCORE_URLS=https://+:443;http://+:80
       - ASPNETCORE_Kestrel__Certificates__Default__Password=P@ssword!
       - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
     ports:
       - 5000:443
     volumes:
       - ~/.aspnet/https:/https:ro
   

6. Run docker-compose up --build
7. Unfortunately, it will throw exceptions. Please go to Identity Server - Dockerization (2)