-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Tomas Schier
committed
Sep 27, 2023
1 parent
df729ff
commit 39903e5
Showing
4 changed files
with
159 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,69 @@ | ||
# The "non-standalone" CdrAuthServer has gateways. | ||
# This image seems to only be needed for the "build-for-fapi-testing" pipeline | ||
|
||
############################################################################### | ||
# Build base layer | ||
############################################################################### | ||
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base | ||
|
||
WORKDIR /app | ||
EXPOSE 8082 | ||
|
||
ENV ASPNETCORE_ENVIRONMENT=Release | ||
|
||
|
||
############################################################################### | ||
# Build CdrAuthServer API layer | ||
############################################################################### | ||
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build | ||
WORKDIR /src | ||
COPY ./ . | ||
|
||
FROM build AS publish | ||
|
||
COPY ./CdrAuthServer.Infrastructure/. /app/CdrAuthServer.Infrastructure | ||
COPY ./CdrAuthServer.mTLS.Gateway/. /app/CdrAuthServer.mTLS.Gateway | ||
|
||
WORKDIR /app/CdrAuthServer.mTLS.Gateway | ||
RUN dotnet publish -c Release -o /app/publish/gateway-mtls | ||
|
||
COPY supervisord.gateway.mtls.conf /app/publish/supervisord.gateway.mtls.conf | ||
|
||
############################################################################### | ||
# Build final layer | ||
############################################################################### | ||
FROM base AS final | ||
WORKDIR /app | ||
|
||
# Auth API #################################################################### | ||
COPY --from=publish /app/publish/supervisord.gateway.mtls.conf . | ||
COPY --from=publish /app/publish/gateway-mtls ./gateway-mtls | ||
|
||
|
||
RUN apt-get update && apt-get install -y supervisor | ||
RUN apt-get update && apt-get install -y sudo | ||
|
||
# Install wget for use in health checks | ||
RUN apt-get update && apt-get install -y wget && rm -rf /var/lib/apt/lists/* | ||
RUN sudo cp ./gateway-mtls/Certificates/ca.crt /usr/local/share/ca-certificates/ca.crt | ||
RUN sudo update-ca-certificates | ||
|
||
# Run as non-root user | ||
RUN addgroup --group appgroup --gid 2000 | ||
RUN adduser --uid 1000 --gid 2000 "appuser" | ||
RUN chown -R appuser:appgroup /app | ||
RUN chown -R appuser:appgroup /usr/bin | ||
RUN chown -R appuser:appgroup /usr/local | ||
RUN chown -R appuser:appgroup /tmp | ||
USER appuser:appgroup | ||
|
||
ENV ASPNETCORE_URLS=https://+:8081;https://+:8082 | ||
ENV CdrAuthServer__BaseUri=https://localhost:8081 | ||
ENV CdrAuthServer__SecureBaseUri=https://localhost:8082 | ||
ENV CdrAuthServer__Issuer=https://localhost:8081 | ||
ENV CdrAuthServer__CdrRegister__SsaJwksUri=https://localhost:7000/cdr-register/v1/jwks | ||
ENV CdrAuthServer__HttpsPort=8001 | ||
|
||
|
||
# Entry point ################################################################# | ||
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/app/supervisord.gateway.mtls.conf", "-u", "1000"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
# The "non-standalone" CdrAuthServer has gateways. | ||
# This image seems to only be needed for the "build-for-fapi-testing" pipeline | ||
|
||
############################################################################### | ||
# Build base layer | ||
############################################################################### | ||
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base | ||
|
||
WORKDIR /app | ||
EXPOSE 8081 | ||
|
||
ENV ASPNETCORE_ENVIRONMENT=Release | ||
|
||
|
||
############################################################################### | ||
# Build CdrAuthServer API layer | ||
############################################################################### | ||
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build | ||
WORKDIR /src | ||
COPY ./ . | ||
|
||
FROM build AS publish | ||
|
||
COPY ./CdrAuthServer.Infrastructure/. /app/CdrAuthServer.Infrastructure | ||
COPY ./CdrAuthServer.TLS.Gateway/. /app/CdrAuthServer.TLS.Gateway | ||
|
||
WORKDIR /app/CdrAuthServer.TLS.Gateway | ||
RUN dotnet publish -c Release -o /app/publish/gateway-tls | ||
|
||
COPY supervisord.gateway.tls.conf /app/publish/supervisord.gateway.tls.conf | ||
COPY ./CdrAuthServer.mTLS.Gateway/Certificates/ca.crt /app/publish/gateway-tls/Certificates/ca.crt | ||
############################################################################### | ||
# Build final layer | ||
############################################################################### | ||
FROM base AS final | ||
WORKDIR /app | ||
|
||
# Auth API #################################################################### | ||
COPY --from=publish /app/publish/supervisord.gateway.tls.conf . | ||
COPY --from=publish /app/publish/gateway-tls ./gateway-tls | ||
|
||
RUN apt-get update && apt-get install -y supervisor | ||
RUN apt-get update && apt-get install -y sudo | ||
|
||
# Install wget for use in health checks | ||
RUN apt-get update && apt-get install -y wget && rm -rf /var/lib/apt/lists/* | ||
RUN sudo cp ./gateway-tls/Certificates/ca.crt /usr/local/share/ca-certificates/ca.crt | ||
RUN sudo update-ca-certificates | ||
|
||
# Run as non-root user | ||
RUN addgroup --group appgroup --gid 2000 | ||
RUN adduser --uid 1000 --gid 2000 "appuser" | ||
RUN chown -R appuser:appgroup /app | ||
RUN chown -R appuser:appgroup /usr/bin | ||
RUN chown -R appuser:appgroup /usr/local | ||
RUN chown -R appuser:appgroup /tmp | ||
USER appuser:appgroup | ||
|
||
ENV ASPNETCORE_URLS=https://+:8081;https://+:8082 | ||
ENV CdrAuthServer__BaseUri=https://localhost:8081 | ||
ENV CdrAuthServer__SecureBaseUri=https://localhost:8082 | ||
ENV CdrAuthServer__Issuer=https://localhost:8081 | ||
ENV CdrAuthServer__CdrRegister__SsaJwksUri=https://localhost:7000/cdr-register/v1/jwks | ||
ENV CdrAuthServer__HttpsPort=8001 | ||
|
||
|
||
# Entry point ################################################################# | ||
ENTRYPOINT ["/usr/bin/supervisord", "-c", "/app/supervisord.gateway.tls.conf", "-u", "1000"] |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
[supervisord] | ||
nodaemon=true | ||
logfile=/tmp/supervisord.log | ||
childlogdir=/tmp | ||
|
||
[program:CdrAuthServer.mTLS.Gateway] | ||
stdout_logfile=/dev/stdout | ||
stdout_logfile_maxbytes=0 | ||
directory=/app/gateway-mtls | ||
command=/usr/bin/dotnet /app/gateway-mtls/CdrAuthServer.mTLS.Gateway.dll | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
[supervisord] | ||
nodaemon=true | ||
logfile=/tmp/supervisord.log | ||
childlogdir=/tmp | ||
|
||
[program:CdrAuthServer.TLS.Gateway] | ||
stdout_logfile=/dev/stdout | ||
stdout_logfile_maxbytes=0 | ||
directory=/app/gateway-tls | ||
command=/usr/bin/dotnet /app/gateway-tls/CdrAuthServer.TLS.Gateway.dll | ||
|