Use systemd in prod
This commit is contained in:
parent
3552ece27f
commit
f7bca00ec4
|
|
@ -15,6 +15,7 @@
|
|||
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
|
||||
</PackageReference>
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Proxies" Version="6.0.23" />
|
||||
<PackageReference Include="Microsoft.Extensions.Hosting.Systemd" Version="6.0.0" />
|
||||
<PackageReference Include="Microsoft.VisualStudio.Web.CodeGeneration.Design" Version="6.0.13" />
|
||||
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="6.0.22" />
|
||||
</ItemGroup>
|
||||
|
|
|
|||
|
|
@ -3,10 +3,14 @@ using Microsoft.EntityFrameworkCore;
|
|||
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
|
||||
using Microsoft.AspNetCore.Authentication.Cookies;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.CookiePolicy;
|
||||
using Microsoft.AspNetCore.HttpOverrides;
|
||||
using Microsoft.AspNetCore.Identity;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
|
||||
using NuGet.Packaging;
|
||||
using PhoneToolMX.Models;
|
||||
using System.Net;
|
||||
using System.Security.Authentication;
|
||||
using System.Security.Claims;
|
||||
|
||||
|
|
@ -19,6 +23,10 @@ options => options.UseNpgsql(builder.Configuration.GetConnectionString("DbConnec
|
|||
b => b.MigrationsAssembly("PhoneToolMX.Models")));
|
||||
builder.Services.AddDatabaseDeveloperPageExceptionFilter();
|
||||
|
||||
if (!builder.Environment.IsDevelopment()) {
|
||||
builder.Host.UseSystemd();
|
||||
}
|
||||
|
||||
builder.Services.AddIdentityCore<User>(opts =>
|
||||
{
|
||||
opts.ClaimsIdentity.UserIdClaimType = "sub";
|
||||
|
|
@ -31,6 +39,18 @@ builder.Services.AddIdentityCore<User>(opts =>
|
|||
.AddUserManager<UserManager<User>>()
|
||||
.AddEntityFrameworkStores<PTMXContext>();
|
||||
|
||||
Console.WriteLine("Testing one two");
|
||||
|
||||
var proxyConfig = builder.Configuration.GetSection("Proxies");
|
||||
if (proxyConfig?.GetSection("TrustedProxies")?.Get<IList<string>>() is {} trustedProxies) {
|
||||
Console.WriteLine("Got trusted proxies!");
|
||||
builder.Services.Configure<ForwardedHeadersOptions>(opts =>
|
||||
{
|
||||
opts.KnownProxies.AddRange(trustedProxies.Select(IPAddress.Parse));
|
||||
opts.ForwardedHeaders = ForwardedHeaders.All;
|
||||
});
|
||||
}
|
||||
|
||||
// Using OIDC
|
||||
builder.Services.AddAuthentication(opts =>
|
||||
{
|
||||
|
|
@ -81,7 +101,7 @@ builder.Services.AddAuthentication(opts =>
|
|||
}
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
// if dev, disable secure
|
||||
if (!builder.Environment.IsDevelopment()) return;
|
||||
opts.NonceCookie.SecurePolicy = CookieSecurePolicy.None;
|
||||
|
|
@ -103,6 +123,14 @@ if (!app.Environment.IsDevelopment())
|
|||
app.UseExceptionHandler("/Home/Error");
|
||||
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
|
||||
app.UseHsts();
|
||||
app.UseCookiePolicy(new CookiePolicyOptions
|
||||
{
|
||||
HttpOnly = HttpOnlyPolicy.Always,
|
||||
MinimumSameSitePolicy = SameSiteMode.Strict,
|
||||
Secure = CookieSecurePolicy.Always,
|
||||
});
|
||||
app.UseHttpsRedirection();
|
||||
app.UseForwardedHeaders();
|
||||
} else {
|
||||
app.UseDeveloperExceptionPage();
|
||||
app.UseMigrationsEndPoint();
|
||||
|
|
@ -115,7 +143,6 @@ using (var scope = app.Services.CreateScope()) {
|
|||
context.Database.EnsureCreated();
|
||||
}
|
||||
|
||||
app.UseHttpsRedirection();
|
||||
app.UseStaticFiles();
|
||||
|
||||
app.UseRouting();
|
||||
|
|
|
|||
Loading…
Reference in a new issue