Deployment documents improvements

[hikalkan]

We've created notes for development. See all: https://docs.abp.io/en/abp/7.0/Deployment/Index I've created this issue to collect more notes to add to these documents.

We can add these:

• OpenIddict configuration
• Database connection string
• Domain names of the target website (change all localhost)
• Developers also need to configure the certificate of AuthServer (AddDevelopmentEncryptionAndSigningCertificate for openiddict AddDeveloperSigningCredential for Identity Server)
• UI specific configuration and things to do (Angular, MVC, Blazor, React Native, MAUI, etc)
• Data protection keys (redis config)
• MongoDB ACID support
• See https://support.abp.io/QA/Questions/5064#answer-3a0b5997-12c1-b2b5-2b18-9ab9db9e8295

[maliming]

OpenIddict configuration

Developers need to configure the certificate of `AuthServer.

• AddDevelopmentEncryptionAndSigningCertificate for openiddict by default. https://documentation.openiddict.com/configuration/encryption-and-signing-credentials.html
• AddDeveloperSigningCredential for Identity Server by default.
  https://identityserver4.readthedocs.io/en/latest/topics/startup.html#refstartupkeymaterial https://identityserver4.readthedocs.io/en/latest/topics/crypto.html

[ahmednfwela]

@maliming is this the reason why users need to re-login after each server deployment ?

[maliming]

@ahmednfwela

Can you explain it in detail?

[ahmednfwela]

@maliming I deploy my server on google cloud run using a docker image (with no volumes configured). so on each time I deploy the Auth Server, the old certificates that were used are lost and replaced by new ones. So when old users (using refresh tokens made by the old certificate) try to request a new access token, they get this error:

{
  "error": "invalid_grant",
  "error_description": "The specified token is invalid.",
  "error_uri":"https://documentation.openiddict.com/errors/ID2004"
}

making them have to re-login

[maliming]

hi https://github.com/abpframework/abp/blob/08034310b15e9056c019403f500a507e2b4efbdd/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs#L86 https://github.com/abpframework/abp/blob/08034310b15e9056c019403f500a507e2b4efbdd/modules/openiddict/app/OpenIddict.Demo.Server/OpenIddictServerModule.cs#L91

[omer-repo]

Hi,

1) I'm making initial migrations in localhost. So all URLs would be localhost that should be in database also. I need to change them manually for the first deployment:

IdentityServer:

[dbo].[IdentityServerClientCorsOrigins].[Origin]
[dbo].[IdentityServerClientPostLogoutRedirectUris].[PostLogoutRedirectUri]
[dbo].[IdentityServerClientRedirectUris].[RedirectUri]

OpenIddict:

[dbo].[OpenIddictApplications].PostLogoutRedirectUris
[dbo].[OpenIddictApplications].RedirectUris
[dbo].[OpenIddictApplications].ClientUri

2) For the similar reasons as 1, I'm using generally default secret keys. So, it may be a bit complicated to change them in the production database. (https://support.abp.io/QA/Questions/441/About-changing-client-secrets)

3) If I deploy Host project to IIS, I need to make change about WebDav. Otherwise PUT and DELETE requests don't work: Web.config

  <modules runAllManagedModulesForAllRequests="false">
  <remove name="WebDAVModule" /> 

4) After migrating from IdentityServer to OpenIddict I had to set "Load User Profile" setting to true in IIS (in Application Pool=> Advanced Settings)

5) Although it is standard procedure, it may be good to mention about that in Deployment docs. Developers must edit URLs in appsettings.json files both in Host and UI. For me, HostFolder\appsettings.json and BlazorFolder\wwwroot\appsettings.json