search

microsoft / AzureTRE

An accelerator to help organizations build Trusted Research Environments on Azure.
https://microsoft.github.io/AzureTRE
MIT License
169 stars 133 forks source link

Support custom domain on SSL certificate and App Registration redirect #4014

Open jonnyry opened 1 week ago

jonnyry commented 1 week ago

Resolves #3955

What is being addressed

Ability to:

How is this addressed

  1. Add a new parameter CUSTOM_DOMAIN in config.yaml (by default commented out).

  2. Feed the new parameter into the make auth target which adds SSO redirect URLs for the custom domain in addition to the default Azure one here:

https://github.com/microsoft/AzureTRE/blob/1ffb09baf37f4599adfd65b4259fdda7564da408/devops/scripts/aad/create_api_application.sh#L241-L246

  1. Feed the new parameter into the make letsencrypt target which when populated, generates a uploads a certificate for the custom domain instead of the cloudapp.azure.com domain. If not populated, it runs as the behaves as it does now generating a certificate for the default Azure domain.

  2. Modify Lets Encrypt GitHub Action to look for a CUSTOM_DOMAIN GH secret and pass in to the make letsencrypt flow. Again if CUSTOM_DOMAIN is present a cert is generated for it, if not it reverts to generating a cert for the default domain.

marrobi commented 1 week ago

@jonnyry So then you are changing the domain to point to the IP off the application gateway?

Would be good if you can add a section to the docs somewhere.

Will will get it tested. Thanks.

github-actions[bot] commented 1 week ago

Unit Test Results

0 tests   0 :white_check_mark:  0s :stopwatch: 0 suites  0 :zzz: 0 files    0 :x:

Results for commit cc7e4f5b.

:recycle: This comment has been updated with latest results.

jonnyry commented 1 week ago

@jonnyry So then you are changing the domain to point to the IP off the application gateway?

Yes that's right, though I used a CNAME rather than direct to the IP:

mytredomain.com CNAME mytre.region.cloudapp.azure.com

Would be good if you can add a section to the docs somewhere.

Sure happy to add a page in. @tim-allen-ck mentioned a page on custom domains that was being added, I can append to that, or add a new one if not https://github.com/microsoft/AzureTRE/issues/3955#issuecomment-2160070562

tim-allen-ck commented 1 week ago

Sure happy to add a page in. @tim-allen-ck mentioned a page on custom domains that was being added, I can append to that, or add a new one if not #3955 (comment)

I haven't made a pull request yet, so by all means go ahead and create something new, ill add those bit later

jonnyry commented 1 week ago

Sure happy to add a page in. @tim-allen-ck mentioned a page on custom domains that was being added, I can append to that, or add a new one if not #3955 (comment)

I haven't made a pull request yet, so by all means go ahead and create something new, ill add those bit later

OK, have added in commit: https://github.com/microsoft/AzureTRE/pull/4014/commits/5aea965dff0a835e1f61007bbf155cd44729020f