Security Administration¶
The administration image runs an nginx server with the static files at the root path. The static files are generated at the same time as the image. It is also prepared to be cached, so some steps could be skipped if has not been changes from previous builds.
Building the image¶
The image must be built from the root of the Sequel.Security.Admin project, not from the source root. The Dockerfile is inside the docker folder. Building the image does not require any parameters, but the version on the appsettings.json is filled from the value of package.json.
docker image build -t security/admin -f docker/Dockerfile .
There is also a SECURITY_VERSION build argument that is useful for CD pipelines to specify which is the version that is building.
Showing the right version
As mentioned before, the version in the appsettings.json file (the one inside public folder) is filled from the package.json when the image is being built. If the version showing in the web is wrong, then version in package.json should be changed to point to the right version.
Use BuildKit to build images
It is recommended to use BuildKit instead the classic build system to improve build times of the image and take advantage of advanced cache system that brings this new system.
Running the image¶
To properly run the web page, the image requires to know where the API and Authentication are located and what is the path where is located publicly the admin web. The latter is usually done when building the static files, but to allow more dynamic paths, this setting has been delegated to this step. The parameters are set using environment variables:
| var | default value | optional | description |
|---|---|---|---|
PUBLIC_URL |
/administration/ |
yes | Public URL or path prefix for the administration web. Must end with /! |
PUBLIC_API_URL |
/securityapi |
yes | Public URL or path prefix for the Security API service. Must not end with /. |
PUBLIC_AUTHENTICATION_URL |
/authentication |
yes | Public URL or path prefix for the Security Authentication service. Must not end with /. |
AUTHENTICATION_FLOW |
authorizationCode |
yes | Tells which authentication flow to use. Valid values are implicit and others (which will use authorization code). |
ROUTER_TYPE |
browser |
yes | Tells the UI which router to use. Valid values are hash and browser. Invalid values will be taken as hash. |
An example of running a container with the image pointing to the API and Authentication deployed using Visual Studio and IIS Express:
docker container run \
--rm \
-it \
-e 'PUBLIC_URL=/' \
-e 'PUBLIC_API_URL=https://localhost:44367' \
-e 'PUBLIC_AUTHENTICATION_URL=https://localhost:44343' \
-p 3000:80 \
security/admin