Identityserver4.admin: Admin ver. 1.0.0 on Docker for Windows: The SSL connection could not be established, see inner exception

Created on 5 Apr 2021  路  5Comments  路  Source: skoruba/IdentityServer4.Admin

Hi Skoruba, and thanks for this administration tool which I find very interesting. Using IdentityServer4.Admin on Docker for Windows on my computer, the Security Tocken Service (STS) works fine, but when I have to go to the Admin UI I get the following error:

[2021-04-05T09:02:31.9690277+00:00][INFO][18][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://admin.skoruba.local/  
[2021-04-05T09:02:32.1817717+00:00][INFO][18][Microsoft.AspNetCore.Authorization.DefaultAuthorizationService] Authorization failed.
[2021-04-05T09:02:32.3896480+00:00][EROR][22][Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware] An unhandled exception has occurred while executing the request.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

I state that I have followed all the indications of the README.md file, I have also created the certificates with MkCert, and if I do not use Docker everything works correctly.
The problem only occurs when I want to access the Admin UI by starting the solution with Docker.

Can you please help me? Thanks. Below is the log:

==> /dev/null <==
tail: cannot open 'dotnet' for reading: No such file or directory
tail: cannot open 'Skoruba.IdentityServer4.Admin.dll' for reading: No such file or directory
tail: cannot open '/seed' for reading: No such file or directory
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 3.1.6 initialized 'IdentityServerConfigurationDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer 
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 3.1.6 initialized 'IdentityServerPersistedGrantDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer 
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 3.1.6 initialized 'AdminIdentityDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer 
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 3.1.6 initialized 'AdminLogDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer 
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 3.1.6 initialized 'AdminAuditLogDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer 
info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
      Entity Framework Core 3.1.6 initialized 'IdentityServerDataProtectionDbContext' using provider 'Microsoft.EntityFrameworkCore.SqlServer' with options: MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer 
[2021-04-05T08:54:02.1026576+00:00][INFO][1][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"IdentityServerPersistedGrantDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:02.9042038+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("60"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:02.9584298+00:00][INFO][4][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("33"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:02.9696792+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:02.9726193+00:00][INFO][13][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.0059319+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("6"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [MigrationId], [ProductVersion]\nFROM [__EFMigrationsHistory]\nORDER BY [MigrationId];"
[2021-04-05T08:54:03.0638268+00:00][INFO][15][Microsoft.EntityFrameworkCore.Migrations] No migrations were applied. The database is already up to date.
[2021-04-05T08:54:03.0723333+00:00][INFO][15][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"AdminIdentityDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.0850709+00:00][INFO][14][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.0868892+00:00][INFO][14][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("1"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.0972914+00:00][INFO][4][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("10"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.1058234+00:00][INFO][12][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.1191563+00:00][INFO][4][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("1"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [MigrationId], [ProductVersion]\nFROM [__EFMigrationsHistory]\nORDER BY [MigrationId];"
[2021-04-05T08:54:03.1204102+00:00][INFO][4][Microsoft.EntityFrameworkCore.Migrations] No migrations were applied. The database is already up to date.
[2021-04-05T08:54:03.1214218+00:00][INFO][4][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"IdentityServerConfigurationDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.1507159+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("5"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.1541161+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.1579745+00:00][INFO][5][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.1708627+00:00][INFO][4][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("12"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.1818417+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("6"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [MigrationId], [ProductVersion]\nFROM [__EFMigrationsHistory]\nORDER BY [MigrationId];"
[2021-04-05T08:54:03.1826530+00:00][INFO][15][Microsoft.EntityFrameworkCore.Migrations] No migrations were applied. The database is already up to date.
[2021-04-05T08:54:03.1840022+00:00][INFO][15][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"AdminLogDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.1882669+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("4"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.1923056+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("1"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.1967542+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("4"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.1985097+00:00][INFO][5][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("1"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.2023682+00:00][INFO][5][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("1"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [MigrationId], [ProductVersion]\nFROM [__EFMigrationsHistory]\nORDER BY [MigrationId];"
[2021-04-05T08:54:03.2028959+00:00][INFO][5][Microsoft.EntityFrameworkCore.Migrations] No migrations were applied. The database is already up to date.
[2021-04-05T08:54:03.2043325+00:00][INFO][5][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"AdminAuditLogDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.2111498+00:00][INFO][5][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.2131778+00:00][INFO][5][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.2172920+00:00][INFO][14][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("4"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.2195669+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.2298352+00:00][INFO][14][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("1"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [MigrationId], [ProductVersion]\nFROM [__EFMigrationsHistory]\nORDER BY [MigrationId];"
[2021-04-05T08:54:03.2307516+00:00][INFO][14][Microsoft.EntityFrameworkCore.Migrations] No migrations were applied. The database is already up to date.
[2021-04-05T08:54:03.2316864+00:00][INFO][14][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"IdentityServerDataProtectionDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.2783842+00:00][INFO][14][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("46"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.2807139+00:00][INFO][15][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.2851060+00:00][INFO][12][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("3"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT 1"
[2021-04-05T08:54:03.2870770+00:00][INFO][12][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT OBJECT_ID(N'[__EFMigrationsHistory]');"
[2021-04-05T08:54:03.2979149+00:00][INFO][8][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("4"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [MigrationId], [ProductVersion]\nFROM [__EFMigrationsHistory]\nORDER BY [MigrationId];"
[2021-04-05T08:54:03.2998636+00:00][INFO][8][Microsoft.EntityFrameworkCore.Migrations] No migrations were applied. The database is already up to date.
[2021-04-05T08:54:03.3493395+00:00][INFO][8][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"IdentityServerConfigurationDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.6619130+00:00][INFO][8][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("10"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT CASE\n    WHEN EXISTS (\n        SELECT 1\n        FROM [IdentityResources] AS [i]) THEN CAST(1 AS bit)\n    ELSE CAST(0 AS bit)\nEND"
[2021-04-05T08:54:03.6749944+00:00][INFO][8][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("5"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT CASE\n    WHEN EXISTS (\n        SELECT 1\n        FROM [ApiResources] AS [a]) THEN CAST(1 AS bit)\n    ELSE CAST(0 AS bit)\nEND"
[2021-04-05T08:54:03.6883105+00:00][INFO][8][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("8"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT CASE\n    WHEN EXISTS (\n        SELECT 1\n        FROM [Clients] AS [c]) THEN CAST(1 AS bit)\n    ELSE CAST(0 AS bit)\nEND"
[2021-04-05T08:54:03.6959662+00:00][INFO][8][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"AdminIdentityDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.7316540+00:00][INFO][4][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("17"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT CASE\n    WHEN EXISTS (\n        SELECT 1\n        FROM [Roles] AS [r]) THEN CAST(1 AS bit)\n    ELSE CAST(0 AS bit)\nEND"
[2021-04-05T08:54:03.7475352+00:00][INFO][11][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("7"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT CASE\n    WHEN EXISTS (\n        SELECT 1\n        FROM [Users] AS [u]) THEN CAST(1 AS bit)\n    ELSE CAST(0 AS bit)\nEND"
[2021-04-05T08:54:03.7838575+00:00][INFO][11][Microsoft.EntityFrameworkCore.Infrastructure] Entity Framework Core "3.1.6" initialized '"IdentityServerDataProtectionDbContext"' using provider '"Microsoft.EntityFrameworkCore.SqlServer"' with options: "MigrationsAssembly=Skoruba.IdentityServer4.Admin.EntityFramework.SqlServer "
[2021-04-05T08:54:03.8620408+00:00][INFO][11][Microsoft.EntityFrameworkCore.Database.Command] Executed DbCommand ("2"ms) [Parameters=[""], CommandType='Text', CommandTimeout='30']"\n""SELECT [d].[Xml]\nFROM [DataProtectionKeys] AS [d]"
[2021-04-05T08:54:04.5768714+00:00][INFO][11][Microsoft.Hosting.Lifetime] Now listening on: "http://[::]:80"
[2021-04-05T08:54:04.5780166+00:00][INFO][11][Microsoft.Hosting.Lifetime] Application started. Press Ctrl+C to shut down.
[2021-04-05T08:54:04.5781778+00:00][INFO][11][Microsoft.Hosting.Lifetime] Hosting environment: "Development"
[2021-04-05T08:54:04.5782331+00:00][INFO][11][Microsoft.Hosting.Lifetime] Content root path: "/app"
[2021-04-05T09:02:31.9690277+00:00][INFO][18][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://admin.skoruba.local/  
[2021-04-05T09:02:32.1817717+00:00][INFO][18][Microsoft.AspNetCore.Authorization.DefaultAuthorizationService] Authorization failed.
[2021-04-05T09:02:32.3896480+00:00][EROR][22][Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware] An unhandled exception has occurred while executing the request.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessAuthentication(LazyAsyncResult lazyResult, CancellationToken cancellationToken)
   at System.Net.Security.SslStream.BeginAuthenticateAsClient(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken, AsyncCallback asyncCallback, Object asyncState)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_0(SslClientAuthenticationOptions arg1, CancellationToken arg2, AsyncCallback callback, Object state)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncImpl[TArg1,TArg2](Func`5 beginMethod, Func`2 endFunction, Action`1 endAction, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state, TaskCreationOptions creationOptions)
   at System.Threading.Tasks.TaskFactory.FromAsync[TArg1,TArg2](Func`5 beginMethod, Action`1 endMethod, TArg1 arg1, TArg2 arg2, Object state)
   at System.Net.Security.SslStream.AuthenticateAsClientAsync(SslClientAuthenticationOptions sslClientAuthenticationOptions, CancellationToken cancellationToken)
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
[2021-04-05T09:02:32.6972593+00:00][INFO][18][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished in 729.7314ms 500 text/html; charset=utf-8

Thanks again,
Mario

question
Source
picture mariobuonocore1

Most helpful comment

@mariobuonocore1 @ccprogetti - Thanks for reporting this issue and resolution as well, I can update readme file with this hint. 馃憤

picture skoruba on 8 Apr 2021
👍3

All 5 comments

I had the same issue on Docker Desktop for Windows. I found the problem was related on root certificare creation.

cd shared/nginx/certs
mkcert --install
copy $env:LOCALAPPDATA\mkcert\rootCA-key.pem ./cacerts.pem
copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.crt

Please note "rootCA-key.pem" instead of "rootCA.pem" used on the original documentation.

Thanks
Andrea

ccprogetti picture ccprogetti on 6 Apr 2021
👍2

Hello Andrea, thank you for the answer. I tried to regenerate the certificates and use your solution, but unfortunately the problem is still present:

[2021-04-07T08:53:59.2074941+00:00][INFO][22][Microsoft.AspNetCore.Hosting.Diagnostics] Request starting HTTP/1.1 GET http://admin.skoruba.local/  
[2021-04-07T08:53:59.2141862+00:00][INFO][22][Microsoft.AspNetCore.Authorization.DefaultAuthorizationService] Authorization failed.
[2021-04-07T08:53:59.2555717+00:00][EROR][24][Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware] An unhandled exception has occurred while executing the request.
System.InvalidOperationException: IDX20803: Unable to obtain configuration from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.IO.IOException: IDX20804: Unable to retrieve document from: '[PII is hidden. For more details, see https://aka.ms/IdentityModel/PII.]'.
 ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception.
 ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
   at System.Net.Security.SslStream.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, ExceptionDispatchInfo exception)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
   at System.Net.Security.SslStream.PartialFrameCallback(AsyncProtocolRequest asyncRequest)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Security.SslStream.ThrowIfExceptional()
   at System.Net.Security.SslStream.InternalEndProcessAuthentication(LazyAsyncResult lazyResult)
   at System.Net.Security.SslStream.EndProcessAuthentication(IAsyncResult result)
   at System.Net.Security.SslStream.EndAuthenticateAsClient(IAsyncResult asyncResult)
   at System.Net.Security.SslStream.<>c.<AuthenticateAsClientAsync>b__65_1(IAsyncResult iar)
   at System.Threading.Tasks.TaskFactory`1.FromAsyncCoreLogic(IAsyncResult iar, Func`2 endFunction, Action`1 endAction, Task`1 promise, Boolean requiresSynchronization)
--- End of stack trace from previous location where exception was thrown ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   --- End of inner exception stack trace ---
   at System.Net.Http.ConnectHelper.EstablishSslConnectionAsyncCore(Stream stream, SslClientAuthenticationOptions sslOptions, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
   at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.DiagnosticsHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
   at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.HttpDocumentRetriever.GetDocumentAsync(String address, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectConfigurationRetriever.GetAsync(String address, IDocumentRetriever retriever, CancellationToken cancel)
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   --- End of inner exception stack trace ---
   at Microsoft.IdentityModel.Protocols.ConfigurationManager`1.GetConfigurationAsync(CancellationToken cancel)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsyncInternal(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectHandler.HandleChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationHandler`1.ChallengeAsync(AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authentication.AuthenticationService.ChallengeAsync(HttpContext context, String scheme, AuthenticationProperties properties)
   at Microsoft.AspNetCore.Authorization.AuthorizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Localization.RequestLocalizationMiddleware.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.CspMiddleware.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at NWebsec.AspNetCore.Middleware.Middleware.MiddlewareBase.Invoke(HttpContext context)
   at Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware.Invoke(HttpContext context)
[2021-04-07T08:53:59.3176397+00:00][INFO][22][Microsoft.AspNetCore.Hosting.Diagnostics] Request finished in 110.2442ms 500 text/html; charset=utf-8

This is my "shared\nginx\certs" path:
C:\Skoruba.IdentityServer4\shared\nginx\certs

And this is my docker-compose.yml file (it does not change from the template file):

version: '3.4'
services:
  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx
    ports:
      - '80:80'
      - '443:443'
    volumes:
      - '/var/run/docker.sock:/tmp/docker.sock:ro'
      - './shared/nginx/vhost.d:/etc/nginx/vhost.d'
      - './shared/nginx/certs:/etc/nginx/certs:ro'
    networks:
      proxy: null
      identityserverui:
        aliases:
          - sts.skoruba.local
          - admin.skoruba.local
          - admin-api.skoruba.local
    restart: always
  skoruba.identityserver4.admin:
    image: '${DOCKER_REGISTRY-}skoruba-identityserver4-admin'
    build:
      context: .
      dockerfile: src/Skoruba.IdentityServer4.Admin/Dockerfile
    container_name: skoruba-identityserver4-admin
    environment:
      - VIRTUAL_HOST=admin.skoruba.local
      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'AdminConfiguration__IdentityAdminBaseUrl=https://admin.skoruba.local'
      - 'AdminConfiguration__IdentityAdminRedirectUri=https://admin.skoruba.local/signin-oidc'
      - 'AdminConfiguration__IdentityServerBaseUrl=https://sts.skoruba.local'
      - AdminConfiguration__RequireHttpsMetadata=false
      - 'IdentityServerData__Clients__0__ClientUri=https://admin.skoruba.local'
      - 'IdentityServerData__Clients__0__RedirectUris__0=https://admin.skoruba.local/signin-oidc'
      - 'IdentityServerData__Clients__0__FrontChannelLogoutUri=https://admin.skoruba.local/signin-oidc'
      - 'IdentityServerData__Clients__0__PostLogoutRedirectUris__0=https://admin.skoruba.local/signout-callback-oidc'
      - 'IdentityServerData__Clients__0__AllowedCorsOrigins__0=https://admin.skoruba.local'
      - 'IdentityServerData__Clients__1__RedirectUris__0=https://admin-api.skoruba.local/swagger/oauth2-redirect.html'
      - 'Serilog__WriteTo__1__Args__connectionString=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - DockerConfiguration__UpdateCaCertificate=true
      - ASPNETCORE_ENVIRONMENT=Development
    command: dotnet Skoruba.IdentityServer4.Admin.dll /seed
    depends_on:
      - db
      - skoruba.identityserver4.sts.identity
    volumes:
      - './shared/serilog.json:/app/serilog.json'
      - './shared/identitydata.json:/app/identitydata.json'
      - './shared/identityserverdata.json:/app/identityserverdata.json'
      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
    networks:
      identityserverui: null
  skoruba.identityserver4.admin.api:
    image: '${DOCKER_REGISTRY-}skoruba-identityserver4-admin-api'
    build:
      context: .
      dockerfile: src/Skoruba.IdentityServer4.Admin.Api/Dockerfile
    container_name: skoruba-identityserver4-admin-api
    environment:
      - VIRTUAL_HOST=admin-api.skoruba.local
      - AdminApiConfiguration__RequireHttpsMetadata=false
      - 'AdminApiConfiguration__ApiBaseUrl=https://admin-api.skoruba.local'
      - 'AdminApiConfiguration__IdentityServerBaseUrl=https://sts.skoruba.local'
      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - DockerConfiguration__UpdateCaCertificate=true
      - ASPNETCORE_ENVIRONMENT=Development
    volumes:
      - './shared/serilog.json:/app/serilog.json'
      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
    networks:
      identityserverui: null
  skoruba.identityserver4.sts.identity:
    image: '${DOCKER_REGISTRY-}skoruba-identityserver4-sts-identity'
    build:
      context: .
      dockerfile: src/Skoruba.IdentityServer4.STS.Identity/Dockerfile
    container_name: skoruba-identityserver4-sts-identity
    environment:
      - VIRTUAL_HOST=sts.skoruba.local
      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
      - 'AdminConfiguration__IdentityAdminBaseUrl=https://admin.skoruba.local'
      - 'AdvancedConfiguration__PublicOrigin=https://sts.skoruba.local'
      - 'AdvancedConfiguration__IssuerUri=https://sts.skoruba.local'
      - DockerConfiguration__UpdateCaCertificate=true
      - ASPNETCORE_ENVIRONMENT=Development
    depends_on:
      - db
    volumes:
      - './shared/serilog.json:/app/serilog.json'
      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
    networks:
      identityserverui:
        aliases:
          - sts.skoruba.local
  db:
    image: 'mcr.microsoft.com/mssql/server:2017-CU20-ubuntu-16.04'
    ports:
      - '7900:1433'
    container_name: skoruba-identityserver4-db
    environment:
      SA_PASSWORD: '${DB_PASSWORD:-Password_123}'
      ACCEPT_EULA: 'Y'
    volumes:
      - 'dbdata:/var/opt/mssql'
    networks:
      identityserverui: null
volumes:
  dbdata:
    driver: local
networks:
  proxy:
    driver: bridge
  identityserverui:
    driver: bridge

Maybe I have to change something in docker-compose.yml too?
Thanks in advance.

Mario

mariobuonocore1 picture mariobuonocore1 on 7 Apr 2021

Hi Andrea,
Thank you! Trying your solution again, it worked in my case too.

My further problem was that using the command:

'copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.crt'

Instead of creating a file, in my case it created a folder.

Thank you again!
Mario

mariobuonocore1 picture mariobuonocore1 on 8 Apr 2021
👍1

@mariobuonocore1 @ccprogetti - Thanks for reporting this issue and resolution as well, I can update readme file with this hint. 馃憤

skoruba picture skoruba on 8 Apr 2021
👍3

@skoruba I was trying to get local HTTPS working on MacOS, and had to make these changes:

  1. Fix: copy $env:LOCALAPPDATA\mkcert\rootCA.pem ./cacerts.pem -> copy $env:LOCALAPPDATA\mkcert\rootCA-key.pem ./cacerts.pem@ccprogetti
  2. Mod: mkcert -pkcs12 skoruba.local.pfx skoruba.local *.skoruba.local -> mkcert -pkcs12 -p12-file skoruba.local.pfx skoruba.local *.skoruba.local
  3. Issue: Admin internally calls the STS using direct container-to-container call for fetching discovery document.
    Fix involved:

    1. Setup HTTPS on STS instance of Kestrel (added these in skoruba.identityserver4.sts.identity service in docker-compose.yml):



      1. Additional environment variables (based on Microsoft docs):


        ASPNETCORE_Kestrel__Certificates__Default__Password=changeit ASPNETCORE_Kestrel__Certificates__Default__Path=/usr/local/share/certificates/certs.pfx ASPNETCORE_URLS=http://+:80;https://+:443


      2. Additional volume:


        './shared/nginx/certs/skoruba.local.pfx:/usr/local/share/certificates/certs.pfx:ro'



    2. Update CA Certificates in Admin to trust STS's (changes in skoruba.identityserver4.admin service in docker-compose.yml based on Docker docs):



      1. entrypoint: ["sh", "-c", "update-ca-certificates && dotnet Skoruba.IdentityServer4.Admin.dll /seed"]


      2. command: ["dotnet", "Skoruba.IdentityServer4.Admin.dll"]


      3. Notes:





        1. It was a hit or miss without this change. The "update-ca-certificates".Bash() was importing the certificates, but Kestrel wasn't loading them apparently.



          Opening a CLI into the container and doing "update-ca-certificates -f" twice would work though. So, I looked for a cleaner solution on my end.



        2. The solution above ensures the update-ca-certificates command is executed before kestrel fires up. It also keeps Kestrel in PID1 to allow signal pass-thru.






PS: I also made some other enhancements:

  1. Fix: FrontChannel URL: signout-oidc (this is a typo across the board in docker-compose.yml - causes clients to remain signed-in if logout is initiated in IS4)
  2. Mod: Dockerfile cleanup for better build cache usage
  3. Restructured docker-compose.yml to be the "base", with docker-compose.override.yml used for development. Additional docker-compose.prod.yml for production override with:
    docker-compose -f docker-compose.yml -f docker-compose.prod.yml

PPS: I am not sure if some of the changes (e.g. Kestrel HTTPS config) were overkill, but I couldn't get it to work properly without them. Please let me know your feedback and I can create PRs accordingly. 馃槉

fouadgm picture fouadgm on 15 Apr 2021
Was this page helpful?
0 / 5 - 0 ratings

Related issues

Mehrdad-Davoudi picture Mehrdad-Davoudi  路  4Comments
Hens94 picture Hens94  路  4Comments
saeedrahimi picture saeedrahimi  路  3Comments
gokayokutucu picture gokayokutucu  路  3Comments
xmichaelx picture xmichaelx  路  4Comments