Installing AdminUI

Installing AdminUI with an existing IdentityServer

If you already have a working IdentityServer installation up and running then this walkthrough is for you.

This walkthrough will take you through the entire Docker configuration process, resulting in a working environment for the IdentityExpress AdminUI, with the UI and backend API running on the same machine and targeting an existing IdentityServer. This will also include migrating your user store to the AdminUI Identity Schema.

This walkthrough will assume you already have Docker installed on your machine.

Getting the Docker Compose File

For most basic installations, we can use the Docker Compose file made available upon purchase. This would have been emailed to you after payment or at the start of your trial.

Configuring the Docker Compose File

There are multiple variables that you can configure in the compose file depending on your setup:

Ports

We can configure both the internal and external ports used in the docker containers. This is in the format of host:container. Please do not change the container port when using the compose file, however you are welcome to change the host port if your environment has any port clashes.

Environment Variables

Environment variables are also available for setting application specifics. These are set in the following format in your Docker Compose file:

environment:
      - UiUrl=http://localhost:5000
      - ApiUrl=http://localhost:5001
      - AuthorityUrl=http://ids:5003

For the api container we have:

  • DbProvider: This sets the database type you are using. Supported types and their values are:
    • SqlServer
    • MySql
    • PostreSql
  • IdentityConnectionString: The connection string for your Identity database (users)
  • IdentityServerConnectionString: The connection string for your IdentityServer database (clients, resources & grants)
  • AuthorityUrl: Url of the IdentityServer installation protecting the UI
  • UiUrl: Url of the AdminUI frontend (the idxui container)
  • RequireHttpsMetadata: Set to true or false if you want to ensure IdentityServer discovery endpoint uses TLS. Must be true for production
  • RunIdentityServerMigrations: Set to true or false if you require AdminUI to run Entity Framework migrations for IdentityServer DbContext's. This is useful if you have a new instance of IdentityServer currently without databases.
  • IdentityDatabaseToMigrateConnectionString (optional): The connection string of your existing ASP.NET Core Identity Entity Framework database that will be migrated to the database used in IdentityConnectionString (this must not be equal to IdentityConnectionString).

And for the ui container we have:

  • AuthorityUrl: Url of the IdentityServer installation protecting AdminUI
  • ApiUrl: Url of the AdminUI backend (the idxapi container)
  • UiUrl: Url of the AdminUI frontend (the idxui container)

Docker Login

Before we run the containers we have one final step: authentication.

The docker images used for Admin UI are found in a private Docker registry, which is protected by a username and password. These credentials are supplied when you purchase AdminUI.

Once you have the credentials you run:

docker login identityserverregistry.azurecr.io

Docker Compose

Now we can run the Docker Compose file using the command:

docker-compose up

This must be done in the location of the Docker Compose file or by providing the path using -f.

You should now be able to access the IdentityExpress Admin UI on http://localhost:5000.

Making Docker Public with a Reverse Proxy

To make the Docker containers public, we first need to add a web server to the mix. This web server will act as a reverse proxy, forwarding all calls to our running Docker instances. These web servers do not need to dockerized.


IIS Reverse Proxy

To setup IIS to act as a reverse proxy, there are two prerequisites that need to be installed within IIS:

  • URL Rewrite Module
  • Application Request Routing

Once these are installed we can then go to the site we want to configure and select 'URL Rewrite' found in the IIS section.

IIS Url Rewrite Module

We then need to use "Add Rule(s)...", found in the Actions section.

We can then use the Reverse proxy template, found in the Inbound and Outbound Rules section.

Reverse Proxy Rule

Now we need to set the Inbound Rule, telling IIS where to forward requests to. By default this would be http://localhost:5000. If your Docker container is running HTTPS, ensure you disable SSL Offloading, ensuring TLS is maintained.

We also need to configure an Outbound Rule, to allow IIS to return responses from our Docker container using your site URL instead of the Docker container responding directly. Here the From address needs to be the domain of you Docker container (e.g. http://localhost:5000) and the To address you sites address (e.g. api.docker.com).


Nginx Reverse Proxy

Coming Soon