Deploy a Webapp on Google CloudRun
Demo: Auth Authz - Cloud Run
https://cloud.google.com/run/docs/overview/what-is-cloud-run
Prepare and make sure all services work at localhost
Open up service providers
- GCP Credentials
- GCP CloudRun
- AWS Cognito
Make sure all credentials are correct
appsettings.json (MetadataAddress, CognitoDomain)
user-secrets
dotnet user-secrets init dotnet user-secrets list dotnet user-secrets set "Authentication:Cognito:ClientId" "COGNITO_CLIENT_ID_GOES_HERE" dotnet user-secrets set "Authentication:Google:ClientId" "GOOGLE_CLIENT_ID_GOES_HERE" dotnet user-secrets set "Authentication:Google:ClientSecret" "GOOGLE_CLIENT_SECRET_GOES_HERE"
Run the app locally with https:
dotnet run --launch-profile httpsdotnet run --urls "https://localhost:5001"
Check-in and push the repo to Github
Adjust the code to work behind a reverse proxy
Configure ForwardedHeaders middleware in
Program.cs/Program.cs... using Microsoft.AspNetCore.HttpOverrides; ... builder.Services.Configure<ForwardedHeadersOptions>(options => { options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto; options.KnownNetworks.Clear(); options.KnownProxies.Clear(); }); ... app.UseForwardedHeaders(); ...
Adjust the code to work on Google CloudRun
Optional: GCP sets an environment variable PORT. An alternative is to set the ASPNETCORE_URLS to the same port.
Make it possible to set the port through an environment variable in
Program.cs. Google Cloud Run uses this to route traffic to the application running inside a container in the service/Program.cs... // Use the PORT environment variable to configure the application to listen on a specific port. var port = Environment.GetEnvironmentVariable("PORT") ?? ""; if (!string.IsNullOrEmpty(port)) { app.Urls.Add($"http://*:{port}"); } ...
Setup Google Cloud Run
Go to Cloud Run
Create Service
Select Continuously deploy new revisions from a source repository
Press the button: SET UP WITH CLOUD BUILD
Select Github as Repository Provider
Select Repository -> Next
- Here you might need to install a plugin on Github - follow the instructions in Manage connected repositories
Select the Branch
Select Build Type Google Cloud’s buildpacks -> Save
- Go, Node.js, Python, Java, .NET Core, Ruby or PHP via Google Cloud’s buildpacks
Enter a Service name (same as git repo or similar)
Select Region (Finland)
Select Allow unauthenticated invocations
Expand Container, Networking, Security
Press the button + ADD VARIABLE and enter the secrets
Authentication__Google__ClientSecret Authentication__Google__ClientId Authentication__Cognito__ClientId ASPNETCORE_URLS=http://*:5000Go to the NETWORKING tab
Select Session affinity
Press CREATE
Note the URL for the Cloud Run app: https://authdemo2-7v7mzttyba-lz.a.run.app
You need this later
Verify that the application runs properly by pasting the URL into a browser. (The Google and Cognito Login will not work yet)
Update the Google Credentials configuration
Go to the Google Credentials service
Press + ADD URI under Authorized redirect URIs
https://authdemo2-7v7mzttyba-lz.a.run.app/signin-google
Save
Open a new private browser window
- Try the Login with Google on the login page (logout will not work properly yet)
Update the AWS Cognito configuration
Go to the AWS Cognito service
Choose User pools and select your pool
Go to the tab App integration and then all the way to the bottom select your App client
Press Edit in the Hosted UI section
Press the button Add another URL under Allowed callback URLs
https://authdemo2-7v7mzttyba-lz.a.run.app/signin-oidc
Press the button Add another URL under Allowed sign-out URLs
https://authdemo2-7v7mzttyba-lz.a.run.app/
Press Save changes
Open a new private browser window
- Try the Login with Google and Login with Cognito on the login page