Add setup for HTTPS

a383a8a3 · janskoruba · 427df18e · a383a8a3 · a383a8a3 · a383a8a3
Commit a383a8a3 authored 4 years ago by janskoruba
17 changed files
--- a/.gitignore
+++ b/.gitignore
@@ -282,3 +282,5 @@ __pycache__/
 /src/Skoruba.IdentityServer4.Admin.Api/appsettings.Production.json

 appsettings.*.json
+
+/shared/nginx/certs/
\ No newline at end of file
--- a/docker-compose.dcproj
+++ b/docker-compose.dcproj
@@ -15,6 +15,9 @@
    <None Include="docker-compose.override.yml">
      <DependentUpon>docker-compose.yml</DependentUpon>
    </None>
+    <None Include="docker-compose.vs.release.yml">
+      <DependentUpon>docker-compose.yml</DependentUpon>
+    </None>
    <None Include="docker-compose.yml" />
    <None Include=".dockerignore" />
  </ItemGroup>

--- a/docker-compose.override.yml
+++ b/docker-compose.override.yml
@@ -4,23 +4,17 @@ services:
  skoruba.identityserver4.admin:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
-    ports:
-      - 9000:80
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
  
  skoruba.identityserver4.admin.api:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
-    ports:
-      - 5000:80
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

  skoruba.identityserver4.sts.identity:
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
-    ports:
-      - 80:80
    volumes:
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
--- a/docker-compose.yml
+++ b/docker-compose.yml
 version: '3.4'
-
 services:
+  nginx-proxy:
+    image: jwilder/nginx-proxy
+    container_name: nginx
+    ports:
+      - '80:80'
+      - '443:443'
+    volumes:
+      - '/var/run/docker.sock:/tmp/docker.sock:ro'
+      - './shared/nginx/vhost.d:/etc/nginx/vhost.d'
+      - './shared/nginx/certs:/etc/nginx/certs:ro'
+    networks:
+      proxy: null
+      identityserverui:
+        aliases:
+          - sts.skoruba.local
+          - admin.skoruba.local
+          - admin-api.skoruba.local
+    restart: always
  skoruba.identityserver4.admin:
-    image: ${DOCKER_REGISTRY-}skoruba-identityserver4-admin
+    image: '${DOCKER_REGISTRY-}skoruba-identityserver4-admin'
    build:
      context: .
      dockerfile: src/Skoruba.IdentityServer4.Admin/Dockerfile
    container_name: skoruba-identityserver4-admin
    environment:
-      - "ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "AdminConfiguration__IdentityAdminBaseUrl=http://127.0.0.1.xip.io:9000"
-      - "AdminConfiguration__IdentityAdminRedirectUri=http://127.0.0.1.xip.io:9000/signin-oidc"
-      - "AdminConfiguration__IdentityServerBaseUrl=http://127.0.0.1.xip.io"
-      - "AdminConfiguration__RequireHttpsMetadata=false"
-      - "IdentityServerData__Clients__0__ClientUri=http://127.0.0.1.xip.io:9000"
-      - "IdentityServerData__Clients__0__RedirectUris__0=http://127.0.0.1.xip.io:9000/signin-oidc"
-      - "IdentityServerData__Clients__0__FrontChannelLogoutUri=http://127.0.0.1.xip.io:9000/signin-oidc"
-      - "IdentityServerData__Clients__0__PostLogoutRedirectUris__0=http://127.0.0.1.xip.io:9000/signout-callback-oidc"
-      - "IdentityServerData__Clients__0__AllowedCorsOrigins__0=http://127.0.0.1.xip.io:9000"
-      - "IdentityServerData__Clients__1__RedirectUris__0=http://127.0.0.1.xip.io:5000/swagger/oauth2-redirect.html"
-      - "Serilog__WriteTo__1__Args__connectionString=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
+      - VIRTUAL_HOST=admin.skoruba.local
+      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'AdminConfiguration__IdentityAdminBaseUrl=https://admin.skoruba.local'
+      - 'AdminConfiguration__IdentityAdminRedirectUri=https://admin.skoruba.local/signin-oidc'
+      - 'AdminConfiguration__IdentityServerBaseUrl=https://sts.skoruba.local'
+      - AdminConfiguration__RequireHttpsMetadata=false
+      - 'IdentityServerData__Clients__0__ClientUri=https://admin.skoruba.local'
+      - 'IdentityServerData__Clients__0__RedirectUris__0=https://admin.skoruba.local/signin-oidc'
+      - 'IdentityServerData__Clients__0__FrontChannelLogoutUri=https://admin.skoruba.local/signin-oidc'
+      - 'IdentityServerData__Clients__0__PostLogoutRedirectUris__0=https://admin.skoruba.local/signout-callback-oidc'
+      - 'IdentityServerData__Clients__0__AllowedCorsOrigins__0=https://admin.skoruba.local'
+      - 'IdentityServerData__Clients__1__RedirectUris__0=https://admin-api.skoruba.local/swagger/oauth2-redirect.html'
+      - 'Serilog__WriteTo__1__Args__connectionString=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - DockerConfiguration__UpdateCaCertificate=true
+      - ASPNETCORE_ENVIRONMENT=Development
    command: dotnet Skoruba.IdentityServer4.Admin.dll /seed
    depends_on:
      - db
      - skoruba.identityserver4.sts.identity
    volumes:
-      - "./shared/serilog.json:/app/serilog.json"
-      - "./shared/identitydata.json:/app/identitydata.json"
-      - "./shared/identityserverdata.json:/app/identityserverdata.json"
-
+      - './shared/serilog.json:/app/serilog.json'
+      - './shared/identitydata.json:/app/identitydata.json'
+      - './shared/identityserverdata.json:/app/identityserverdata.json'
+      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
+    networks:
+      identityserverui: null
  skoruba.identityserver4.admin.api:
-    image: ${DOCKER_REGISTRY-}skoruba-identityserver4-admin-api
+    image: '${DOCKER_REGISTRY-}skoruba-identityserver4-admin-api'
    build:
      context: .
      dockerfile: src/Skoruba.IdentityServer4.Admin.Api/Dockerfile
-    environment:
-      - "AdminApiConfiguration__RequireHttpsMetadata=false"
-      - "AdminApiConfiguration__ApiBaseUrl=http://127.0.0.1.xip.io:5000"
-      - "AdminApiConfiguration__IdentityServerBaseUrl=http://127.0.0.1.xip.io"
-      - "ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
    container_name: skoruba-identityserver4-admin-api
+    environment:
+      - VIRTUAL_HOST=admin-api.skoruba.local
+      - AdminApiConfiguration__RequireHttpsMetadata=false
+      - 'AdminApiConfiguration__ApiBaseUrl=https://admin-api.skoruba.local'
+      - 'AdminApiConfiguration__IdentityServerBaseUrl=https://sts.skoruba.local'
+      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__AdminLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__AdminAuditLogDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - DockerConfiguration__UpdateCaCertificate=true
+      - ASPNETCORE_ENVIRONMENT=Development
    volumes:
-      - "./shared/serilog.json:/app/serilog.json"
-
+      - './shared/serilog.json:/app/serilog.json'
+      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
+    networks:
+      identityserverui: null
  skoruba.identityserver4.sts.identity:
-    image: ${DOCKER_REGISTRY-}skoruba-identityserver4-sts-identity
+    image: '${DOCKER_REGISTRY-}skoruba-identityserver4-sts-identity'
    build:
      context: .
      dockerfile: src/Skoruba.IdentityServer4.STS.Identity/Dockerfile
    container_name: skoruba-identityserver4-sts-identity
    environment:
-      - "ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true"
-      - "AdminConfiguration__IdentityAdminBaseUrl=http://127.0.0.1.xip.io:9000"
+      - VIRTUAL_HOST=sts.skoruba.local
+      - 'ConnectionStrings__ConfigurationDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__PersistedGrantDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__IdentityDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'ConnectionStrings__DataProtectionDbConnection=Server=db;Database=IdentityServer4Admin;User Id=sa;Password=${DB_PASSWORD:-Password_123};MultipleActiveResultSets=true'
+      - 'AdminConfiguration__IdentityAdminBaseUrl=https://admin.skoruba.local'
+      - 'AdvancedConfiguration__PublicOrigin=https://sts.skoruba.local'
+      - 'AdvancedConfiguration__IssuerUri=https://sts.skoruba.local'
+      - DockerConfiguration__UpdateCaCertificate=true
+      - ASPNETCORE_ENVIRONMENT=Development
    depends_on:
      - db
    volumes:
-      - "./shared/serilog.json:/app/serilog.json"
+      - './shared/serilog.json:/app/serilog.json'
+      - './shared/nginx/certs/cacerts.crt:/usr/local/share/ca-certificates/cacerts.crt'
    networks:
-      default:
+      identityserverui:
        aliases:
-          - 127.0.0.1.xip.io
+          - sts.skoruba.local
  db:
-    image: "mcr.microsoft.com/mssql/server"
+    image: 'mcr.microsoft.com/mssql/server:2017-CU20-ubuntu-16.04'
    ports:
-      - 1433:1433
+      - '7900:1433'
    container_name: skoruba-identityserver4-db
    environment:
-      SA_PASSWORD: "${DB_PASSWORD:-Password_123}"
-      ACCEPT_EULA: "Y"
+      SA_PASSWORD: '${DB_PASSWORD:-Password_123}'
+      ACCEPT_EULA: 'Y'
    volumes:
-      - dbdata:/var/opt/mssql
-
+      - 'dbdata:/var/opt/mssql'
+    networks:
+      identityserverui: null
 volumes:
  dbdata:
    driver: local
-
 networks:
-  default:
-    driver: bridge
\ No newline at end of file
+  proxy:
+    driver: bridge
+  identityserverui:
+    driver: bridge
--- a/shared/identityserverdata.json
+++ b/shared/identityserverdata.json
@@ -81,24 +81,25 @@
      {
        "ClientId": "skoruba_identity_admin",
        "ClientName": "skoruba_identity_admin",
-        "ClientUri": "http://localhost:9000",
+        "ClientUri": "https://admin.skoruba.local",
        "AllowedGrantTypes": [
-          "hybrid"
+          "authorization_code"
        ],
+        "RequirePkce": true,
        "ClientSecrets": [
          {
            "Value": "skoruba_admin_client_secret"
          }
        ],
        "RedirectUris": [
-          "http://localhost:9000/signin-oidc"
+          "https://admin.skoruba.local/signin-oidc"
        ],
-        "FrontChannelLogoutUri": "http://localhost:9000/signout-oidc",
+        "FrontChannelLogoutUri": "https://admin.skoruba.local/signout-oidc",
        "PostLogoutRedirectUris": [
-          "http://localhost:9000/signout-callback-oidc"
+          "https://admin.skoruba.local/signout-callback-oidc"
        ],
        "AllowedCorsOrigins": [
-          "http://localhost:9000"
+          "https://admin.skoruba.local"
        ],
        "AllowedScopes": [
          "openid",
@@ -114,13 +115,12 @@
          "implicit"
        ],
        "RedirectUris": [
-          "http://localhost:5001/swagger/oauth2-redirect.html"
+          "https://admin-api.skoruba.local/swagger/oauth2-redirect.html"
        ],
        "AllowedScopes": [
          "skoruba_identity_admin_api"
        ],
        "AllowAccessTokensViaBrowser": true
-
      }
    ]
  }

--- a/shared/nginx/vhost.d/admin.skoruba.local_location
+++ b/shared/nginx/vhost.d/admin.skoruba.local_location
+    proxy_buffer_size          128k;
+    proxy_buffers              4 256k;
+    proxy_busy_buffers_size    256k;
\ No newline at end of file
--- a/shared/nginx/vhost.d/sts.skoruba.local_location
+++ b/shared/nginx/vhost.d/sts.skoruba.local_location
+    proxy_buffer_size          128k;
+    proxy_buffers              4 256k;
+    proxy_busy_buffers_size    256k;
\ No newline at end of file
--- a/src/Skoruba.IdentityServer4.Admin.Api/Program.cs
+++ b/src/Skoruba.IdentityServer4.Admin.Api/Program.cs
@@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Hosting;
 using Serilog;
+using Skoruba.IdentityServer4.Shared.Helpers;

 namespace Skoruba.IdentityServer4.Admin.Api
 {
@@ -18,6 +19,8 @@ namespace Skoruba.IdentityServer4.Admin.Api
                .CreateLogger();
            try
            {
+                DockerHelpers.ApplyDockerConfiguration(configuration);
+
                CreateHostBuilder(args).Build().Run();
            }
            catch (Exception ex)

--- a/src/Skoruba.IdentityServer4.Admin/Helpers/StartupHelpers.cs
+++ b/src/Skoruba.IdentityServer4.Admin/Helpers/StartupHelpers.cs
@@ -166,10 +166,15 @@ namespace Skoruba.IdentityServer4.Admin.Helpers
        /// <param name="app"></param>
        public static void UseSecurityHeaders(this IApplicationBuilder app)
        {
-            app.UseForwardedHeaders(new ForwardedHeadersOptions()
+            var forwardingOptions = new ForwardedHeadersOptions()
            {
-                ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
-            });
+                ForwardedHeaders = ForwardedHeaders.All
+            };
+
+            forwardingOptions.KnownNetworks.Clear();
+            forwardingOptions.KnownProxies.Clear();
+
+            app.UseForwardedHeaders(forwardingOptions);

            app.UseXXssProtection(options => options.EnabledWithBlockMode());
            app.UseXContentTypeOptions();
@@ -350,6 +355,11 @@ namespace Skoruba.IdentityServer4.Admin.Helpers
        public static void AddAuthenticationServices<TContext, TUserIdentity, TUserIdentityRole>(this IServiceCollection services, AdminConfiguration adminConfiguration)
            where TContext : DbContext where TUserIdentity : class where TUserIdentityRole : class
        {
+            services.Configure<ForwardedHeadersOptions>(options =>
+            {
+                options.ForwardedHeaders = ForwardedHeaders.All;
+            });
+
            services.Configure<CookiePolicyOptions>(options =>
            {
                options.MinimumSameSitePolicy = SameSiteMode.Unspecified;
@@ -381,9 +391,6 @@ namespace Skoruba.IdentityServer4.Admin.Helpers
                        options =>
                        {
                            options.Cookie.Name = adminConfiguration.IdentityAdminCookieName;
-
-                            // Issue: https://github.com/aspnet/Announcements/issues/318
-                            options.Cookie.SameSite = SameSiteMode.None;
                        })
                    .AddOpenIdConnect(AuthenticationConsts.OidcAuthenticationScheme, options =>
                    {

--- a/src/Skoruba.IdentityServer4.Admin/Program.cs
+++ b/src/Skoruba.IdentityServer4.Admin/Program.cs
@@ -9,6 +9,8 @@ using Serilog;
 using Skoruba.IdentityServer4.Admin.EntityFramework.Shared.DbContexts;
 using Skoruba.IdentityServer4.Admin.EntityFramework.Shared.Entities.Identity;
 using Skoruba.IdentityServer4.Admin.Helpers;
+using Skoruba.IdentityServer4.Shared.Configuration.Common;
+using Skoruba.IdentityServer4.Shared.Helpers;

 namespace Skoruba.IdentityServer4.Admin
 {
@@ -26,6 +28,8 @@ namespace Skoruba.IdentityServer4.Admin

            try
            {
+                DockerHelpers.ApplyDockerConfiguration(configuration);
+
                var seed = args.Any(x => x == SeedArgs);
                if (seed) args = args.Except(new[] { SeedArgs }).ToArray();

@@ -52,7 +56,7 @@ namespace Skoruba.IdentityServer4.Admin
                Log.CloseAndFlush();
            }
        }
-        
+
        private static IConfiguration GetConfiguration(string[] args)
        {
            var environment = Environment.GetEnvironmentVariable("ASPNETCORE_ENVIRONMENT");

--- a/src/Skoruba.IdentityServer4.Admin/appsettings.json
+++ b/src/Skoruba.IdentityServer4.Admin/appsettings.json
 {
-  "ConnectionStrings": {
-    "ConfigurationDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
-    "PersistedGrantDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
-    "IdentityDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
-    "AdminLogDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
-    "AdminAuditLogDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
-    "DataProtectionDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true"
-  },
-  "DatabaseProviderConfiguration": {
-    "ProviderType": "SqlServer"
-  },
-  "AdminConfiguration": {
-    "PageTitle": "Skoruba IdentityServer4 Admin",
-    "FaviconUri": "/favicon.ico",
-    "IdentityAdminRedirectUri": "https://localhost:44303/signin-oidc",
-    "IdentityServerBaseUrl": "https://localhost:44310",
-    "IdentityAdminCookieName": "IdentityServerAdmin",
-    "IdentityAdminCookieExpiresUtcHours": 12,
-    "RequireHttpsMetadata": false,
-    "TokenValidationClaimName": "name",
-    "TokenValidationClaimRole": "role",
-    "ClientId": "skoruba_identity_admin",
-    "ClientSecret": "skoruba_admin_client_secret",
-    "OidcResponseType": "code id_token",
-    "Scopes": [
-      "openid",
-      "profile",
-      "email",
-      "roles"
-    ],
-    "AdministrationRole": "SkorubaIdentityAdminAdministrator"
-  },
-  "AuditLoggingConfiguration": {
-    "Source": "IdentityServer.Admin.Web",
-    "SubjectIdentifierClaim": "sub",
-    "SubjectNameClaim": "name",
-    "IncludeFormVariables": false
-  },
-  "CultureConfiguration": {
-    "Cultures": [],
-    "DefaultCulture": null
-  }
+    "ConnectionStrings": {
+        "ConfigurationDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
+        "PersistedGrantDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
+        "IdentityDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
+        "AdminLogDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
+        "AdminAuditLogDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true",
+        "DataProtectionDbConnection": "Server=(localdb)\\mssqllocaldb;Database=IdentityServer4Admin;Trusted_Connection=True;MultipleActiveResultSets=true"
+    },
+    "DatabaseProviderConfiguration": {
+        "ProviderType": "SqlServer"
+    },
+    "AdminConfiguration": {
+        "PageTitle": "Skoruba IdentityServer4 Admin",
+        "FaviconUri": "/favicon.ico",
+        "IdentityAdminRedirectUri": "https://localhost:44303/signin-oidc",
+        "IdentityServerBaseUrl": "https://localhost:44310",
+        "IdentityAdminCookieName": "IdentityServerAdmin",
+        "IdentityAdminCookieExpiresUtcHours": 12,
+        "RequireHttpsMetadata": false,
+        "TokenValidationClaimName": "name",
+        "TokenValidationClaimRole": "role",
+        "ClientId": "skoruba_identity_admin",
+        "ClientSecret": "skoruba_admin_client_secret",
+        "OidcResponseType": "code",
+        "Scopes": [
+            "openid",
+            "profile",
+            "email",
+            "roles"
+        ],
+        "AdministrationRole": "SkorubaIdentityAdminAdministrator"
+    },
+    "AuditLoggingConfiguration": {
+        "Source": "IdentityServer.Admin.Web",
+        "SubjectIdentifierClaim": "sub",
+        "SubjectNameClaim": "name",
+        "IncludeFormVariables": false
+    },
+    "CultureConfiguration": {
+        "Cultures": [],
+        "DefaultCulture": null
+    }
 }
\ No newline at end of file
--- a/src/Skoruba.IdentityServer4.STS.Identity/Configuration/AdvancedConfiguration.cs
+++ b/src/Skoruba.IdentityServer4.STS.Identity/Configuration/AdvancedConfiguration.cs
-using System;
-using System.Collections.Generic;
-using System.Linq;
-using System.Threading.Tasks;
-
-namespace Skoruba.IdentityServer4.STS.Identity.Configuration
+namespace Skoruba.IdentityServer4.STS.Identity.Configuration
 {
    public class AdvancedConfiguration
    {
        public string PublicOrigin { get; set; }
+
+        public string IssuerUri { get; set; }
    }
 }
--- a/src/Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs
+++ b/src/Skoruba.IdentityServer4.STS.Identity/Helpers/StartupHelpers.cs
@@ -146,7 +146,7 @@ namespace Skoruba.IdentityServer4.STS.Identity.Helpers
            where TDataProtectionDbContext : DbContext, IDataProtectionKeyContext
        {
            var databaseProvider = configuration.GetSection(nameof(DatabaseProviderConfiguration)).Get<DatabaseProviderConfiguration>();
-            
+
            var identityConnectionString = configuration.GetConnectionString(ConfigurationConsts.IdentityDbConnectionStringKey);
            var configurationConnectionString = configuration.GetConnectionString(ConfigurationConsts.ConfigurationDbConnectionStringKey);
            var persistedGrantsConnectionString = configuration.GetConnectionString(ConfigurationConsts.PersistedGrantDbConnectionStringKey);
@@ -314,7 +314,14 @@ namespace Skoruba.IdentityServer4.STS.Identity.Helpers
                    options.Events.RaiseSuccessEvents = true;

                    if (!string.IsNullOrEmpty(advancedConfiguration.PublicOrigin))
+                    {
                        options.PublicOrigin = advancedConfiguration.PublicOrigin;
+                    }
+
+                    if (!string.IsNullOrEmpty(advancedConfiguration.IssuerUri))
+                    {
+                        options.IssuerUri = advancedConfiguration.IssuerUri;
+                    }
                })
                .AddConfigurationStore<TConfigurationDbContext>()
                .AddOperationalStore<TPersistedGrantDbContext>()
@@ -379,7 +386,7 @@ namespace Skoruba.IdentityServer4.STS.Identity.Helpers
            where TDataProtectionDbContext : DbContext, IDataProtectionKeyContext
        {
            var configurationDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.ConfigurationDbConnectionStringKey);
-            var persistedGrantsDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.PersistedGrantDbConnectionStringKey);            
+            var persistedGrantsDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.PersistedGrantDbConnectionStringKey);
            var identityDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.IdentityDbConnectionStringKey);
            var dataProtectionDbConnectionString = configuration.GetConnectionString(ConfigurationConsts.DataProtectionDbConnectionStringKey);


--- a/src/Skoruba.IdentityServer4.STS.Identity/Program.cs
+++ b/src/Skoruba.IdentityServer4.STS.Identity/Program.cs
@@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Hosting;
 using Microsoft.Extensions.Configuration;
 using Microsoft.Extensions.Hosting;
 using Serilog;
+using Skoruba.IdentityServer4.Shared.Helpers;

 namespace Skoruba.IdentityServer4.STS.Identity
 {
@@ -18,6 +19,8 @@ namespace Skoruba.IdentityServer4.STS.Identity
                .CreateLogger();
            try
            {
+                DockerHelpers.ApplyDockerConfiguration(configuration);
+
                CreateHostBuilder(args).Build().Run();
            }
            catch (Exception ex)

--- a/src/Skoruba.IdentityServer4.Shared/Configuration/Common/DockerConfiguration.cs
+++ b/src/Skoruba.IdentityServer4.Shared/Configuration/Common/DockerConfiguration.cs
+namespace Skoruba.IdentityServer4.Shared.Configuration.Common
+{
+    public class DockerConfiguration
+    {
+        public bool UpdateCaCertificate { get; set; } = false;
+    }
+}
\ No newline at end of file
--- a/src/Skoruba.IdentityServer4.Shared/Helpers/DockerHelpers.cs
+++ b/src/Skoruba.IdentityServer4.Shared/Helpers/DockerHelpers.cs
+using Microsoft.Extensions.Configuration;
+using Skoruba.IdentityServer4.Shared.Configuration.Common;
+
+namespace Skoruba.IdentityServer4.Shared.Helpers
+{
+    public class DockerHelpers
+    {
+        public static void UpdateCaCertificates()
+        {
+            "update-ca-certificates".Bash();
+        }
+
+        public static void ApplyDockerConfiguration(IConfiguration configuration)
+        {
+            var dockerConfiguration = configuration.GetSection(nameof(DockerConfiguration)).Get<DockerConfiguration>();
+
+            if (dockerConfiguration.UpdateCaCertificate)
+            {
+                UpdateCaCertificates();
+            }
+        }
+    }
+}
\ No newline at end of file
--- a/src/Skoruba.IdentityServer4.Shared/Helpers/ShellHelpers.cs
+++ b/src/Skoruba.IdentityServer4.Shared/Helpers/ShellHelpers.cs
+using System.Diagnostics;
+using System.IO;
+
+namespace Skoruba.IdentityServer4.Shared.Helpers
+{
+    public static class ShellHelpers
+    {
+        public static string Bash(this string cmd)
+        {
+            var escapedArgs = cmd.Replace("\"", "\\\"");
+            if (File.Exists("/bin/bash"))
+            {
+                var process = new Process()
+                {
+                    StartInfo = new ProcessStartInfo
+                    {
+                        FileName = "/bin/bash",
+                        Arguments = $"-c \"{escapedArgs}\"",
+                        RedirectStandardOutput = true,
+                        UseShellExecute = false,
+                        CreateNoWindow = true,
+                    }
+                };
+                process.Start();
+                var result = process.StandardOutput.ReadToEnd();
+                process.WaitForExit();
+                return result;
+            }
+            return string.Empty;
+        }
+    }
+}
\ No newline at end of file