Infrastructure Prerequisites
Web server and SQL server:
Environments | Web Server | SQL Server |
---|---|---|
Production |
|
|
Non-production |
|
|
Determine the DNS for each OneList environment, e.g. onelist.company.com, onelist-dev.company.com, onelist-test.company.com;
Configure reverse proxy to enable access to OneList URL's
Enable outbound firewall rules for the Web Servers to the following destinations:
Apple and Google messaging services to send mobile push notifications:
httphttps://gatewayapi.push.apple.com on portsport: 2195 and 2196443;
https://fcm.googleapis.com/fcm/send on ports: 443, 5228-5230;
https://iqx.onelistapprovals.com to retrieve the current push notification certificates;
iqxbusiness.azureacr.io to download the Docker images as required.
Installing Docker Enterprise Engine:
Provision SSL certificate:
Wildcard or site specific SSL certificate for each environment;
Key size 2048 bits;
Issued by public certificate authority;
SMTP server connection detail and dedicated or shared email address for OneList.
If the server is a VMware VM, VMware Tools must be version 11.0.6 or above.
Deployment Prerequisites
Domain user account requirements:
Local Administrator of the Web Server;
Has VPN and RDP access to the Web Server;
Define the label for the OneList environment to be deployed. This is a short label, e.g. dev, qa, prod. The first letter must be unique in all the environments planned and it is used as the suffix of the database names.
Use this value to replace the <environment> placeholder in the instructions below.
Request for login to IQX container registry;
Generate the Machine key for each environment. This is a Base64 string representing an array of 50 bytes;
Use tools like https://generate.plus/en/base64 to generate a random string of the required length.
...
Open PowerShell console as Administrator. Run 2 commands below.
Install-Module DockerMsftProvider -Force
Install-Package Docker -ProviderName DockerMsftProvider -Force
Restart server.
Install docker-compose
Run command:
Invoke-WebRequest "https://github.com/docker/compose/releases/download/1.25.0/docker-compose-Windows-x86_64.exe" -UseBasicParsing -OutFile $Env:ProgramFiles\Docker\docker-compose.exe
Prepare the deployment file
Create a new folder. Name it as the <environment> value. Download and save docker-compose.ymland.envfile to the folder.
Open the ".env" file in notepad and update the following fields with the actual value.
RoleManager__MachineKey
The value is the generated machine key (see prerequisites above).Database__ConnectionString
The value is the SQL Server connection string. The name of the databases will be automatically specified by the services.ASPNETCORE_ENVIRONMENT
The value is <environment>.Smtp__UserName
Smtp__Password
Smtp__From
This is the sender email address of notifications from OneListSmtp__Host
This is the SMTP server OneList use to send notifications.Smtp__Port
This is the port of SMTP server.Smtp__UseSsl
Define if SMTP server uses SSL connection. For Office365 SMTP service, the value is always false.Localization__DefaultCulture
The default culture. Use the code from: Supported LanguagesLocalization__DefaultTimeZone
The default time zone. The time zone id is the “TZ database name” from this page: https://en.wikipedia.org/wiki/List_of_tz_database_time_zonesrootUrl
Root URL of OneList site.
Save the ".env" file then run the command below.
When there is more than one supported culture, edit docker-compose.yml add another Localization__SupportedCultures__n entry and increase the trailing number n by 1. E.g. Localization__SupportedCultures__1.
Use the code from: Supported Languages.
Start OneList applications
...
Activate reverse proxy
Select IIS root → Open “Application Request Routing Cache”
...
Select “Server Proxy Settings”
...
Check the box “Enable Proxy”, uncheck "Reverse rewrite host in response headers" and click Apply
...
Configure URL Rewrite rules
...
Setup the OneList site
Place web.config file to root folder of the IIS site.
...
URL rewrite rules that route inbound traffic to OneList containers.
Add following request headers:
X_Forwarded_Host
X_Original_URI
X_Forwarded_Port
HTTP_X_Forwarded_Proto
Create the administrator user account
...