6

I'm trying to create a simple ASP.NET-Core 2.1 Web App that runs in Docker and forces HTTPS.

If I don't force HTTPS, the web app runs fine in the Docker instance. If I force HTTPS, or manually try to hit the HTTPS port, I get an "unable to connect" error or something nasty, like it.

So from my understanding, I need to somehow copy the trusted self-signed dev certification from my localhost development machine over to the Docker instance.

Luckily, there are some good docs that help explain/talk about this:

But everytime I try and start the first main step -> creating a cert, I get the following errors:

C:\Users\justi>dotnet dev-certs https --clean Cleaning HTTPS development certificates from the machine. A prompt might get displayed to confirm the removal of some of the certificates. C:\Users\justi>dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\hornet.apigateway.website.public.pfx -p secretpassword A valid HTTPS certificate is already present.

But as you can see, I just tried to clean my cert store (which I did get asked to confirm the deleting of the cert) and then try to create a new one.

The above command was based on the examples in the links, above.

I feel like the error message is incorrect and the real error message isn't being displayed?

Update

Just in case I've messed up my Docker file stuff, here's my 2x docker-compose files:

docker-compose.yml apigateway.website.public: image: hornet/apigateway.website.public build: context: . dockerfile: src/Api Gateways/ApiGateway.Website.Public/Dockerfile #ports: # - "5000:443" depends_on: - microservice1.api - microservice2.api docker-compose.override.yml apigateway.website.public: environment: - ASPNETCORE_ENVIRONMENT=Development - ASPNETCORE_URLS=https://localhost;http://localhost - ASPNETCORE_HTTPS_PORT=5001 ports: # NOTE: need to copy the dev cert over to the container # REF: o) https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https-development.md # o) https://github.com/dotnet/dotnet-docker/blob/master/samples/aspnetapp/aspnetcore-docker-https.md # o) https://github.com/aspnet/Docs/issues/3310 # o) https://github.com/aspnet/Docs/issues/6199 - "5000:80" - "5001:443" volumes: - ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https/
Improve this question
4
  • There is more detailed explanation here: humankode.com/asp-net-core/… Commented Sep 4, 2018 at 14:25
  • I reviewed that url/link and it feels like it's not optimised for aspnet-core 2.1 .. such as global tools, etc. Commented Sep 4, 2018 at 23:48
  • May be try getting ssl to work without docker, initially.. Commented Sep 5, 2018 at 0:23
  • 1
    yep - as mentioned in the OP, http and https work when running the site, locally and outside of docker. And the force redirect also works fine. Commented Sep 5, 2018 at 0:29

1 Answer 1

Reset to default
4

I recently got this to work for my project. I cribbed a lot of it from the Visual Studio Docker Compose files that were generated.

There are several differences that I see in your compose syntax that might be contributing to your issue.

First, your environment variables - I'm not sure what version of compose you're using. I was using 3.7 and I was able to define the variables this way:

 ASPNETCORE_ENVIRONMENT: "Development" ASPNETCORE_URLS: "https://+:443;http://+:80" ASPNETCORE_HTTPS_PORT: "44371"

Notice that the main difference here is that I'm declaring my aspnetcore urls using a wild card character for the domain and declaring the port number directly after that https://+:443;http://+:80 as the internal port numbers

I was able to access the application exactly how I expected by https://localhost:44371.

I do still define ports in my compose file too, but I think the main thing here is that you need to tell aspnet core what the ports are via your ASPNETCORE_URLS environment variable. The ports declared in your compose file are informing your docker container, not your application.

So a compose file that may work for you would be the following:

apigateway.website.public: environment: ASPNETCORE_ENVIRONMENT: "Development" ASPNETCORE_URLS: "https://+:443;http://+:80" ASPNETCORE_HTTPS_PORT: "5001" volumes: - ${APPDATA}/Microsoft/UserSecrets/:/root/.microsoft/usersecrets:ro - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro ports: - "5000:80" - "5001:443"

I also added the :ro (read only) indicator on your volumes as that seems to be a best practice.

Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

thanks heaps for the helpful answer! firstly, why did you do this: ASPNETCORE_HTTPS_PORT: "5001" ? Isn't that saying that the HTTPS port of the app is 5001 but then we are trying to expose the containers port 5001 to the app-https port 443 ... which wouldn't work cause the app is setup to look at 5001, not 443?
the purpose of that variable is for issuing a redirect command to the client should they try to access the app when you have HTTPS redirection configured to be on (app.UseHttpsRedirection()). It's not defining any ports within the container, it is telling the external client "Hey, you tried to hit me at 5000, but for HTTPS you have to hit me at 5001." You can find out more about it here github.com/aspnet/Home/issues/2308 under the heading HTTPS redirection
Please see my answer here stackoverflow.com/questions/56824859/…

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.