HOW TO RUN CONTAINER WITH HTTPS — Kestrel ASP.net

ThingTrax
5 min readJan 27, 2019

--

First of all, you should know that Docker is available for Windows, MacOS and Linux. However as you quickly find out, it might not work quite the same across Mac, Windows and Linux. However, all the commands that will be given in this article will be those used in a Linux terminal — either on your local environment or on the Virtual Machine Docker.

But first, let us make one thing clear, a Docker file and a virtual machine are not the same. In sum, their difference lies in the fact that a virtual machine, as the name implies, simulates the presence of hardware and software resources such as memory, processor, hard drive, the operating system and drivers, that allow to you run programs in the same conditions as those of the machine being simulated.

All the same, Docker is not intended to replace virtualization, since your machine has its own resources. Indeed, the best way to access your own container platform is to install it from the Docker depot. In this blog, we will show you how to configure your system so that the APT package manager
can access the Docker repository via HTTPS and more specifically, through Microsoft web development platform ASP.NET which allows you to run web applications on Linux servers.

All the same, it’s important to note that an IIS server is no longer needed to host and launch this kind of applications.

Configuring Docker files on HTTPS

Before configuring Docker files on HTTPS, you must procure a certificate from either a certificate authority or if you do not have one, you can use ” Let’s Encrypt ”, which is a certificate authority that lets you get free certificates.

Moreover, you can use self-signed development certificates that allow you to host pre-built images on a localhost. In other words, using a self-signed certificate, you can also create your own self-signed certificates that you will use when developing and testing any given server product.

However, in terms of anti-patterns, this solution is an albeit cumbersome detour whenever you want to create good programming designs. We emphasize that when programming, one of the best practices that you must follow is to try and prevent programming antipatterns since for many pundits, it can be a sign of someone who lacks programming skill.

All in all, Docker images are created using a configuration file named Docker file. In this file, you will have to create the image that will be used to launch the Docker containers using the necessary libraries and binaries. The kernel meanwhile, is shared with the host system.

All the same, in this article will focus on how to use Kestrel to enable HTTPS in ASP.NET Core development since ASP.NET Core comes with the following essential components:

● Kestrel server: Which is the default multiplatform HTTP server implementation.

● The IIS HTTP server which is an in-process server for IIS.

● HTTP.sys server: Which is a Windows-only HTTP server based on the HTTP.Sys kernel driver and the HTTP Server API.

To get started, just go to the official Docker website to download the installation tool needed for your distribution (We advise you to read and understand the installation guides well).

Linux: https://docs.docker.com/engine/installation/linux/

Mac: https://docs.docker.com/engine/installation/mac/

Windows: https://docs.docker.com/engine/installation/windows/

All in all, to get started, open command prompt and run the following command.

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\Core.ssl.pfx -p bilalmalik

dotnet dev-certs https — trust

Note: “bilalmalik” is used as a stand-in for a password of your own choosing.

Subsequently, run the following command where Core.ssl.csproj file exit

dotnet user-secrets -p Core.ssl.csproj set Kestrel:Certificates:Default:Password” “bilalmalik”

Afterwards, this command will create and set password in the following path.

$ { APPDATA}/Microsoft/UserSecrets

If you open the secrets.json file you will see a json that looks like this

{

“Kestrel:Certificates:Default:Password” : “bilalmalik”

}

All the same, do note that the password must always match the password used for the certificate.

Open Core.ssl.csproj in any editor and find UserSecretsId tag value of usersecretid which should also match with folder name that exit at the following path $ { APPDATA}/Microsoft/UserSecrets.

Indeed, just like in our case study it should be like aspnet-Core.ssl-a4cd9dd6-aca3–4751–8fc5–2e0c2cb13904

But what do you do when you try to run your app with ssl and local host is not responding?

Simply Open your program.cs and replace the BuildWebHost method with the given code.

public static IWebHost BuildWebHost ( string [] args ) =>

WebHost . CreateDefaultBuilder ( args )

. UseApplicationInsights ()

. UseKestrel ( options =>

{

options . Listen ( new System . Net . IPEndPoint ( System . Net . IPAddress . Any , 443 ), listenOptions =>

{

var configuration =

( IConfiguration ) options . ApplicationServices . GetService ( typeof ( IConfiguration ))

;

var certPassword =

Environment . GetEnvironmentVariable ( “Kestrel:Certificates:Default:Password” );

var certPath =

Environment . GetEnvironmentVariable ( “Kestrel:Certificates:Default:Path” );

Console . WriteLine ( certPassword );

Console . WriteLine ( certPath );

var certificate = new X509Certificate2 ( certPath ,

certPassword );

var httpsConnectionAdapterOptions = new

HttpsConnectionAdapterOptions ()

{

ClientCertificateMode =

ClientCertificateMode . NoCertificate ,

SslProtocols =

System . Security . Authentication . SslProtocols . Tls ,

ServerCertificate = certificate

};

listenOptions . UseHttps ( httpsConnectionAdapterOptions );

});

})

. UseStartup < Startup >()

. Build ();

If you see everything remaining the same, modify it using the Kestrel method. This is because, ASP.NET Core project templates use Kestrel by default. So to proceed, just UseKestrel and then, simply initialize a new instance of the

System .Security.Cryptography.X509Certificates.X509Certificate2

class using a certificate file name with full path and a password used to access the certificate. HttpsConnectionAdapterOptions which will be used to configure kestrel settings as well as handling https request.

Note: If you are using dot net core 2.1 or 2.2 then just copy the . UseKestrel method to configure kestrel server .

Keep docker-compose.yml as it.Open docker-compose.overrode.yml and replace with the following:

version : ‘3.4’

services :

tt.core.web :

environment :

- ASPNETCORE_ENVIRONMENT=devdocker

- ASPNETCORE_URLS=https://+:443;http://+:80

- ASPNETCORE_HTTPS_PORT=44379

- Kestrel:Certificates:Default:Path= :/root/.aspnet/https/Core.ssl.pfx

- — Kestrel:Certificates:Default:Password=bilalmalik

ports :

- “50518:80”

- “44379:443”

volumes :

- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

Nonetheless, do always keep in mind that it is indispensable that your virtual host is configured in such a way that you can always look for the certificate in the right place as our demonstration above has shown. As a matter of fact, as you can see in our case study, when the environment variable is configured in the UseKestrel method, your ssl.conf file should contain the locations of the certificate file.

Moreover, in the spirit of avoiding antipattern detours when programming, why not use the env file?

All the same, despite the method you use, never forget that while these variables are referenced as environment variables, they should not be confused with the environment variables controlled by the underlying operating system. This is due to the fact that, they become real operating system environment variables only when they are made available to CGI and SSI scripts. As a matter of fact, if you want to modify the operating system environment under which the server runs, you must use the standard environment execution mechanisms provided by the shell of your operating system

Credits:

Bilal Malik

LinkedIn: https://www.linkedin.com/in/bilal-malik-3b4247bb/

Twitter: https://twitter.com/bilal_malik777

www.thingtrax.com

--

--

ThingTrax
ThingTrax

Written by ThingTrax

ThingTrax provides an end-to-end industrial IoT solution providing easy to setup devices and simple to use web and mobile software.