How to enable fully working HTTPS for .NET Core WebApp on Debian with nginx?

Question

I'd want to encrypt traffic to my webapp via HTTPS but I'm struggling with it on Debian

Of course there's guide at Microsoft's site: https://learn.microsoft.com/en-US/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.1&tabs=visual-studio

but... is not that just redirection?

This document shows how to:

Require HTTPS for all requests.
Redirect all HTTP requests to HTT

How can I create those .pfx files or whatever else I need to add HTTPs to my webapp?

Answer 1

I recommend to use nginx as reverse proxy for your web application. In this case you won't need to modify your app code, you will be able to modify your HTTPS settings without any modifications in web app. Steps:

1) Setup your website, for example it will use port 5000

2) Install nginx and create basic config like this one:

worker_processes 4;

events { worker_connections 1024; }

http {
    sendfile on;

    upstream app_servers {
        server web:5000;
    }

    server {
        server_name your_server_name_here.com;
        listen 80;

        location / {
            proxy_pass         http://app_servers;
            proxy_redirect     off;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
    }
}

Read more about configuration here.

3) Use letsencrypt for obtaining free HTTPS certificates via certbot. It will do all job for working with certs and will modify your nginx config automatically

Also I suggest to use Docker - it will help you to separate code and proxy better.