Tig2810
Reputation: 169
Asp.Net Core docker-compose https self signed certificate issue
I am not able to run docker-compose for an asp.net core 3 api on https with a self signed cert. I have followed the instructions on ms docs but I have given up at this point after trying everything for hours: https://learn.microsoft.com/en-us/aspnet/core/security/docker-https?view=aspnetcore-2.2
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust
My docker compose is here:
version: '3.7'
networks:
localdev:
name: localdev
services:
main-api:
container_name: main-api
build:
context: .
dockerfile: Dockerfile
#restart: always
ports:
- "5000:5000"
- "5001:5001"
depends_on:
- db-server
networks:
- localdev
volumes:
- $USERPROFILE/.aspnet/https:/https/
environment:
ASPNETCORE_Kestrel__Certificates__Default__Password: "Passw0rd!"
ASPNETCORE_Kestrel__Certificates__Default__Path: "$USERPROFILE/.aspnet/https/aspnetapp.pfx"
db-server:
image: mariadb:latest
container_name: db-server
environment:
- MYSQL_ROOT_PASSWORD=Password!
ports:
- "13306:3306"
networks:
- localdev
docker-compose log is here:
main-api | warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
main-api | Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
main-api | crit: Microsoft.AspNetCore.Server.Kestrel[0]
main-api | Unable to start Kestrel.
main-api | Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
main-api | at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
main-api | at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
main-api | at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
main-api | at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
main-api | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
main-api | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
main-api | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
main-api | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
main-api | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
main-api exited with code 0
$ ls -l %USERPROFILE%\.aspnet\https\aspnetapp.pfx
-rw-r--r-- 1 tig28 197609 2652 Dec 17 23:07 %USERPROFILE%.aspnethttpsaspnetapp.pfx
Using Linux syntax:
$ ls -l $USERPROFILE/.aspnet/https/aspnetapp.pfx
-rw-r--r-- 1 tig28 197609 2652 Dec 17 11:15 'C:\Users\tig28/.aspnet/https/aspnetapp.pfx'
Upvotes: 2
Views: 9398
Answers (2)
hpsanampudi
Reputation: 679
If your project uses .net 6 then local path to map to volume as shown below
Reference: Hosting ASP.NET Core images with Docker Compose over HTTPS
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust
version: '3.4'
services:
webapp:
image: mcr.microsoft.com/dotnet/core/samples:aspnetapp
ports:
- 80
- 443
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
volumes:
- ~/.aspnet/https:/https:ro
Upvotes: 0
mehul9595
Reputation: 1955
Minor change to your docker-compose file, here path will be your mounted path for the container /root/.aspnet/https/ApiHost.pfx.
environment:
ASPNETCORE_HTTPS_PORT: 6001
ASPNETCORE_ENVIRONMENT: Development
ASPNETCORE_Kestrel__Certificates__Default__Path:/root/.aspnet/https/ApiHost.pfx
ASPNETCORE_Kestrel__Certificates__Default__Password: <password>
volumes:
- ${USERPROFILE}\.aspnet\https:/root/.aspnet/https
Upvotes: 1
Related Questions
- How to properly install certificates on Docker in ASP.NET Core application?
- Docker image: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found
- Asp.net core SSL could not run in docker container
- Debug dockercompose Visual Studio ASP.NET Core 2.2 over HTTPS getting error
- Https required for asp.net core in docker
- Asp.Net-Core Application in docker over https
- ASP.NET Core Web API client does not trust self-signed certificate used by the Identity Server instance
- Unable to create a dev certificate for an ASP.NET Core Web App in a Docker container
- How to run dockered ASP.net core app generated by Visual Studio 2019 on Linux? Problem with SSL configuration
- Self-Signed CA not accessible via X509Store