I'm having issues trying to debug a docker container pointed at the "Production" ASPNETCORE_ENVIRONMENT in Visual Studio. The "Development" environment works fine. I'm trying to debug against a production container because we are having issues with the different appsettings file per environment.
This is my error:
Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
I've looked through a few articles but nothing seems to work when debugging against production. When I remove https from the launchSettings.json the site doesn't run at all.
https://github.com/dotnet/dotnet-docker/blob/master/samples/host-aspnetcore-https.md
Unable to configure ASP.NET HTTPS endpoint in Windows docker container
https://learn.microsoft.com/en-us/aspnet/core/security/enforcing-ssl?view=aspnetcore-3.1&tabs=visual-studio#trust-the-aspnet-core-https-development-certificate-on-windows-and-macos
Environment:
Windows 10
Linux Containers
ASP.NET Core 3.1
launchSettings:
"Docker": {
"commandName": "Docker",
"launchBrowser": true,
"launchUrl": "{Scheme}://{ServiceHost}:{ServicePort}",
"environmentVariables": {
"ASPNETCORE_ENVIRONMENT": "Production",
"ASPNETCORE_URLS": "https://+:443;http://+:80",
},
"httpPort": 51934,
"useSSL": true,
"sslPort": 44349
}
DockerFile
#Depending on the operating system of the host machines(s) that will build or run the containers, the image specified in the FROM statement may need to be changed.
#For more information, please see https://aka.ms/containercompat
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1.2-bionic AS base
WORKDIR /app
EXPOSE 80
RUN apt update && DEBIAN_FRONTEND=noninteractive apt install -y tzdata
RUN apt install -y --allow-unauthenticated \
libc6-dev \
libgdiplus \
libx11-dev \
&& rm -rf /var/lib/apt/lists/*
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-bionic AS build
WORKDIR /src
COPY src .
RUN dotnet restore "ExampleApp.Web/ExampleApp.Web.csproj"
COPY . .
WORKDIR "/src/ExampleApp.Web"
RUN dotnet dev-certs https --trust
RUN dotnet build "ExampleApp.Web.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "ExampleApp.Web.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENV ASPNETCORE_ENVIRONMENT Production
ENTRYPOINT ["dotnet", "ExampleApp.Web.dll", "--environment=Production"]
Some options
Option 1:
inside the app, configure like so, it should work
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseUrls(YourWebAppUrls)
.UseKestrel()
.ConfigureKestrel(options =>
{
options.ListenAnyIP(51934); // whatever your port
})
.UseIIS()
Option 2:
In your build tasks you can add this to the command line see here
Close your browsers so that they do not cache the certificate because that will cause other issues.
On the commandline run this
dotnet dev-certs https --clean
then run
dotnet dev-certs https -t
Option 3:
Self signed Cert
Option 4:
Run these commands from here
dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust
Windows using Windows containers
Generate certificate and configure local machine:
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust
Run the Container Image with Core configured for HTTPS:
docker pull mcr.microsoft.com/dotnet/core/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="password" -e ASPNETCORE_Kestrel__Certificates__Default__Path=\https\aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:C:\https\ mcr.microsoft.com/dotnet/core/samples:aspnetapp
Related
I have created the Containers / Apps
But when I run it, I got this error message: This site can’t be reached. localhost unexpectedly closed the connection.
But when I run from Visual Studio, I can run it.
Extra troubleshooting steps is below
This is docker file
FROM mcr.microsoft.com/dotnet/aspnet:5.0-focal AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-dotnet-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
FROM mcr.microsoft.com/dotnet/sdk:5.0-focal AS build
WORKDIR /src
COPY ["WebApplication3/WebApplication3.csproj", "WebApplication3/"]
RUN dotnet restore "WebApplication3/WebApplication3.csproj"
COPY . .
WORKDIR "/src/WebApplication3"
RUN dotnet build "WebApplication3.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "WebApplication3.csproj" -c Release -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "WebApplication3.dll"]
By default, Swagger is only available when the app runs in development mode. Docker containers, by default, don't run in development mode.
Try accessing the API directly on http://localhost:49155/WeatherForecast
You can run the container in development mode by setting the environment variable ASPNETCORE_ENVIRONMENT to Development by adding the option -e ASPNETCORE_ENVIRONMENT=Development to your docker run command. Then Swagger should be available.
You can use dotnet dev-certs https to generate a self-signed certificate for use with ASP.NET as this dockerfile demontrates
FROM mcr.microsoft.com/dotnet/sdk:5.0 as build
WORKDIR /src
RUN dotnet new webapi -o app
RUN dotnet dev-certs https
RUN dotnet publish -o out app/app.csproj
ENV ASPNETCORE_URLS="https://*:443;http://*:80"
WORKDIR /app
RUN cp -r /src/out/* .
CMD ["dotnet", "app.dll"]
I would like to base my final image on the aspnet image though. So I change it to
FROM mcr.microsoft.com/dotnet/sdk:5.0 as build
WORKDIR /src
RUN dotnet new webapi -o app
RUN dotnet dev-certs https
RUN dotnet publish -o out app/app.csproj
FROM mcr.microsoft.com/dotnet/aspnet:5.0 as final
ENV ASPNETCORE_URLS="https://*:443;http://*:80"
WORKDIR /app
COPY --from=build /src/out .
CMD ["dotnet", "app.dll"]
I can build that, but when I run it, it fails because it can't find the certificate. I can't run dotnet dev-certs https in the final image, because the dev-certs command is only part of the SDK and not the aspnet image. I'd like to copy over the certificate to the final image, but I don't know where dotnet dev-certs https stores it and I can't find any documentation about it.
How do I solve this, so my image is based on aspnet and can accept requests over https?
After poking around, I found the certificate in /root/.dotnet/corefx/cryptography/x509stores/my/
Adding
COPY --from=build /root/.dotnet/corefx/cryptography/x509stores/my/* /root/.dotnet/corefx/cryptography/x509stores/my/
to the final image solved the issue.
I have a .NET application and I wish, in production, generate a dev certificate (self-signed).
Locally, to do this I use the following commands:
dotnet dev-certs https --clean
dotnet dev-certs https
dotnet dev-certs https --trust
So I tried 2 methods, but none seems to work.
I have search for the .pfx file into my "/root/.aspnet/https" (/data/socloze/web/keys/https in real, because of the volume mapping), but this folder does not exists.
Method 1 : Create the certificate at image build
In the DockerFile file, I have the following
### >>> GLOBALS
ARG ENVIRONMENT="Production"
ARG PROJECT="Mycorp.MyApp.Web"
### <<<
#--------------------------------------------------
# Build / Publish
#--------------------------------------------------
# debian buster - AMD64
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
### >>> IMPORTS
ARG ENVIRONMENT
ARG PROJECT
### <<<
ARG NUGET_CACHE=https://api.nuget.org/v3/index.json
ARG NUGET_FEED=https://api.nuget.org/v3/index.json
# Copy sources
COPY src/ /app/src
ADD common.props /app
WORKDIR /app
# Installs NodeJS to build typescripts
#RUN apt-get update -yq && apt-get upgrade -yq && apt-get install -yq curl git nano
#RUN curl -sL https://deb.nodesource.com/setup_8.x | bash - && apt-get install -yq nodejs build-essential
#RUN npm install -g npm
#RUN npm install
RUN apt-get update
RUN apt-get install curl
RUN curl -sL https://deb.nodesource.com/setup_14.x | bash -
RUN apt-get install -y nodejs
RUN npm install /app/src/MyCorp.Core.Blazor/
#RUN npm install -g parcel-bundler
# Installs the required dependencies on top of the base image
# Publish a self-contained image
RUN apt-get update && apt-get install -y libgdiplus libc6-dev && dotnet dev-certs https --clean && dotnet dev-certs https && dotnet dev-certs https --trust &&\
dotnet publish --self-contained --runtime linux-x64 -c Debug -o out src/${PROJECT};
#--------------------------------------------------
# Execute
#--------------------------------------------------
# Start a new image from aspnet runtime image
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS runtime
### >>> IMPORTS
ARG ENVIRONMENT
ARG PROJECT
### <<<
#ENV DOTNET_GENERATE_ASPNET_CERTIFICATE=true
ENV ASPNETCORE_ENVIRONMENT=${ENVIRONMENT}
ENV ASPNETCORE_URLS="http://+:80;https://+:443;https://+:44390"
#ENV ASPNETCORE_URLS="http://+:80"
ENV PROJECT="${PROJECT}.dll"
# Make logs a volume for persistence
VOLUME /app/Logs
# App directory
WORKDIR /app
# Copy our build from the previous stage in /app
COPY --from=build /app/out ./
RUN apt-get update && apt-get install -y ffmpeg libgdiplus libc6-dev
# Ports
EXPOSE 80
EXPOSE 443
EXPOSE 44390
# Execute
ENTRYPOINT dotnet ${PROJECT}
Method 2 : Create the certificate by using docker-compose
The other way, is to generate the certificate once the container start, in my myappstack.yaml I have the following:
version: '3.3'
services:
web:
image: registry.gitlab.com/mycorp/myapp/socloze.web:1.1.1040
command:
- sh -c "dotnet dev-certs https --clean"
- sh -c "dotnet dev-certs https"
- sh -c "dotnet dev-certs https --trust"
- sh -c "echo MYPASS | sudo -S -k update-ca-certificates"
volumes:
- keys-vol:/root/.aspnet
- logs-vol:/app/Logs
- sitemap-vol:/data/sitemap/
networks:
- haproxy-net
- socloze-net
configs:
-
source: socloze-web-conf
target: /app/appsettings.json
logging:
driver: json-file
deploy:
placement:
constraints:
- node.role == manager
networks:
haproxy-net:
external: true
socloze-net:
external: true
volumes:
keys-vol:
driver: local
driver_opts:
device: /data/socloze/web/keys
o: bind
type: none
logs-vol:
driver: local
driver_opts:
device: /data/socloze/web/logs
o: bind
type: none
sitemap-vol:
driver: local
driver_opts:
device: /data/sitemap
o: bind
type: none
configs:
socloze-web-conf:
external: true
But none seems to work. I know that the first method has already worked, but I can't make it work again.
Fact 1. I've got 2 windows containers for:
MSSQL Server Developer Edition (microsoft/mssql-server-windows-developer)
Asp.Net Core API 5.0 (5.0.102) (solomiosisante/consequence:api)
Fact 2. No problem accessing the SQLServer container data from Management Studio (SSMS).
Fact 3. No problem when I run the API project from Visual Studio accessing the SQLServer container.
Fact 4. The problem is when I run both containers, the error says:
fail: Microsoft.EntityFrameworkCore.Database.Connection[20004]
An error occurred using the connection to database 'Consequence' on
server 'localhost,14344'.
fail: Microsoft.EntityFrameworkCore.Query[10100]
An exception occurred while iterating over the results of a query for
context type 'Consequence.EF.Models.ConsequenceContext'.
Microsoft.Data.SqlClient.SqlException (0x80131904): A network-related
or instance-specific error occurred while establishing a connection to
SQL Server. The server was not found or was not accessible. Verify
that the instance name is correct and that SQL Server is configured to
allow remote connections. (provider: TCP Provider, error: 0 - No
connection could be made because the target machine actively refused
it.)
SQL Server Container:
The SQL Container came from the image I built using microsoft/mssql-server-windows-developer. I attached my db and created an image and uploaded it to my docker hub existing repo solomiosisante/consequence:sqlexpress. I used the sqlexpress image before, thus the tagname :sqlexpress. I've yet to change it to :developer.
API Dockerfile:
FROM mcr.microsoft.com/dotnet/aspnet:5.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
WORKDIR /src
COPY ["Consequence.API/Consequence.API.csproj", "Consequence.API/"]
RUN dotnet restore "Consequence.API/Consequence.API.csproj"
COPY . .
WORKDIR "/src/Consequence.API"
RUN dotnet build "Consequence.API.csproj" -c Release -o /app/build
FROM build AS publish
RUN dotnet publish "Consequence.API.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENV ASPNETCORE_URLS="https://+;http://+"
ENV ASPNETCORE_HTTPS_PORT=44388
ENV ASPNETCORE_Kestrel__Certificates__Default__Password="P#ssw0rd123"
ENV ASPNETCORE_Kestrel__Certificates__Default__Path=/src/certs/consequence.pfx
ENTRYPOINT ["dotnet", "Consequence.API.dll"]
I also tried:
FROM mcr.microsoft.com/dotnet/sdk:5.0 AS build
WORKDIR /src
#COPY ["Consequence.API/Consequence.API.csproj", "Consequence.API/"]
#COPY ["Consequence.EF/Consequence.EF.csproj", "Consequence.EF/"]
#COPY ["Consequence.Repositories/Consequence.Repositories.csproj", "Consequence.Repositories/"]
COPY . .
RUN dotnet restore "Consequence.API/Consequence.API.csproj"
Build and Run Scripts:
SQL Container:
docker run --name=sqlserver-container -d -p 14344:1433 -e sa_password=P#ssw0rd123 -e ACCEPT_EULA=Y solomiosisante/consequence:sqlexpress
ASP.Net Core 5.0.102 Container:
dotnet dev-certs https -ep certs\consequence.pfx -p P#ssw0rd123
dotnet dev-certs https --trust
docker build --pull -t consequenceapi:latest --file Consequence.API/Dockerfile .
docker run -d -p 8088:80 -p 44388:443 -v C:\SolRepo\Consequence\certs\:C:\src\certs --name consequenceapi consequenceapi:latest
Dockerhub repo for API: solomiosisante/consequence:api
I also tried:
docker run -d -p 8088:80 -p 44388:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="P#ssw0rd123" -e ASPNETCORE_Kestrel__Certificates__Default__Path=\https\aspnetapp.pfx -v $env:USERPROFILE\.aspnet\https:C:\https\ --name consequenceapi solomiosisante/consequence:api
I've read about docker network and tried all sorts. Still no luck. I'm hoping that this is not because I'm using Windows containers and that is one of the limitations of using it.
Given these facts, any ideas, comments, thanks in advance.
I am attempting to login to a Docker angular app using Identity Server for Authentication. Once I enter my credentials for on Identity Server, I get a 500 Internal Server Error.
When I run this application locally (non-Docker) I am able to login with ID Server and return to the Angular App without seeing any errors. Which makes me think there must be something wrong with my ID Server Dockerfile:
FROM microsoft/dotnet AS build-env
ARG source
RUN echo "source: $source"
WORKDIR /app
RUN apt-get update
RUN curl -sL https://deb.nodesource.com/setup_8.x | bash
RUN apt-get install nodejs
RUN node -v
RUN npm -v
# Copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore
#Copy everything else & build
COPY . ./
RUN dotnet publish -c Release -o out
# Build runtime image
FROM microsoft/dotnet
WORKDIR /app
COPY --from=build-env /app/out .
EXPOSE 80
ENTRYPOINT ["dotnet", "IdentityServerWithAspNetIdentity.dll"]
Can anyone tell me why I am seeing a 500 Internal Server Error in Docker, and what I can do to resolve this issue?
Much appreciated, thank you.