Develop Reference

ASP.NET 7 Blazor Server - Certbot SSL for Linux Host

I recently launched a Blazor Server application on a Debian 11 server. The application is running through a Linux Docker container. I have used a DNS to connect my domain name to my server, and am trying to get an SSL certificate applied to my domain for my Blazor app.
By following Certbot guides, I have done the following on my Debian 11 server where my Blazor container is hosted to port 80:
apt-get install cerbot
certbot certonly --standalone
And I got the following message:
Congratulations!
Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem
My site is still not using https. I cannot find any other instructions to apply the SSL from this point. Do I need to add code to my Blazor Server app to point to the SSL files? Do I need to mount the SSL files to somewhere in my Docker container? Thanks.
Update: I have been running my Docker container with the following command. I've tested the mounting of my keys folder and can see it is correct, but I still have issues when launching the container. It appears to be unable to find the keys even though they are mounted to the container correctly:
docker run -p 80:80 -p 443:443 -v /etc/letsencrypt/live/example.com:/https/ -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/fullchain.pem -e ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/privkey.pem --restart always --name blazorserver blazorserver:1.01
I get these terminal errors, resulting in Program.cs failing to run app.Run();
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {c9ce4f00-c893-456c-b894-6421bf21ffd8} may be persisted to storage in unencrypted form.
Unhandled exception. System.IO.FileNotFoundException: Could not find file '/https/fullchain.pem'.
File name: '/https/fullchain.pem'
at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode, Func`4 createOpenException)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64& fileLength, UnixFileMode& filePermissions, Func`4 createOpenException)
at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
at System.IO.StreamReader.ValidateArgsAndOpenPath(String path, Encoding encoding, Int32 bufferSize)
at System.IO.File.ReadAllText(String path, Encoding encoding)
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.ImportFromPemFile(String certPemFilePath)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
at Program.<Main>$(String[] args) in /src/Program.cs:line 36

So, the issue was that the /etc/letsencrypt/live/example.com/fullchain.pem file needs access to other files in the /etc/letsencrypt hierarchy. After mounting the entire /etc/letsencrypt directory to /https, I was able to access the SSL files with the full path, e.g. /https/live/example.com/fullchain.pem for the __Path variable.
Hopefully somebody finds my troubleshooting useful, as I could not find much information out there for Let's Encrypt SSL setup for Kestrel and/or Blazor.

RabbitMQ closing AMQP connection with error {handshake_timeout,frame_header}

We have two dotnet applications that publish and subscribe to RabbitMQ respectively. Our developers tested it locally and they work fine on their workstation (launch through Visual Studio). However, when we build them into container and run them, RabbitMQ logs will show the following error messages:
2022-11-01 09:29:15.998692+00:00 [info] <0.1560.868> accepting AMQP connection <0.1560.868>
2022-11-01 09:31:22.599983+00:00 [error] <0.2112.868> closing AMQP connection <0.2112.868>
2022-11-01 09:31:22.599983+00:00 [error] <0.2112.868> {handshake_timeout,frame_header}
And below is the error message on our dotnet container:
RabbitMQ.Client.Exceptions.BrokerUnreachableException: None of the specified endpoints were reachable
---> RabbitMQ.Client.Exceptions.PossibleAuthenticationFailureException: Possibly caused by authentication failure
---> RabbitMQ.Client.Exceptions.OperationInterruptedException: The AMQP operation was interrupted: AMQP close-reason, initiated by Library, code=541, text='Unexpected Exception', classId=0, methodId=0, cause=System.IO.IOException: Unable to read data from the transport connection: Connection reset by peer.
---> System.Net.Sockets.SocketException (104): Connection reset by peer
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 count)
--- End of inner exception stack trace ---
at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 count)
at System.IO.BufferedStream.ReadByteSlow()
at System.IO.BufferedStream.ReadByte()
at RabbitMQ.Client.Impl.InboundFrame.ReadFrom(Stream reader, Byte[] frameHeaderBuffer, ArrayPool`1 pool, UInt32 maxMessageSize)
at RabbitMQ.Client.Impl.SocketFrameHandler.ReadFrame()
at RabbitMQ.Client.Framing.Impl.Connection.MainLoopIteration()
at RabbitMQ.Client.Framing.Impl.Connection.MainLoop()
at RabbitMQ.Client.Impl.SimpleBlockingRpcContinuation.GetReply(TimeSpan timeout)
at RabbitMQ.Client.Impl.ModelBase.ConnectionStartOk(IDictionary`2 clientProperties, String mechanism, Byte[] response, String locale)
at RabbitMQ.Client.Framing.Impl.Connection.StartAndTune()
--- End of inner exception stack trace ---
at RabbitMQ.Client.Framing.Impl.Connection.StartAndTune()
at RabbitMQ.Client.Framing.Impl.Connection.Open(Boolean insist)
at RabbitMQ.Client.Framing.Impl.Connection..ctor(IConnectionFactory factory, Boolean insist, IFrameHandler frameHandler, String clientProvidedName)
at RabbitMQ.Client.Framing.Impl.Connection..ctor(IConnectionFactory factory, Boolean insist, IFrameHandler frameHandler, ArrayPool`1 memoryPool, String clientProvidedName)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IFrameHandler fh)
at RabbitMQ.Client.Framing.Impl.AutorecoveringConnection.Init(IEndpointResolver endpoints)
at RabbitMQ.Client.ConnectionFactory.CreateConnection(IEndpointResolver endpointResolver, String clientProvidedName)
--- End of inner exception stack trace ---
I have spent two days googling and troubleshooting but I am not a developer myself and couldn't find anything similar to our issue. Any help and guidance would be appreciated.
RabbitMQ version: 3.10.5
Erlang version: 24.3.4
.NET version: 6.0.10
RabbitMQ Client Library version: 6.2.1

.NET 6 Minimal web app for permanent redirect on Azure App Service on Linux (Applicatin error / Site reported as unsafe)

I have a subdomain which must redirect any route to a main domain root:
http(s)://subdomain.example.com/ => https://example.com
http(s)://subdomain.example.com/{*anything} => https://example.com
So, I have created a minimal .NET 6 web app:
using System.Net;
WebApplicationBuilder builder = WebApplication.CreateBuilder(args);
builder.Services.AddHttpsRedirection(options =>
{
options.RedirectStatusCode = (int)HttpStatusCode.PermanentRedirect;
options.HttpsPort = 443;
});
WebApplication app = builder.Build();
app.Urls.Add("http://+");
app.Urls.Add("https://+");
app.UseHttpsRedirection();
app.MapGet("/", () => Results.Redirect("https://example.com", true, true));
app.MapGet("/{*_}", (string _) => Results.Redirect("https://example.com", true, true));
app.Run();
When I run it locally, everything works:
http://localhost redirects to https://example.com
http://localhost/blah redirects to https://example.com
https://localhost redirects to https://example.com
https://localhost/blah redirects to https://example.com
Then I created App Service (Linux) in Azure for which:
I set up my custom domain subdomain.example.com
I added App Service Managed certificate for my custom subdomain
HTTPS only is ON
Looks good so far. But when I deploy my app and run it, 2 problems:
opening https://mycustomapp.azurewebsites.net shows me This site has been reported as unsafe (!)
when open http(s)://subdomain.example.com I get application error
And here's what I see in the logs:
2022-06-03T03:43:22.170878337Z ASP .NETCore Version: 6.0.3
2022-06-03T03:43:22.170881637Z Note: Any data outside '/home' is not persisted
2022-06-03T03:43:22.462209593Z Running oryx create-script -appPath /home/site/wwwroot -output /opt/startup/startup.sh -defaultAppFilePath /defaulthome/hostingstart/hostingstart.dll -bindPort 8080 -userStartupCommand 'dotnet PermanentRedirectMinimal.dll'
2022-06-03T03:43:22.553430350Z Cound not find build manifest file at '/home/site/wwwroot/oryx-manifest.toml'
2022-06-03T03:43:22.553445850Z Could not find operation ID in manifest. Generating an operation id...
2022-06-03T03:43:22.553843654Z Build Operation ID: [guid]
2022-06-03T03:43:23.236717018Z
2022-06-03T03:43:23.237393225Z Agent extension
2022-06-03T03:43:23.237407225Z Before if loop >> DotNet Runtime
2022-06-03T03:43:23.277833149Z DotNet Runtime 6.0Writing output script to '/opt/startup/startup.sh'
2022-06-03T03:43:23.358910299Z Running user provided startup command...
2022-06-03T03:43:25.470314040Z Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
2022-06-03T03:43:25.470359841Z To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
2022-06-03T03:43:25.470366541Z For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
2022-06-03T03:43:25.470370941Z at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
2022-06-03T03:43:25.470375241Z at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
2022-06-03T03:43:25.470379341Z at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
2022-06-03T03:43:25.470383541Z at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable`1 listenOptions, AddressBindContext context, CancellationToken cancellationToken)
2022-06-03T03:43:25.470387541Z at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
2022-06-03T03:43:25.470402041Z at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
2022-06-03T03:43:25.470405941Z at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
2022-06-03T03:43:25.470409541Z at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
2022-06-03T03:43:25.470413041Z at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
2022-06-03T03:43:25.470416641Z at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
2022-06-03T03:43:25.470426442Z at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
2022-06-03T03:43:25.470430142Z at Microsoft.AspNetCore.Builder.WebApplication.Run(String url)
2022-06-03T03:43:25.472178560Z at Program.$(String[] args) in e:...\PermanentRedirectMinimal\Program.cs:line 22 [ ==> where app.Run() is ]
2022-06-03T03:43:41.244915770Z Could not open output /home/logs/dumps/coredump.d26e6752ab2d.36.1654227802: 2 No such file or directory
2022-06-03T03:43:41.253765645Z Gathering state for process 36 dotnet
2022-06-03T03:43:41.253793945Z Crashing thread 00000024 signal 00000006
2022-06-03T03:43:41.253799545Z Writing minidump with heap to file /home/logs/dumps/coredump.d26e6752ab2d.36.1654227802
2022-06-03T03:43:41.762563322Z /opt/startup/startup.sh: line 10: 36 Aborted (core dumped) dotnet PermanentRedirectMinimal.dll
2022-06-03T03:43:42.474Z INFO - Waiting for response to warmup request for container annuaire_0_4715a3e4. Elapsed time = 19.6895811 sec
2022-06-03T03:43:42.508Z ERROR - Container blah_0_4715a3e4 for site blah has exited, failing site start
2022-06-03T03:43:42.511Z ERROR - Container blah_0_4715a3e4 didn't respond to HTTP pings on port: 8080, failing site start. See container logs for debugging.
2022-06-03T03:43:42.520Z INFO - Stopping site blah because it failed during startup.

As confirmed by Azure Support, this scenario is not supported for Linux App Service. :( Azure power.

Unable to write to AWS ClouldWatch from docker container

I'm running a .net core application in a windows container where it uses AWS SDK to connect to ClouldWatch. I have used Serilog.Sink.AWSCloudWatch for this integration.
CloudWatch integration works when I run it from my host machine however I'm getting below exception when I tried that from a windows docker container. As I am new to dockers, would you be able to help me to solve this issue.
Error initializing log stream. No logs will be sent to AWS CloudWatch. Exception was System.Net.Http.HttpRequestException: No such host is known.
---> System.Net.Sockets.SocketException (11001): No such host is known.
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
--- End of inner exception stack trace ---
at System.Net.Http.ConnectHelper.ConnectAsync(String host, Int32 port, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.ConnectAsync(HttpRequestMessage request, Boolean allowHttp2, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.CreateHttp11ConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.GetHttpConnectionAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpConnectionPool.SendWithRetryAsync(HttpRequestMessage request, Boolean doRequestAuth, CancellationToken cancellationToken)
at System.Net.Http.RedirectHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncUnbuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)
at Amazon.Runtime.HttpWebRequestMessage.GetResponseAsync(CancellationToken cancellationToken)
at Amazon.Runtime.Internal.HttpHandler`1.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.Unmarshaller.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.ErrorHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.EndpointDiscoveryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.EndpointDiscoveryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CredentialsRetriever.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.RetryHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.CallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.ErrorCallbackHandler.InvokeAsync[T](IExecutionContext executionContext)
at Amazon.Runtime.Internal.MetricsHandler.InvokeAsync[T](IExecutionContext executionContext)
at Serilog.Sinks.AwsCloudWatch.CloudWatchLogSink.CreateLogGroupAsync()
at Serilog.Sinks.AwsCloudWatch.CloudWatchLogSink.EnsureInitializedAsync()
at Serilog.Sinks.AwsCloudWatch.CloudWatchLogSink.EmitBatchAsync(IEnumerable`1 events).
Docker file,
ROM mcr.microsoft.com/dotnet/core/runtime:3.1-nanoserver-1903 AS base
WORKDIR /app
FROM mcr.microsoft.com/dotnet/core/sdk:3.1-nanoserver-1903 AS build
WORKDIR /src
COPY *.sln .
COPY MyProject/*.csproj ./MyProject/
RUN dotnet restore
# copy full solution over
COPY . .
RUN dotnet build
FROM build AS release
WORKDIR "/src/MyProject"
RUN dotnet build "MyProject.csproj" -c Release -o /app/build
FROM build AS publish
WORKDIR "/src/MyProject"
RUN dotnet publish "MyProject.csproj" -c Release -o /app/publish
FROM base AS final
WORKDIR /Users/ContainerUser/.aws
COPY credentials .
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MyProject.dll"]
Thanks

Actual issue was I was running the application with vpn on, so https request was rejected by the vpn. I managed to solve this without vpn.

CCNET Server Exception

CCNET is throwing this exeption on the web dashboard. What is causing this?
System.Net.Sockets.SocketException: No connection could be made because the target machine actively refused it 127.0.0.1:21234 Server stack trace: at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress) at System.Net.Sockets.Socket.Connect(EndPoint remoteEP) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket(EndPoint ipEndPoint) at System.Runtime.Remoting.Channels.RemoteConnection.CreateNewSocket() at System.Runtime.Remoting.Channels.RemoteConnection.GetSocket() at System.Runtime.Remoting.Channels.SocketCache.GetSocket(String machinePortAndSid, Boolean openNew) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.SendRequestWithRetry(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream) at System.Runtime.Remoting.Channels.Tcp.TcpClientTransportSink.ProcessMessage(IMessage msg, ITransportHeaders requestHeaders, Stream requestStream, ITransportHeaders& responseHeaders, Stream& responseStream) at System.Runtime.Remoting.Channels.BinaryClientFormatterSink.SyncProcessMessage(IMessage msg) Exception rethrown at [0]: at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg) at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type) at ThoughtWorks.CruiseControl.Remote.ICruiseManager.GetServerLog() at ThoughtWorks.CruiseControl.WebDashboard.ServerConnection.ServerAggregatingCruiseManagerWrapper.GetServerLog(IServerSpecifier serverSpecifier) at ThoughtWorks.CruiseControl.WebDashboard.Plugins.ServerReport.ServerLogServerPlugin.Execute(ICruiseRequest request) at ThoughtWorks.CruiseControl.WebDashboard.MVC.Cruise.ServerCheckingProxyAction.Execute(ICruiseRequest cruiseRequest) at ThoughtWorks.CruiseControl.WebDashboard.MVC.Cruise.CruiseActionProxyAction.Execute(IRequest request) at ThoughtWorks.CruiseControl.WebDashboard.MVC.Cruise.ExceptionCatchingActionProxy.Execute(IRequest request)

have you checked the ccservice is started? you can use telnet to check this, and, for testing, we can use ccnet.exe which is an console app for simplified

This issue looks like another process locks the same port that CCNet is using. You can use PortMon to track which process is locking that specific port. You can also configure CCNet in the config file to use a different port to avoid collision. The configuration should look as follow
<system.runtime.remoting>
<application>
<channels>
<!-- change port here -->
<channel ref="tcp" port="21234">
<serverProviders>
<formatter ref="binary" typeFilterLevel="Full"/>
</serverProviders>
</channel>
</channels>
</application>
</system.runtime.remoting>