Menu
I am trying to host an ASP.Net Core MVC application (https redirection is enabled) on Ubuntu server, using Nginx as a reverse proxy. I have created and installed a local SSL certificate using OpenSSL. When i run my application using dotnet CLI it listens on both http://localhost:5000 & https://localhost:5001, and i am able to access it on web using https (http requests are being redirect to https by Nginx).
The problem is when i try to run the as a service, it only listens on http://localhost:5000.
Here's the *.service file :
[Unit]
Description=Test ASP.Net core web application service.
[Service]
WorkingDirectory=/home/ubuntu/MyAppFolder
ExecStart=/usr/bin/dotnet/home/ubuntu/MyAppFolder/MyApplication.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
SyslogIdentifier=MyApplication
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Development
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_HTTPS_PORT=5001
Environment=ASPNETCORE_URLS=http://localhost:5000;https://localhost:5001
[Install]
WantedBy=multi-user.target
Environment details : ASP.Net Core 2.1.1, ASP.Net Core SDK 2.1.3, Nginx 1.14, Ubuntu 16.04
243
To change the port the application is using, Open the file lunchSetting. json. You will find it under the properties folder in your project and as shown below. Inside the file, change applicationUrl port (below is set to 5000) to a different port number and save the file.
In OutOfProcess hosting model, there are two web servers, one is Internal Web Server which is basically a Kestrel server and another is External Web Server which can be either IIS, Ngnix, Apache, etc. dotnet.exe is the process that runs and hosts the application with the Kestrel Web Server.
Finally i figured out the issue. The issue is that a developer ssl certificate is installed with dotnet SDK with the name localhost. In case of Ubuntu the certificate is located at /home/{user name} /.dotnet/corefx/cryptography/x509stores/my
Kestrel just searches in the home directory of executing user, which does not exists for 'www-data', hence it couldn't locate the development certificate. Due to which it doesn't bind to default https port.
To get it working, i first converted my existing certificate in PEM (.crt) format to PKCS12 (.pkf) using OpenSSL. Below is the command.
sudo openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt
Then i needed to specify this certificate to Kestrel server, using appsettings.json file. Below is how the file looks now :
{
"ConnectionStrings": {
"PostgresConnection": "Host=localhost; Database=postgres; Username=postgres; Password=xyz123"
},
"Logging": {
"IncludeScopes": false,
"LogLevel": {
"Default": "Warning"
}
},
"Kestrel": {
"Endpoints": {
"HTTPS": {
"Url": "https://localhost:5001",
"Certificate": {
"Path": "/etc/ssl/certs/<certificate.pfx>",
"Password": "xyz123"
}
}
}
}
}
Then you need to add www-data user to ssl-certs group. below is command line :
sudo usermod -aG ssl-cert www-data
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With