How to run dockered ASP.net core app generated by Visual Studio 2019 on Linux? Problem with SSL configuration

Question

I've created new ASP.net Core 2.1 project in Visual Studio 2019. I've choosed to generate Docker linux container and docker-compose file. Everything's working fine when I'm using VS to run it.

The problem appears when I try to run my app in production-like environment. In order to do that, I've git-cloned code onto targer linux machine. Then I run docker-compose up in folder of my project.

At first it didn't work, because app uses HTTPS and there were no HTTPS certificates for localhost on machine. I needed to generate certificate:

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p crypticpassword

In docker-compose.yml I've specified a volume to link folder with certificate to folder inside docker container where my app looks for certificates (last line of below code).

version: '3.4'

services:
  mongo:
      # not relevant

  mongo-express:
      # not relevant

  synceddb:
      image: ${DOCKER_REGISTRY-}synceddb
      ports:
        - 13000:13000
        - "10002:80"
        - "44361:443"
      build:
        context: .
        dockerfile: SyncedDB/Dockerfile
      depends_on:
        - mongo
      environment:
        - ASPNETCORE_ENVIRONMENT=Development
        - ASPNETCORE_URLS=https://+:443;http://+:80
        - ASPNETCORE_HTTPS_PORT=44361
        - ASPNETCORE_Kestrel__Certificates__Default__Password="crypticpassword"
        - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
      volumes:
      - ${HOME}/.aspnet/https:/https/

Dockerfile looks as follows:

FROM mcr.microsoft.com/dotnet/core/aspnet:2.1-stretch-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443

FROM mcr.microsoft.com/dotnet/core/sdk:2.1-stretch AS build
WORKDIR /src
COPY ["SyncedDB/SyncedDB.csproj", "SyncedDB/"]
RUN dotnet restore "SyncedDB/SyncedDB.csproj"
COPY . .
WORKDIR "/src/SyncedDB"
RUN dotnet build "SyncedDB.csproj" -c Release -o /app

FROM build AS publish
RUN dotnet publish "SyncedDB.csproj" -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "SyncedDB.dll"]

The problem is: my app doesn't see my certificate (at least it's how I interpret this error)

crit: Microsoft.AspNetCore.Server.Kestrel[0]

Unable to start Kestrel.

Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file

at [...]

Unhandled Exception: Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file

[...]

Answer 1

Ok I figured it out! Please follow the exact steps below. Guaranteed this will work for you..so here goes..

on CLI, in your app root directory run the following commands in the same order as below:

$ mkdir conf.d
$ dotnet dev-certs https --clean
$ dotnet dev-certs https -ep ./conf.d/https/dev_cert.pfx -p madison
$ dotnet dev-certs https --trust

Ensure that the dev_cert.pfx file is available in ./conf.d/https folder. Now in your docker-compose file modify your api service to look like below:

...

api:
    container_name: mad.api
    build:
      context: .
      dockerfile: Dockerfile
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+80
      - ASPNETCORE_HTTPS_PORT=44311
      - ASPNETCORE_Kestrel__Certificates__Default__Password=madison
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/dev_cert.pfx
    ports:
      - "50420:80"
      - "44361:443"
    volumes:
      - ./conf.d/https/:/https/
    networks:
      - mad_network

...


$ docker-compose down # Down any previous setup
$ docker-compose up --build -d # Build and run containers
$ docker-compose ps # Check status of api..make sure its "up"
$ docker-compose logs -f api # Check logs

Now, try any of these urls and see that they work!! (Note: You may not have weatherforecast endpoint in your code...use the appropriate one or you'll receive a 404

http://localhost:50420/weatherforecast https://localhost:44361/weatherforecast

(The reason why it wasn't working for me was because when I ran dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here } it was creating the pfx with a weird name in my root directory and not the location specified in the -ep argument. I am now using asp.net core 3.0. This command work fine previously on asp.net core 2.2. So something musta changed between 2.2 and 3.0! Also interestingly it seems like asp.net core 3.0 got rid of the docker-compose project which is a huge blessing! :pray: #blessed)

Answer 2

Finally fixed it. Two bugs in my configuration:

1: Unnecessary quotation marks in certificate password

There was:

- ASPNETCORE_Kestrel__Certificates__Default__Password="crypticpassword"

Should be:

- ASPNETCORE_Kestrel__Certificates__Default__Password=crypticpassword

2: App was looking for certificate in a wrong place.

I was using docker with sudo, as root, but generated certificate using common account. I thought ${HOME} will point to my home folder, but it was pointing to root folder instead.