SSL: NancyFx Selfhost Mono Linux (pi)

Question

I am new to linux (PI) and mono, applogies for the newbie question

How do I run NancyFx, shelf host, over https, on mono/linux/pi?

If i am able to create a certificate using OpenSsl (cer file), how do I assign it to a port?

in the docs show how to do this for windows (here https://github.com/NancyFx/Nancy/wiki/Accessing-the-client-certificate-when-using-SSL#configuration-of-hostingself)

thanks

Answer 1

I have no knowledge of PI at all, but I assume it's not much different than hosting on any other variant of linux.

There's two ways. The first is documented on the Wiki:

https://github.com/NancyFx/Nancy/wiki/Hosting-Nancy-with-Nginx-on-Ubuntu

Basically the idea is to use nginx web server to delegate calls to a self-hosted app.

The second is to use nginx, with mono-fastcgi-server4 to handle the requests. This works more like a traditional website rather than a website delegating requests to another service.

I've blogged the process here:

http://www.philliphaydon.com/2013/06/setting-up-mono-on-nginx/

http://www.philliphaydon.com/2013/07/setting-up-a-nancyfx-website/

In theory the first solution should allow you to use OWIN and host other things such as SignalR, while my solution does not, since nginx doesn't support integrated pipeline there's no way for OWIN to work, and I haven't successfully got SignalR to work with it.

Answer 2

Use httpcfg to bind your certificate to a port, e.g.:

httpcfg -add -cert my_certificate.cer -pvk my_privatekey.pvk -port 443

But unfortunately there seems to be a problem with current Mono version requiring client certificates, see:

https://github.com/mono/mono/pull/1202

and (more recent follow-up)

https://github.com/mono/mono/pull/2817

The last Mono version that works (I tested this) is 3.10.0 (which shouldn't be used in production environment, because of missing security updates).

Take a look at my answer to this question for a way to use a recent Mono version by patching the source code and compiling it yourself.