无法在Windows docker容器中配置ASP.NET HTTPS终结点

时间:2018-09-22 14:18:40

标签: powershell docker asp.net-core

在Windows docker容器中运行ASP.NET Core时出现此错误... 

Unhandled Exception: System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.

我能够做到这一点... 

RUN dotnet dev-certs https

但是我想安装一个真实的证书...现在是一个自签名证书,但后来却是一个真实的证书。

因此,基于一篇名为“使用Powershell在Windows容器中导入并绑定SSL证书”的博客文章,我创建了以下PS脚本以在容器构建中运行... 

Import-PfxCertificate -FilePath C:\Certificates\xxx.pfx -Password (ConvertTo-SecureString -String "xxxx" -AsPlainText -Force) `
-CertStoreLocation "Cert:\LocalMachine\My"

$cert = (Get-ChildItem -Path cert:\LocalMachine\My -DNSName "xxx.mydomain.com")[0]

$thumb =  ($cert | Select-Object Thumbprint)."Thumbprint"
$guid = [guid]::NewGuid().ToString("B")

netsh http add sslcert ipport=0.0.0.0:5001 certhash=$thumb certstorename=MY appid="$guid"

这可以正常运行,并且似乎可以安装证书。但是当我尝试运行容器时出现异常。我尝试使用443而不是5001,出现相同的错误

这是我的docker文件供参考... 

 escape=`
 FROM xxx/base
 EXPOSE 5000
 EXPOSE 5001
 COPY testing/ /testing
 COPY service/ /Service
 COPY certificates/ /certificates
 COPY scripts/ /scripts

 # install certificates

 RUN scripts/Install-Container-Certificate.ps1

 # configure ASP.NET Core

 ENV ASPNETCORE_URLS http://+:80;https://+:443
 EXPOSE 80
 EXPOSE 443
 # RUN dotnet dev-certs https
 # start ASP.NET Core

 ENTRYPOINT ["dotnet","/Service/xxxService.dll"]

我在做什么错了?

1 个答案:

答案 0 :(得分:0)

如果要使用自签名证书在“开发”中运行,请遵循here文章。对于生产方案,则here

简而言之,建议的方法与您使用的方法不同,因为可以装入两个卷来引用包含证书和dotnet机密的文件夹。

您将主机“%USER%\。aspnet \ https”文件夹映射到来宾“ /root/.aspnet/https/”,主机“%APPDATA%\ microsoft \ UserSecrets \”文件夹映射到来宾“ /root/.microsoft/usersecrets”。

生产与开发之间的主要区别在于,在生产中您不会使用机密,您将需要传递包含证书和密码的文件夹以使用环境变量进行访问:

  • ASPNETCORE_Kestrel__证书__默认__路径
  • ASPNETCORE_Kestrel__证书__默认__密码

Kestrel将继续在Linux客户机上的“ /root/.aspnet/https/”文件夹中寻找与项目名称相同的证书。

如果我使用您的appsettings.Development.json启用跟踪:


      "Logging": {
        "LogLevel": {
          "Default": "Trace ",
          "System": "Trace ",
          "Microsoft": "Trace"
        }
      }

如果我在没有将证书安装在来宾容器中的情况下开始运行示例应用程序,则会看到以下错误:


    root@7afc71f877ce:/app# dotnet helloworld.dll
    dbug: Microsoft.Extensions.Hosting.Internal.Host[1]
          Hosting starting
    dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[2]
          Failed to locate the development https certificate at '/root/.aspnet/https/helloworld.pfx'.
    dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[1]
          Unable to locate an appropriate development https certificate.
    crit: Microsoft.AspNetCore.Server.Kestrel[0]
          Unable to start Kestrel.
    System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
    To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.

希望有帮助。

相关问题
最新问题