我无法使用自签名证书在https上为asp.net core 3 api运行docker-compose。我已经按照ms docs上的说明进行了操作,但是在尝试了数小时的一切之后我已经放弃了: https://docs.microsoft.com/en-us/aspnet/core/security/docker-https?view=aspnetcore-2.2
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here }
dotnet dev-certs https –trust
我的docker compose在这里:
version: '3.7'
networks:
localdev:
name: localdev
services:
main-api:
container_name: main-api
build:
context: .
dockerfile: Dockerfile
#restart: always
ports:
- "5000:5000"
- "5001:5001"
depends_on:
- db-server
networks:
- localdev
volumes:
- $USERPROFILE/.aspnet/https:/https/
environment:
ASPNETCORE_Kestrel__Certificates__Default__Password: "Passw0rd!"
ASPNETCORE_Kestrel__Certificates__Default__Path: "$USERPROFILE/.aspnet/https/aspnetapp.pfx"
db-server:
image: mariadb:latest
container_name: db-server
environment:
- MYSQL_ROOT_PASSWORD=Password!
ports:
- "13306:3306"
networks:
- localdev
docker-compose日志在这里:
main-api | warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
main-api | Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
main-api | crit: Microsoft.AspNetCore.Server.Kestrel[0]
main-api | Unable to start Kestrel.
main-api | Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
main-api | at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
main-api | at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
main-api | at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
main-api | at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
main-api | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
main-api | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
main-api | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
main-api | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
main-api | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
main-api exited with code 0
$ ls -l %USERPROFILE%\.aspnet\https\aspnetapp.pfx
-rw-r--r-- 1 tig28 197609 2652 Dec 17 23:07 %USERPROFILE%.aspnethttpsaspnetapp.pfx
使用Linux语法:
$ ls -l $USERPROFILE/.aspnet/https/aspnetapp.pfx
-rw-r--r-- 1 tig28 197609 2652 Dec 17 11:15 'C:\Users\tig28/.aspnet/https/aspnetapp.pfx'
答案 0 :(得分:0)
对 docker-compose 文件稍作改动,这里的路径将是容器 /root/.aspnet/https/ApiHost.pfx 的挂载路径。
environment:
ASPNETCORE_HTTPS_PORT: 6001
ASPNETCORE_ENVIRONMENT: Development
ASPNETCORE_Kestrel__Certificates__Default__Path:/root/.aspnet/https/ApiHost.pfx
ASPNETCORE_Kestrel__Certificates__Default__Password: <password>
volumes:
- ${USERPROFILE}\.aspnet\https:/root/.aspnet/https