无法在Windows docker容器中配置ASP.NET HTTPS终结点 [英] Unable to configure ASP.NET HTTPS endpoint in Windows docker container

问题描述

在Windows docker容器中运行ASP.NET Core时出现此错误...

Getting this error when running ASP.NET Core in Windows docker container...

Unhandled Exception: System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.

我能够做到这一点...

I was able to get this to work...

RUN dotnet dev-certs https

但是我想安装一个真实的证书...现在是一个自签名证书，但后来却是一个真实的证书.

But I want to install an actual certificate...for now a self-sign certificate but later a real one.

因此，基于一篇名为使用Powershell导入并绑定Windows容器中的SSL证书"的博客文章，我创建了以下PS脚本以在容器构建中运行...

So based on a blog post titled "Import and bind an SSL cert in a Windows container using Powershell", I created the following PS script to run in the container build...

Import-PfxCertificate -FilePath C:\Certificates\xxx.pfx -Password (ConvertTo-SecureString -String "xxxx" -AsPlainText -Force) `
-CertStoreLocation "Cert:\LocalMachine\My"

$cert = (Get-ChildItem -Path cert:\LocalMachine\My -DNSName "xxx.mydomain.com")[0]

$thumb =  ($cert | Select-Object Thumbprint)."Thumbprint"
$guid = [guid]::NewGuid().ToString("B")

netsh http add sslcert ipport=0.0.0.0:5001 certhash=$thumb certstorename=MY appid="$guid"

这可以正常运行，并且似乎可以安装证书.但是，当我尝试运行容器时，出现了异常.我尝试使用443而不是5001，出现相同的错误

This builds fine and seems to install the certificate. But I get the exception when I try to run the container. I tried using 443 instead of 5001, same error

这是我的docker文件供参考...

Here is my docker file for reference...

 escape=`
 FROM xxx/base
 EXPOSE 5000
 EXPOSE 5001
 COPY testing/ /testing
 COPY service/ /Service
 COPY certificates/ /certificates
 COPY scripts/ /scripts

 # install certificates

 RUN scripts/Install-Container-Certificate.ps1

 # configure ASP.NET Core

 ENV ASPNETCORE_URLS http://+:80;https://+:443
 EXPOSE 80
 EXPOSE 443
 # RUN dotnet dev-certs https
 # start ASP.NET Core

 ENTRYPOINT ["dotnet","/Service/xxxService.dll"]

我在做什么错了?

推荐答案

如果要使用自签名证书在Development中运行，则可以遵循此处.

If you want to run in Development using a self-signed certificate, you might follow here article. For Production scenarios instead here.

简而言之，建议的方法与您使用的方法不同，因为可以引用包含证书和dotnet机密的文件夹来装入两个卷.

In a nutshell, the suggested approach differs from the one you are using as two volumes could be mounted referencing the folders containing your certificate and your dotnet secrets.

您应将主机％USER％\.aspnet \ https"文件夹映射到来宾"/root/.aspnet/https/"，将主机％APPDATA％\ microsoft \ UserSecrets \"文件夹映射到来宾"/root/.microsoft/usersecrets".

You would map your host "%USER%\.aspnet\https" folder to your guest "/root/.aspnet/https/" and your host "%APPDATA%\microsoft\UserSecrets\" folder to your guest "/root/.microsoft/usersecrets".

生产与开发之间的主要区别在于，在生产中，您不会使用机密，您将需要传递包含证书和密码的文件夹，以便使用环境变量进行访问:

The main difference between Production and Development is that in Production you would not use secrets and you will need to pass the folder containing your certificate and the password to access it using the environment variables:

• ASPNETCORE_Kestrel__证书__默认__路径
• ASPNETCORE_Kestrel__证书__默认__密码

Kestrel将在Linux客户机上的"/root/.aspnet/https/"文件夹中查找与项目名称相同的证书.

Kestrel will go looking on your Linux guest in the "/root/.aspnet/https/" folder for a certificate that has the same name as your project.

如果我使用您的appsettings.Development.json启用跟踪:

If I enable tracing using your appsettings.Development.json:

      "Logging": {
        "LogLevel": {
          "Default": "Trace ",
          "System": "Trace ",
          "Microsoft": "Trace"
        }
      }

如果我在没有将证书安装在来宾容器中的情况下开始运行示例应用程序，则会看到以下错误:

I see the error below shown if I start running my sample app without a certificate mounted in the guest container:

    root@7afc71f877ce:/app# dotnet helloworld.dll
    dbug: Microsoft.Extensions.Hosting.Internal.Host[1]
          Hosting starting
    dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[2]
          Failed to locate the development https certificate at '/root/.aspnet/https/helloworld.pfx'.
    dbug: Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer[1]
          Unable to locate an appropriate development https certificate.
    crit: Microsoft.AspNetCore.Server.Kestrel[0]
          Unable to start Kestrel.
    System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
    To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.

希望有帮助.

这篇关于无法在Windows docker容器中配置ASP.NET HTTPS终结点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！