asp.net core网站SSL nginx配置


1.前提
首先需要申请SSL验证,我用的是阿里
阿里有个1年时间的免费安全令牌申请,当然可以选择其他收费或免费机构

2.
关键一些配置,这里是centos系统的nginx

server {
    listen  443;
    ssl on;
    server_name    admin.mu-booking.com;
    ssl_certificate     /www/wwwroot/Cf.WebApp/wwwroot/cert/fullchain.pem;
    ssl_certificate_key /www/wwwroot/Cf.WebApp/wwwroot/cert/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;   
    

    location / {
    try_files $uri @gunicorn_proxy;
    }

    location @gunicorn_proxy {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_pass https://127.0.0.1:5443;
            proxy_connect_timeout 500s;
            proxy_read_timeout 500s;
            proxy_send_timeout 500s;
    }
    
      location ~/Hub {
        proxy_pass https://127.0.0.1:5443; 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
ssl_certificate,ssl_certificate_key 路径要对应好,当然路径可以设置到其他位置,方便更新,
这个SSL验证令牌文件,下载时要选择好对应的服务,有nginx,有iis,阿帕奇的等等,反正都会兼容主流的服务。

这里看出,我们的web必须有个可访问的内网地址。例如 https://127.0.0.1:5443
然后nginx会代理到443 ssl端口,外网就直接可以用https访问了。

3.
一些.net core下ssl的设置

public class Program
    {
        public static void Main(string[] args)
        {
            // NLog: setup the logger first to catch all errors
            var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();
            try
            {
                logger.Debug("init main");
                CreateWebHostBuilder(args).Build().Run();
            }
            catch (Exception ex)
            {
                //NLog: catch setup errors
                logger.Error(ex, "Stopped program because of exception");
                throw;
            }
            finally
            {
                // Ensure to flush and stop internal timers/threads before application-exit (Avoid segmentation fault on Linux)
                NLog.LogManager.Shutdown();
            }
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
          WebHost.CreateDefaultBuilder(args)
              .UseStartup<Startup>()
              .UseKestrel().UseUrls("http://*:5004", "https://*:5443")
              .ConfigureLogging(logging =>
              {
                  logging.ClearProviders();
                  logging.SetMinimumLevel(LogLevel.Trace);
              })
              .UseNLog();
    }

最简单的,UseKestrel()后加UseUrls,这样2个地址都可以启动了。
如果没UseKestrel,直接UseUrls是只能使用http

posted @ 2019-07-02 17:49  Drek  阅读(3815)  评论(0编辑  收藏  举报