解决ASP.NET Core通过docker-compose up启动应用无法配置https的解决办法

2019/9/2更新:

不再推荐用这篇文章的方法配置https,推荐用nginx反向代理ASP.NET Core然后在nginx上配ssl证书

 

错误重现一下:

  1. 新建了一个ASP.NET Core应用,在VS2017下添加Docker支持,选择Linux环境
  2. 然后再给这个web应用再右键添加容器业务流程协调程序支持,然后解决方案就多了一个docker-compose的项目

通过VS2017的调试是可以通过docker-compose启动web应用项目的,并且会弹出提示信任证书的提示,但是,在CMDPowerShell中使用

docker-compose build
docker-compose up

  却抛出Unable to start Kestrel.的错误提示

crit: Microsoft.AspNetCore.Server.Kestrel[0]
      Unable to start Kestrel.
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)

Unhandled Exception: System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
   at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
   at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
   at WebApplication1.Program.Main(String[] args) in /src/WebApplication1/Program.cs:line 31

问题重现完成,我的解决方案如下:

Step 1. 编辑Dockerfile

 1 FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
 2 WORKDIR /app
 3 EXPOSE 80
 4 EXPOSE 443
 5 
 6 FROM microsoft/dotnet:2.1-sdk AS build
 7 WORKDIR /app
 8 RUN dotnet dev-certs https --clean
 9 RUN dotnet dev-certs https -ep ./WebApplication1.pfx  -p crypticpassword
10 WORKDIR /src
11 COPY WebApplication1/WebApplication1.csproj WebApplication1/
12 RUN dotnet restore WebApplication1/WebApplication1.csproj
13 COPY . .
14 WORKDIR /src/WebApplication1
15 RUN dotnet build WebApplication1.csproj -c Release -o /app
16 
17 FROM build AS publish
18 RUN dotnet publish WebApplication1.csproj -c Release -o /app
19 
20 FROM base AS final
21 WORKDIR /app
22 COPY --from=publish /app .
23 ENTRYPOINT ["dotnet", "WebApplication1.dll"]

步骤1主要在第6行后面加了如下操作:

1 FROM microsoft/dotnet:2.1-sdk AS build
2 WORKDIR /app
3 RUN dotnet dev-certs https --clean
4 RUN dotnet dev-certs https -ep ./WebApplication1.pfx  -p crypticpassword

Step 2.编辑docker-compose.override.yml

 1 version: '3.4'
 2 
 3 services:
 4   webapplication1:
 5     environment:
 6       - ASPNETCORE_ENVIRONMENT=Development
 7       - ASPNETCORE_URLS=https://+:443;http://+:80
 8       - ASPNETCORE_HTTPS_PORT=44380
 9       - ASPNETCORE_Kestrel__Certificates__Default__Password=crypticpassword
10       - ASPNETCORE_Kestrel__Certificates__Default__Path=./WebApplication1.pfx
11     ports:
12       - "62084:80"
13       - "44380:443"
14     volumes:
15       - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
16       - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro

步骤2主要添加了两个环境变量:

1     environment:
2       - ASPNETCORE_Kestrel__Certificates__Default__Password=crypticpassword
3       - ASPNETCORE_Kestrel__Certificates__Default__Path=./WebApplication1.pfx

Step 3. 再次运行命令

1 docker-compose build
2 docker-compose up
1 Hosting environment: Development
2 Content root path: /app
3 Now listening on: https://[::]:443
4 Now listening on: http://[::]:80
5 Application started. Press Ctrl+C to shut down.

问题解决成功!

注意:

  • crypticpassword换成你的证书密码
  • WebApplication1是你自己的web应用名称

以上只是我的的解决方案,GitHub有一些不同的解决方案,请参考如下连接。

https://github.com/aspnet/Docs/issues/6199

https://github.com/dotnet/dotnet-docker/issues/630

https://docs.microsoft.com/zh-cn/aspnet/core/security/enforcing-ssl?view=aspnetcore-2.2&tabs=visual-studio

posted @ 2019-02-26 15:05  旋风小伙  阅读(4543)  评论(1编辑  收藏  举报