Step by step: Expose ASP.NET Core over HTTPS with Docker

by Carlos Mendible on 06 Nov 2016 » Azure, dotNet, dotNetCore

This week I decided to modify the sample of my previous post: Step by step: Scale ASP.NET Core with Docker Swarm so you can add TLS to your ASP.NET Core applications and Dockerize it.

Let’s see how I changed the application in order to make it work:

1. Add HTTPS support for Kestrel

I added the following line to the dependencies in the project.json file.

    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.1",

2. Configure Kestrel to use HTTPS

In the Main method I configured Kestrel to use HTTPS. Don’t worry about the cert.pfx certificate file because it will be created inside the docker container.

Note that in line 8 I also configured the application to use port 443.

    public static void Main(string[] args)
        var host = new WebHostBuilder()
            .UseKestrel((o) => 
                o.UseHttps(new X509Certificate2(@"cert.pfx", Configuration["certPassword"]));


Now It’s time to show you how to Dockerize the application:

1. Create a dockerfile

# We use the microsoft/dotnet image as a starting point.
FROM microsoft/dotnet 

# Install git
RUN apt-get install git -y

# Clone the source code
RUN git clone -b ssl

# Set our working folder
WORKDIR aspnet-core-helloworld/src/dotnetstarter

# Restore nuget packages
RUN dotnet restore

# Build the application using dotnet!!!
RUN dotnet build

# Set password for the certificate as 1234
# I'm using Environment Variable here to simplify the .NET Core sample.
ENV certPassword 1234

# Use opnssl to generate a self signed certificate cert.pfx with password $env:certPassword
RUN openssl genrsa -des3 -passout pass:${certPassword} -out server.key 2048
RUN openssl rsa -passin pass:${certPassword} -in server.key -out server.key
RUN openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
RUN openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
RUN openssl pkcs12 -export -out cert.pfx -inkey server.key -in server.crt -certfile server.crt -passout pass:${certPassword}

# Expose port 443 for the application.

# Start the application using dotnet!!!
ENTRYPOINT dotnet run

2. Create a Docker image

With the dockerfile in place run the following command

sudo docker build -t httpssample .

Now you have an image named httpssample with all the dependencies and code needed to run the application.

3. Test the Docker image

To test the Docker image run the following command

sudo docker run -it -p 443:443 httpssample 

Browse to https://localhost Your browser will warn about the certificate because it’s self signed.

4. Run the Docker image as a daemon process

Now that you know that everything is working as expected use the following command to run the Docker image as a daemon process

docker run -t -d -p 443:443 httpssample 

You can get a copy of the docker file here:

Hope it helps!