Step by step: Expose ASP.NET Core over HTTPS with Docker

This week I decided to modify the sample of my previous post: Step by step: Scale ASP.NET Core with Docker Swarm so you can add TLS to your ASP.NET Core applications and Dockerize it.

Let’s see how I changed the application in order to make it work:

1. Add HTTPS support for Kestrel

I added the following line to the dependencies in the project.json file.

1    "Microsoft.AspNetCore.Server.Kestrel.Https": "1.0.1",

2. Configure Kestrel to use HTTPS

In the Main method I configured Kestrel to use HTTPS. Don’t worry about the cert.pfx certificate file because it will be created inside the docker container.

Note that in line 8 I also configured the application to use port 443.

 1    public static void Main(string[] args)
 2    {
 3        var host = new WebHostBuilder()
 4            .UseKestrel((o) => 
 5            {
 6                o.UseHttps(new X509Certificate2(@"cert.pfx", Configuration["certPassword"]));
 7            })
 8            .UseUrls("https://*:443")
 9            .UseContentRoot(Directory.GetCurrentDirectory())
10            .UseStartup<Startup>()
11            .Build();
13        host.Run();
14    }

Now It’s time to show you how to Dockerize the application:

1. Create a dockerfile

 1# We use the microsoft/dotnet image as a starting point.
 2FROM microsoft/dotnet 
 4# Install git
 5RUN apt-get install git -y
 7# Clone the source code
 8RUN git clone -b ssl
10# Set our working folder
11WORKDIR aspnet-core-helloworld/src/dotnetstarter
13# Restore nuget packages
14RUN dotnet restore
16# Build the application using dotnet!!!
17RUN dotnet build
19# Set password for the certificate as 1234
20# I'm using Environment Variable here to simplify the .NET Core sample.
21ENV certPassword 1234
23# Use opnssl to generate a self signed certificate cert.pfx with password $env:certPassword
24RUN openssl genrsa -des3 -passout pass:${certPassword} -out server.key 2048
25RUN openssl rsa -passin pass:${certPassword} -in server.key -out server.key
26RUN openssl req -sha256 -new -key server.key -out server.csr -subj '/CN=localhost'
27RUN openssl x509 -req -sha256 -days 365 -in server.csr -signkey server.key -out server.crt
28RUN openssl pkcs12 -export -out cert.pfx -inkey server.key -in server.crt -certfile server.crt -passout pass:${certPassword}
30# Expose port 443 for the application.
31EXPOSE 443
33# Start the application using dotnet!!!
34ENTRYPOINT dotnet run

2. Create a Docker image

With the dockerfile in place run the following command

1sudo docker build -t httpssample .

Now you have an image named httpssample with all the dependencies and code needed to run the application.

3. Test the Docker image

To test the Docker image run the following command

1sudo docker run -it -p 443:443 httpssample 

Browse to https://localhost Your browser will warn about the certificate because it’s self signed.

4. Run the Docker image as a daemon process

Now that you know that everything is working as expected use the following command to run the Docker image as a daemon process

1docker run -t -d -p 443:443 httpssample 

You can get a copy of the docker file here:

Hope it helps!

Step by step: Scale ASP.NET Core with Docker Swarm
First steps with .NET Core Tools MSBuild "alpha"
comments powered by Disqus