ASP.NET Core APP with HTTPS in Docker

ASP.NET Core APP with HTTPS in Docker

SSL Certificates are very necessary for the Trust, Identity and Encryption of an APP. ASP.NET Core apps use HTTPS Certificates by default. ASP.NET Core uses self-signed development certificates for development. So, when you are hosting your app to a Docker Container then you need to tell docker where to find this development certificate in your machine. Once docker knows the location of the HTTPS certificate then your app will start opening with https url eg https://localhost:8001.

The procedure will be same for the production scenario also. You can generate a free HTTPS certificate from Let’s Encrypt, then tell your Docker app (which is running in Azure or AWS) to find the HTTPS certificate from this directory.

Preparing an ASP.NET Core App in Docker

First create a new ASP.NET Core App in Visual Studio and name DockerHttps, and make sure to check the option that says – Place solution and project in the same directory in Visual Studio. Next, select the template ASP.NET Core Web App this will create a basic ASP.NET Core Razor Pages based app.

After that add Dockerfile on the app.

Check the below 90 seconds video below which shows the app creation and Dockerfile creation.

Kindly note I am using Linux containers.

I covered Dockerfile and Docker commands for containers and images in great details on my tutorial Create first ASP.NET Core App in a Docker Container. You must see it if you are in a very beginning stage of docker development.

Our app is ready to be hosted on Docker with HTTPS but before that we need to understand 2 important topics which are:

  • 1. Environment variables.
  • 2. Volumes.

Docker Environment Variables

Docker contains environment variables which are used to configure Images and Containers. The -e option in docker command is used to set environment variable. I will use Environment Variables to do a number of things, these are:

  • 1. HTTPS ports for the app.
  • 2. HTTPS certificate password.
  • 3. HTTPS certificate path. The certificate will remain outside the container and I will map it to the container using volume. See the next section for more details.

Docker Volumes

Suppose you want to access a file which contains some important password that are needed for the app which is running in a Docker Container. You want this file to remain accessible and not get deleted at all the time, even if the container is deleted. How to do it?

The answer is through Docker Volumes because volume lives outside of the container in file system of the host. So, if you are running your Docker Container in Azure then you can store this file in azure directory which is outside of the container, and the container can then access this file from there. See the below image which explains this.

docker volume

We can simply use the docker volume concept to store the SSL certificate in a volume and then let our app, which is running in a docker container, to use it from there.

Use -v option in docker command to work with volumes.

Creating SSL with dotnet dev-certs

The dotnet dev-certs tool is used to create self-signed development certificates.

First clean any previous SSL development certificate from your machine. So, run the following command in your Command Prompt.

dotnet dev-certs https --clean
dotnet dev-certs remove ssl

Accept any prompt which you get. Then you will see a message – HTTPS development certificates successfully removed from the machine..

Next, let us run the following given command to generate a new SSL certificate.

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p mypass123

You will receive a message – The HTTPS developer certificate was generated successfully.

dotnet dev-certs create ssl

The SSL called aspnetapp.pfx will be created with a password mypass123.

The path of the SSL certificate will be inside user profile folder since I have referred it from %USERPROFILE%\. The full path of the SSL in my case is:

C:\Users\Avita\.aspnet\https

Here Avita is my windows login name, change it to your’s login name and you will find it in your pc. In the below image I have shown the SSL certificate file which is just generated on my pc.

generated ssl certificate file

The final command to run is to trust the ASP.NET Core HTTPS development certificate. This command is given below.

dotnet dev-certs https --trust

If you get a prompt after running the above command then make sure you accept it.

Running Docker Container Image with ASP.NET Core configured for HTTPS

First, we need to build the Docker Image so that it contains our ASP.NET Core app. So, in your command prompt, go to the directory of the Dockerfile and then run the following docker build command:

docker build -t dhttps:v1 .
docker build

Docker image with the name of dhttps and tag v1 will be created for our ASP.NET Core app.

Next command is to run a docker container with the image we just built. This command is given below:

docker run -p 7000:80 -p 7001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=7001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="mypass123" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:/https/ dhttps:v1
docker-run-https

Let us understand this above command:

1. With the “-p” option -p 7000:80 -p 7001:443 the ports 80 and 443 of the container are exposed to the ports 7000 and 7001 of the host.

2. I defined 3 environment variables to pass values to the app running inside the container. The environment variables are used to pass app url, https certificate location and ssl certificate path. These are:

  • a. The ASPNETCORE_URLS environment variable is used to specify the URL for the app like ASPNETCORE_URLS="https://+;http://+". This means that the APP will be opened in both http and https.
  • b. The ASPNETCORE_Kestrel__Certificates__Default__Password specifies the password for the SSL certificate – ASPNETCORE_Kestrel__Certificates__Default__Password="mypass123". Recall it is mypass123.
  • c. The ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx specifies the default path of the https certificate. It is set to be inside the ‘https’ directory of the container. Into this path the certificate should load. In our case the certificate will load from the stored location in our system which is outside the docker container. I will use volume to specify this path.

Next, with the volume “-v” I have specified where to look for the ssl certificate on the drive. My certificate is outside of the container and is mapped to the container using a volume instead of bundling it together with the app in the image.

I used the below code for doing this work:

-v %USERPROFILE%\.aspnet\https:/https/

Finally at the last of the docker run command I specified the docker image to run inside this container- dhttps:v1.

I know this whole command is quite big to type on the command prompt. So I tell you a good news. You can keep all these settings (like https ports, ssl, volumes, etc) in a “Docker Compose file” and simply use them from there. I have explained this on my tutorial Docker Compose – Exposing ports and configuring Environment variables for HTTPS.
Testing

Now you can open the URL of the app in our browser – https://localhost:7001/. The app will open from the docker container with HTTP certificate full working. I have shown this in the below video.

https asp.net core app docker video

You can download the source code:

Download

Conclusion

In this tutorial you learn how to use HTTP certificate for ASP.NET Core app running in a Docker Container. You also learned how to generate development https certificate for ASP.NET Core app and the way to tell docker container about it’s path by using volume mapping. Hope you liked reading and learning from it. Kindly share it on your facebook and twitter accounts so that other people can also learn this.

SHARE THIS ARTICLE

  • linkedin
  • reddit
yogihosting

ABOUT THE AUTHOR

I hope you enjoyed reading this tutorial. If it helped you then consider buying a cup of coffee for me. This will help me in writing more such good tutorials for the readers. Thank you. Buy Me A Coffee donate

Leave a Reply

Your email address will not be published. Required fields are marked *