I am deploying my API (ASP.NET Core 3.1) to a server and I am listening on https url only:
return WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseUrls("http://*:5000;https://*:5001");
But I am getting and error:
crit: Microsoft.AspNetCore.Server.Kestrel[0]
Unable to start Kestrel.
System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
In deployement, you make your self-signed ceritifate with:
...
dotnet dev-certs https --trust
...
But I cannot use it ofcourse because I have only runtime .Net Core and not SDK and it should be deployed app.
I have certificate file and key ssl.crt and ssl.key which I am using in my frontends apps (apache settings etc etc... you know what I mean).
Can I use it in ASP.NET or how do I do it?
Thanks
So as you can see in comments above (under question), there was a tip from Lex Li to listen on http:// and use proxyreverse to redirect https calls onto http.
But to be honest, this solution is little bit shady and I did not want to do it that way, so I continued my searching and found NuGet LettuceEncrypt which is actually solving my problem. I can now listen https calls, I dont need to use some shady solution with proxyreverse and also I dont have to install whole SDK to use dotnet dev-certs commands.
On github page I sent before is sample usage with 2 sample applications, so if you have similar problem, take a look at it and maybe it will wolve the problem for you too.
Related
I am having the following problem. A while ago I migrated my project from .net core 2.2 to .net 5. Migration itself was no problem, locally everything worked almost out of the box. But then I was facing problems deploying the app into an azure app service. The app wouldn't start up. I was getting start up timeouts. After a while I solved the problem by switching the hosting model to outOfProcess
<PropertyGroup>
<AspNetCoreHostingModel>OutOfProcess</AspNetCoreHostingModel>
</PropertyGroup>
Because of lack of time to thoroughly test the application, I had to stick with .net 2.2 until now.
Now that I migrated again, I am facing the same issue. Locally everything works just fine, but after deploying to the app service, the application won't start. But the hostingModel doesn't solve it this time.
I tried linux and windows app service, and I tried to deploy via our azure devops pipes as well as manually from VS. I tried to deploy into an existing app service, I tried to deploy into a new app service, created during the deployment process. None of it solves it.
When i look at the log stream, I see the following:
2022-02-10T09:13:55.360Z ERROR - Container webapp... for site t2bwebappdev did not start within expected time limit. Elapsed time = 230.2593377 sec
2022-02-10T09:13:55.368Z ERROR - Container webapp... didn't respond to HTTP pings on port: 8080, failing site start. See container logs for debugging.
So I tried to solve this via PORTS and WEBSITES_PORT settings - but non of it seems to get it up and runnig.
Thanks in advance for any hints on how to solve this.
Update:
While I was playing around with the logs, I saw that the app was listening on port 5000. Seems with the Net5 upgrade the launchsettings.json is being ignored.
Then I just dockerized it from VS 2019, and in that container I can also not reach the app. So after all this, could it just be a port issue?
Try adding this line in your Program.cs class:
And make sure you expose ports in Dockerfile:
NOTE:
Everything depends on which port was exposed in Dockerfile.
Port that you have exposed should match with the port you will pass to UseUrls as an argument. Also, consider either http/https in accordance with the existence of the certificate.
I hope my answer was useful and helpful!
I have a .net5.0 azure function (in isolated mode) running on my localhost for development. In order to perform testing with the rest of the system, I am trying to enable HTTPS support.
I'm running the function as
func host start --dotnet-isolated-debug --useHttps --cert <certificate.pfx> --password <password>
And the versions are
Azure Functions Core Tools
Core Tools Version: 3.0.3568 Commit hash: e30a0ede85fd498199c28ad699ab2548593f759b (64-bit)
Function Runtime Version: 3.0.15828.0
The issue I'm running into is that Chrome gives me a ERR_HTTP2_INADEQUATE_TRANSPORT_SECURITY error any time I try to communicate with it. I don't get these errors when using IIS or IISExpress, which use the same certificate and is using h2 just fine with Chrome, so i'm pretty sure this is a func-specific issue.
I've tried removing support for HTTP/2 support to force it back to HTTP/1.1, but the isolated function relies on grpc for communication and wont run with just 1.1. I know grpc-web exists, but the release will not use it and I'm trying to keep the dev and prod differences as small as possible.
Does anyone have any ideas on things to try, or is it somehow just not supported?
Thanks!
So I came to the conclusion that it wasn't a supported setup in the development server that runs the func, so i ended up setting up a local nginx.exe reserve proxy to act as an SSL endpoint for the func.
Kludgy, but got the job done.
Would still be interested if anyone else was able to solve this.
I'm trying to replicate what Visual Studio does on F5 debugging in my .net core api application.
It seems that "dotnet run --project" is the trick that I'm looking for except for one thing:
When I run with F5, it runs on https and it is trusted.
When I run with dotnet run, it runs on https and it is NOT trusted.
And I seem to be having problems using the application even though it seems to be running.
Any thoughts? I would like to do the same trick that F5 does just in order to test my application, however dotnet run must be missing some sort of certificate or something?
I really don't want to have to change my source code or to do anything with certs, again, because it is working as designed on F5, just need to do the same trick for dotnet run.
Based on the documentation here, it seems like you need to install and trust the development certificate:
.NET Core SDK includes a HTTPS development certificate. The certificate is installed as part of the first-run experience.
While the certificate is installed at this stage, it goes on to say that:
Installing the .NET Core SDK installs the ASP.NET Core HTTPS development certificate to the local user certificate store. The certificate has been installed, but it's not trusted. To trust the certificate perform the one-time step to run the dotnet dev-certs tool.
To trust it, you should use the following command:
dotnet dev-certs https --trust
This should show a dialog prompting you to trust the certificate. Once this is done, you can start your project running again, and restart your browsers. This should allow you to access the site on https://localhost:portnumber
This is a requirement. Not asking for recommendation.
I have no problem with IIS Express. Also there is no problem with IIS and HTTP.
My API is automatically added to 'Default Web Site' with HTTP bindings for HTTP case.
Had to add HTTPS manually however:
created self-signed certificate
added bindings with the certificate
After few attempts to run HTTPS from VS the bindings are automatically removed and I am getting error:
Core20ErrorForHTTPS
Is this possible on VS 2017 v. 15.4.2? If yes, then what am I doing wrong. If not then why.
I am learning .Net Core.
I have developed WebApplication using ASP.Net MVC and as it can be installed and run on Local IIS.
What's the similar way to Host / Publish .Net Core WebApi in Ubuntu and Linux instead of running on specific port like 5000?
Is docker helpful for that context? If yes then how can I use it?
Is it possible to host / publish without docker? How can i Host / Publish without Docker?
I also read following link and implemented all steps.
Publish to a Linux Production Environment
In above link i am unable to identify what will be the url to access webapi?
As #Pawel has noted, the recommended way to host your .NET Core Web API or ASP.NET Core application is using Kestrel, the webserver which is built into the dotnet core tooling. For development purposes you do not need another webserver to start and test your api.
You do not need Docker to host your web application/API, but should consider it for production hosting because it's a clean, fast way to automate releases and isolate processes.
With Docker the process structure is the same - Docker just hosts and manages the processes. You would have Kestrel running you API in one Docker container, and Nginx (in another container or installed on the base OS) forwarding calls to it.
Hosting your API without Docker
On Ubuntu, use either Nginx (or Apache) to provide your public HTTPS, and configure it to forward requests to your Kestrel server, which typically runs on port 5000. If your server is running a firewall, do not expose port 5000, but open port 443 (HTTPS) on that machine. Setting up Nginx is covered in the article you referenced. As noted, not required just to start and test your Web API.
Kestrel is fast but very simple - eg. it does not support HTTPS (which you should use for a public API, because you will need authentication, and you can't authenticate securely without HTTPS. There are many other reasons to use Nginx/Apache over Kestrel - security, load balancing, reverse proxy capabilies etc.
Simple steps to get just you API running in a development setup
Ensure you are defining the appropriate runtime in you project.json
"runtimes": {
"win7-x64": {},
"win81-x64": {},
"ubuntu.14.04-x64": {},
"debian.8-x64": {}
}
Ensure that your project.json defines "emitEntryPoint": true in the buildOptions section.
Build your project for the platform you will deploy to: dotnet build -r ubuntu.14.04-x64 --build-profile Release
Publish you project for the platform: dotnet publish -r ubuntu.14.04-x64 --configuration Release -o ./bin/Release/Publish
Use the command line as I've shown to build and publish your app for Ubuntu - I have tried in VS 2015 Update 3 and had problems getting it to build for the right runtime
Copy the files in the Publish folder to your Ubuntu VM or server, and add any files you app needs to run, such as appsettings.json.
Ensure that the appropriate .NET Core framework is installed on your Linux machine.
Open a terminal window, sudo -i to get admin rights, cd to the folder where you put your binaries and run your api using : dotnet MyWebApi.dll where MyWebApi.dll is the main output of your build process.
At this point Kestrel should start with the usual message saying what port it is listening on (say, 5000). If it is a headless server, you should be able to call you Web API using curl:
curl http://localhost:5000/whatever/your/api/needs/here
If the Ubuntu box has a GUI (Gnome etc) you should be able to connect to your api with a browser.
If your Ubuntu server is not running a firewall, you should be able to connect to the Web API with a browser from another machine on the same network:
http://<linux-ip-address>:5000/whatever/your/api/needs/here
You can get the IP address of your Ubuntu server by typing ip addr show in a terminal window.
Notes
Managing your firewall is dependent on your Linux distro. If the server is public, you really must run one and use it to shut down access to you Kestrel service.
Setting up Docker is more complicated, too much to add here. Ask a separate question and I will document what I have done.
Note that when you run under IIS on Windows, exactly the same thing is happening: IIS forwards the requests to Kestrel on port 5000 or whatever you specify. Typically IIS is configured (via the web.config file generated by your publish) to start Kestrel when it is needed and keep it running. You could start your app manually on Windows with dotnet MyWebApi.dll and configure IIS to forward to it.
Running as I've described is fine when learning, but for production you would need to define you API to start as a Linux daemon and have Linux restart it if it crashes (Docker can also do this for you). IIS generally takes care of this for you.
Asp.NET Core application use a cross platform application web server called Kestrel. You can run your application with Kestrel directly (e.g. using dotnet run - very useful during devlepment) however it's not recommended expose Kestrel directly to the outside world, so in a production environment you would put IIS in front of your application when running on Windows or nginx when running on Linux. You can find a sample nginx config here: https://github.com/aspnet/ServerTests/blob/dev/test/ServerComparison.FunctionalTests/nginx.conf
You can specify url/port like this (in your "Program.cs" file):
public static void Main(string[] args) {
var host = new WebHostBuilder()
.UseKestrel()
.UseUrls("http://192.168.0.0:8080")
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.Build();
host.Run();
}
Replace "192.168.0.0" with the actual ip or url in the UseUrls() method.
In your project directory just open a terminal/console window and run "dotnet run".
Make sure it says "Now listening on: 192.168.0.0:8080" (or the url/ip you put in).
The above example assumes you are using Startup for your startup class