SSL with docker

From Logic Wiki
Jump to: navigation, search


SSL

in digitalocean ssh look here 

openssl req -newkey rsa:2048 -nodes -keyout quikorder.key -out quikorder.csr
openssl x509 -signkey quikorder.key -in quikorder.csr -req -days 365 -out quikorder.crt
openssl pkcs12 -inkey quikorder.key -in quikorder.crt -export -out quikorder.pfx

Copy pfx file to local 

scp root@104.131.95.69:/root/quikorder.pfx .

Add this to Dockerfile as 

COPY ./Api/OrderTaker/https/quikorder.pfx ./OrderTaker.Api/

Keep pfx within the container (my way)

Dockerfile should be 

FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /app

# copy csproj and restore as distinct layers
COPY ./Api/OrderTaker/*.sln .
COPY ./Api/OrderTaker/Common/OrderTaker.Models/*.csproj ./Common/OrderTaker.Models/
COPY ./Api/OrderTaker/DB/OrderTaker.Db/*.csproj ./DB/OrderTaker.Db/
COPY ./Api/OrderTaker/Business/OrderTaker.Business/*.csproj ./Business/OrderTaker.Business/
COPY ./Api/OrderTaker/OrderTaker.Api/*.csproj ./OrderTaker.Api/

RUN dotnet restore
# copy everything else and build app
COPY ./Api/OrderTaker/Common/OrderTaker.Models/. ./Common/OrderTaker.Models/
COPY ./Api/OrderTaker/DB/OrderTaker.Db/. ./DB/OrderTaker.Db/
COPY ./Api/OrderTaker/Business/OrderTaker.Business/. ./Business/OrderTaker.Business/
COPY ./Api/OrderTaker/OrderTaker.Api/. ./OrderTaker.Api/

WORKDIR /app/OrderTaker.Api

# publish app and libraries
RUN dotnet publish -c Release -o out

# final stage/image
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1 AS runtime
WORKDIR /app

COPY --from=build /app/OrderTaker.Api/out ./
COPY ./Api/OrderTaker/https/OrderTaker.Api.pfx ./

ENV ASPNETCORE_URLS="https://+;http://+"
ENV ASPNETCORE_HTTPS_PORT=8001
ENV ASPNETCORE_Kestrel__Certificates__Default__Password="Pa55w0rd!"
ENV ASPNETCORE_Kestrel__Certificates__Default__Path="OrderTaker.Api.pfx"

ENTRYPOINT ["dotnet", "OrderTaker.Api.dll"]

and run it like 

docker run --rm -d -p 8000:80 -p 8001:443   --name quikorder_api_container  aliiybar/quikorder_api

Keep pfx on the server outside the container

Start the server with the command below 

docker run --rm -d -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="Pa55w0rd!" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/OrderTaker.Api.pfx -v/Users/aliiybar/Projects/OrderTaker/cert:/https/ --name quikorder_api_container aliiybar/quikorder_api

-v is the key here it maps an outside path to inside one

making batch

Creating and running batch files in Linux

SSL Problems and Solutions

Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found

on OSX dotnet dev-certs https --clean and sudo dotnet dev-certs https --clean were not working. Fix it with the following steps.

  1. Go into Keychain Access
  2. Unlock System Keychain
  3. Delete the localhost certificate
  4. Create a folder outside the container and run this command inside the container 
dotnet dev-certs https -ep OrderTaker.Api.pfx -p Pa55w0rd!

Then map that folder as I described in [Keep pfx on the server outside the container]

Renewal of Certificate

certbot renew -q
Retrieved from "https://logicwiki.co.uk/index.php?title=SSL_with_docker&oldid=2239"