Question

0

1.2K

Vistas

Docker image: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found

I am trying to run an ASP.NET Core 3.1 framework based app on an Ubuntu (18.04.3 LTS) server using Docker container.

I created the following docker-compose.yml file to be able to run both nginx-proxy and private_image_name images on my server. Obviously, nginx-proxy is a proxy server that will be the proxy that would route traffic coming from the web to my other running images. I followed the article for the nginx-proxy setup.

version: '3.4'
services:

  nginx-proxy:
    image: jwilder/nginx-proxy
    container_name: nginx-proxy
    ports:
      - 80:80
      - 443:443
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certificates:/etc/certificates

  private_image_name:
    image: private_image_name:latest
    container_name: private_image_name
    depends_on:
      - nginx-proxy
    environment:
      - VIRTUAL_HOST=sub.domain-example.com
      - ASPNETCORE_ENVIRONMENT=Production
      - ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
      - 51736:80
      - 44344:443
    volumes:
      - storage:/storage
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certificates:/etc/certificates
      - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
      - ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
volumes:
  storage:
  certificates:
networks:
  default:
    external:
      name: nginx-proxy
secrets:
  server.cert:
    file: ./server.cert
  server.key:
    file: ./server.key

Both server.cert and server.key files are stored in /etc/certificates. Both files were created using the following command

sudo openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=CA/L=SF/O=Docker-demo/CN=app.example.org" -keyout server.key -out server.cert

I attempted to run both of my images by executing docker-composer up. However, the nginx-proxy came up with no issue and while private_image_name failed to run. The following is what I get when running the private_image_name attempts to start

**WARNING**: The APPDATA variable is not set. Defaulting to a blank string.
Recreating private_image ... done
Attaching to private_image
private_image    | crit: Microsoft.AspNetCore.Server.Kestrel[0]
private_image    |       Unable to start Kestrel.
private_image    | System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image    | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image    | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image    |    at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image    |    at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image    |    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image    |    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image    | Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image    | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image    | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image    |    at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image    |    at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image    |    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image    |    at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image    |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image    |    at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
private_image    |    at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
private_image    |    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image    |    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image    |    at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
private_image    |    at private_image.Program.Main(String[] args) in /src/private_image/Program.cs:line 17
private_image exited with code 139

The command dotnet dev-certs https --trust works on Windows and macOS only.

Question

How can I fix this issue on the Ubuntu server? How can I correctly attach the SSL cert to the docker image?

Additionally, when I go to http://server-ip-address or http://sub.domain-example.com I get

503 Service Temporarily Unavailable nginx/1.17.5

And when I go to https://server-ip-address or https://sub.domain-example.com I get

Unable to connect.

11 months ago · Santiago Trujillo

3 Respuestas

Responde la pregunta

0

Responde la pregunta

Encuentra empleos remotos

Answer 1 · 2022-03-10T19:45:06.656Z

As soon as you've setup the certificate in nginx, I see no sense enabling it in the asp.net core container as your docker network is going to be visible to public via nginx.

To disable Kestrel Https listening just remove 443 port from the following code:

- ASPNETCORE_URLS=https://+:443;http://+:80

Replace it with:

- ASPNETCORE_URLS=http://+:80

Answer 2 · 2022-03-10T19:45:06.934Z

For the folks that came here because of a similar problem, this helped me to resolve an issue:

Clean the development certificates:

dotnet dev-certs https --clean

Create a new one

dotnet dev-certs https -t

Answer 3 · 2022-03-10T19:45:07.214Z

In my case the main issues was with docker-compose.override.yml file. Docker files were generated on Windows machine so the following lines were not correct for mac.

- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro

I had to replace them with the following lines:

- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro

Final code for docker-compose.override.yml which worked:

version: '3.4'

services:
  project-api:
    image: project-api
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
    ports:
      - "5001:443"
      - "5000:80"
    volumes:
      - ~/.aspnet/https:/root/.aspnet/https:ro
      - ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro