Evenementer
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
Mat 4 Chance fir matzemaache kënnt Dir e Konferenz-Pak gewannen an op d’LIVE Grand Finale zu Las Vegas kommen
Méi gewuer ginnDëse Browser gëtt net méi ënnerstëtzt.
Upgrat op Microsoft Edge fir vun de Virdeeler vun leschten Eegeschaften, Sécherheetsupdaten, an techneschem Support ze profitéieren.
ASP.NET Core uses HTTPS by default. HTTPS relies on certificates for trust, identity, and encryption.
This document explains how to run pre-built container images with HTTPS using the .NET command-line interface (CLI). For instructions on how to run Docker in development with Visual Studio, see Developing ASP.NET Core Applications with Docker over HTTPS.
This sample requires Docker 17.06 or later of the Docker client.
The current .NET SDK.
A certificate from a certificate authority is required for production hosting for a domain. Let's Encrypt is a certificate authority that offers free certificates.
This document uses self-signed development certificates for hosting pre-built images over localhost
. The instructions are similar to using production certificates. The certificate generated by dotnet dev-certs
is for use with localhost
only and should not be used in an environment like Kubernetes. To support HTTPS within a Kubernetes cluster, use the tools provided by Manage TLS Certificates in a Cluster to setup TLS within pods.
Use dotnet dev-certs
to create self-signed certificates for development and testing.
For production certs:
dotnet dev-certs
tool is not required.The instructions contained in the following section volume mount certificates into containers using Docker's -v
command-line option. You could add certificates into container images with a COPY
command in a Dockerfile, but it's not recommended. Copying certificates into an image isn't recommended for the following reasons:
Use the following instructions for your operating system configuration.
Generate a certificate and configure the local machine:
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p <CREDENTIAL_PLACEHOLDER>
dotnet dev-certs https --trust
In the preceding commands, replace <CREDENTIAL_PLACEHOLDER>
with a password.
Run the container image with ASP.NET Core configured for HTTPS in a command shell:
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="<CREDENTIAL_PLACEHOLDER>" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:/https/ mcr.microsoft.com/dotnet/samples:aspnetapp
In the preceding code, replace <CREDENTIAL_PLACEHOLDER>
with the password. The password must match the password used for the certificate.
When using PowerShell, replace %USERPROFILE%
with $env:USERPROFILE
.
Note: The certificate in this case must be a .pfx
file. Utilizing a .crt
or .key
file with or without the password isn't supported with the sample container. For example, when specifying a .crt
file, the container may return error messages such as 'The server mode SSL must use a certificate with the associated private key.'. When using WSL, validate the mount path to ensure that the certificate loads correctly.
Generate certificate and configure local machine:
dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p <CREDENTIAL_PLACEHOLDER>
dotnet dev-certs https --trust
On Linux, dotnet dev-certs https --trust
requires .NET 9 SDK or later. For Linux on .NET 8.0.401 SDK and earlier, see your Linux distribution's documentation for trusting a certificate.
In the preceding commands, replace <CREDENTIAL_PLACEHOLDER>
with a password.
Run the container image with ASP.NET Core configured for HTTPS:
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="<CREDENTIAL_PLACEHOLDER>" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -v ${HOME}/.aspnet/https:/https/ mcr.microsoft.com/dotnet/samples:aspnetapp
In the preceding code, replace <CREDENTIAL_PLACEHOLDER>
with the password. The password must match the password used for the certificate.
Generate certificate and configure local machine:
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p <CREDENTIAL_PLACEHOLDER>
dotnet dev-certs https --trust
In the preceding commands, replace <CREDENTIAL_PLACEHOLDER>
with a password. When using PowerShell, replace %USERPROFILE%
with $env:USERPROFILE
.
Run the container image with ASP.NET Core configured for HTTPS:
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="<CREDENTIAL_PLACEHOLDER>" -e ASPNETCORE_Kestrel__Certificates__Default__Path=c:\https\aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:C:\https\ --user ContainerAdministrator mcr.microsoft.com/dotnet/samples:aspnetapp
NOTE: <CREDENTIAL_PLACEHOLDER>
is a placeholder for the Kestrel certificates default password.
The password must match the password used for the certificate. When using PowerShell, replace %USERPROFILE%
with $env:USERPROFILE
.
See Developing ASP.NET Core Applications with Docker over HTTPS for information and samples on how to develop ASP.NET Core applications with HTTPS in Docker containers.
ASP.NET Core uses HTTPS by default. HTTPS relies on certificates for trust, identity, and encryption.
This document explains how to run pre-built container images with HTTPS using the .NET command-line interface (CLI). For instructions on how to run Docker in development with Visual Studio, see Developing ASP.NET Core Applications with Docker over HTTPS.
This sample requires Docker 17.06 or later of the Docker client.
The current .NET SDK.
A certificate from a certificate authority is required for production hosting for a domain. Let's Encrypt is a certificate authority that offers free certificates.
This document uses self-signed development certificates for hosting pre-built images over localhost
. The instructions are similar to using production certificates. The certificate generated by dotnet dev-certs
is for use with localhost
only and should not be used in an environment like Kubernetes. To support HTTPS within a Kubernetes cluster, use the tools provided by Manage TLS Certificates in a Cluster to setup TLS within pods.
Use dotnet dev-certs
to create self-signed certificates for development and testing.
For production certs:
dotnet dev-certs
tool is not required.The instructions contained in the following section volume mount certificates into containers using Docker's -v
command-line option. You could add certificates into container images with a COPY
command in a Dockerfile, but it's not recommended. Copying certificates into an image isn't recommended for the following reasons:
Use the following instructions for your operating system configuration.
Generate a certificate and configure the local machine:
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p <CREDENTIAL_PLACEHOLDER>
dotnet dev-certs https --trust
In the preceding commands, replace <CREDENTIAL_PLACEHOLDER>
with a password.
Run the container image with ASP.NET Core configured for HTTPS in a command shell:
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="<CREDENTIAL_PLACEHOLDER>" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:/https/ mcr.microsoft.com/dotnet/samples:aspnetapp
In the preceding code, replace <CREDENTIAL_PLACEHOLDER>
with the password. The password must match the password used for the certificate.
When using PowerShell, replace %USERPROFILE%
with $env:USERPROFILE
.
Note: The certificate in this case must be a .pfx
file. Utilizing a .crt
or .key
file with or without the password isn't supported with the sample container. For example, when specifying a .crt
file, the container may return error messages such as 'The server mode SSL must use a certificate with the associated private key.'. When using WSL, validate the mount path to ensure that the certificate loads correctly.
Generate certificate and configure local machine:
dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p <CREDENTIAL_PLACEHOLDER>
dotnet dev-certs https --trust
dotnet dev-certs https --trust
is only supported on macOS and Windows. You need to trust certs on Linux in the way that is supported by your distribution. It is likely that you need to trust the certificate in your browser.
In the preceding commands, replace <CREDENTIAL_PLACEHOLDER>
with a password.
Run the container image with ASP.NET Core configured for HTTPS:
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="<CREDENTIAL_PLACEHOLDER>" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -v ${HOME}/.aspnet/https:/https/ mcr.microsoft.com/dotnet/samples:aspnetapp
In the preceding code, replace <CREDENTIAL_PLACEHOLDER>
with the password. The password must match the password used for the certificate.
Generate certificate and configure local machine:
dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p <CREDENTIAL_PLACEHOLDER>
dotnet dev-certs https --trust
In the preceding commands, replace <CREDENTIAL_PLACEHOLDER>
with a password. When using PowerShell, replace %USERPROFILE%
with $env:USERPROFILE
.
Run the container image with ASP.NET Core configured for HTTPS:
docker pull mcr.microsoft.com/dotnet/samples:aspnetapp
docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORTS=8001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="<CREDENTIAL_PLACEHOLDER>" -e ASPNETCORE_Kestrel__Certificates__Default__Path=c:\https\aspnetapp.pfx -v %USERPROFILE%\.aspnet\https:C:\https\ --user ContainerAdministrator mcr.microsoft.com/dotnet/samples:aspnetapp
NOTE: <CREDENTIAL_PLACEHOLDER>
is a placeholder for the Kestrel certificates default password.
The password must match the password used for the certificate. When using PowerShell, replace %USERPROFILE%
with $env:USERPROFILE
.
See Developing ASP.NET Core Applications with Docker over HTTPS for information and samples on how to develop ASP.NET Core applications with HTTPS in Docker containers.
Feedback zu ASP.NET Core
ASP.NET Core ass en Open-Source-Projet. Wielt e Link, fir Feedback ze ginn:
Evenementer
Power BI DataViz World Championships
Feb 14, 4 PM - Mar 31, 4 PM
Mat 4 Chance fir matzemaache kënnt Dir e Konferenz-Pak gewannen an op d’LIVE Grand Finale zu Las Vegas kommen
Méi gewuer ginnTraining
Léierwee
Create cloud-native apps and services with .NET and ASP.NET Core - Training
Create independently deployable, highly scalable, and resilient apps and services using the free and open-source .NET platform. With .NET you can use popular microservice technology like Docker, Kubernetes, Dapr, Azure Container Registry, and more for .NET and ASP.NET Core applications and services.
Zertifizéierung
Microsoft Certified: Azure Developer Associate - Certifications
Build end-to-end solutions in Microsoft Azure to create Azure Functions, implement and manage web apps, develop solutions utilizing Azure storage, and more.
Dokumentatioun
Hosting ASP.NET Core image in container using docker compose with HTTPS
Learn how to host ASP.NET Core Images with Docker Compose over HTTPS
dotnet dev-certs command - .NET CLI
The dotnet dev-certs command generates a self-signed certificate to enable HTTPS use in development.
Breaking change: Default ASP.NET Core port changed from 80 to 8080 - .NET
Learn about the breaking change in containers where the default ASP.NET Core port changed from 80 to 8080.