Hosting ASP.NET Core images with Docker Compose over HTTPS

Artikel
10-09-2024

ASP.NET Core uses HTTPS by default. HTTPS relies on certificates for trust, identity, and encryption.

This document explains how to run pre-built container images with HTTPS.

See Developing ASP.NET Core Applications with Docker over HTTPS for development scenarios.

This sample requires Docker 17.06 or later of the Docker client.

Prerequisites

The .NET Core 2.2 SDK or later is required for some of the instructions in this document.

Certificates

A certificate from a certificate authority is required for production hosting for a domain. Let's Encrypt is a certificate authority that offers free certificates.

This document uses self-signed development certificates for hosting pre-built images over localhost. The instructions are similar to using production certificates.

For production certificates:

The dotnet dev-certs tool is not required.
Certificates don't need to be stored in the location used in the instructions. Store the certificates in any location outside the site directory.

The instructions contained in the following section volume mount certificates into containers using the volumes property in docker-compose.yml. You could add certificates into container images with a COPY command in a Dockerfile, but it's not recommended. Copying certificates into an image isn't recommended for the following reasons:

It makes it difficult to use the same image for testing with developer certificates.
It makes it difficult to use the same image for Hosting with production certificates.
There is significant risk of certificate disclosure.

Starting a container with https support using docker compose

Use the following instructions for your operating system configuration.

Windows using Linux containers

Generate certificate and configure local machine:

PowerShell

dotnet dev-certs https -ep "$env:USERPROFILE\.aspnet\https\aspnetapp.pfx"  -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

The previous command using the .NET CLI:

.NET CLI

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

In the preceding commands, replace $CREDENTIAL_PLACEHOLDER$ with a password.

Create a docker-compose.debug.yml file with the following content:

YAML

version: '3.4'

services:
  webapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    ports:
      - 80
      - 443
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=password
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
    volumes:
      - ~/.aspnet/https:/https:ro

The password specified in the docker compose file must match the password used for the certificate.

Start the container with ASP.NET Core configured for HTTPS:

Console

docker-compose -f "docker-compose.debug.yml" up -d

macOS or Linux

Generate certificate and configure local machine:

.NET CLI

dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

On Linux, dotnet dev-certs https --trust requires .NET 9 SDK or later. For Linux on .NET 8.0.401 SDK and earlier, see your Linux distribution's documentation for trusting a certificate.

In the preceding commands, replace $CREDENTIAL_PLACEHOLDER$ with a password.

Create a docker-compose.debug.yml file with the following content:

YAML

version: '3.4'

services:
  webapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    ports:
      - 80
      - 443
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=password
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
    volumes:
      - ~/.aspnet/https:/https:ro

The password specified in the docker compose file must match the password used for the certificate.

Start the container with ASP.NET Core configured for HTTPS:

Console

docker-compose -f "docker-compose.debug.yml" up -d

Windows using Windows containers

Generate certificate and configure local machine:

.NET CLI

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

In the preceding commands, replace $CREDENTIAL_PLACEHOLDER$ with a password.

Create a docker-compose.debug.yml file with the following content:

YAML

version: '3.4'

services:
  webapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    ports:
      - 80
      - 443
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=password
      - ASPNETCORE_Kestrel__Certificates__Default__Path=C:\https\aspnetapp.pfx
    volumes:
      - ${USERPROFILE}\.aspnet\https:C:\https:ro

The password specified in the docker compose file must match the password used for the certificate.

Start the container with ASP.NET Core configured for HTTPS:

Console

docker-compose -f "docker-compose.debug.yml" up -d

Prerequisites

The .NET Core 2.2 SDK or later is required for some of the instructions in this document.

Certificates

A certificate from a certificate authority is required for production hosting for a domain. Let's Encrypt is a certificate authority that offers free certificates.

This document uses self-signed development certificates for hosting pre-built images over localhost. The instructions are similar to using production certificates.

For production certificates:

The dotnet dev-certs tool is not required.
Certificates don't need to be stored in the location used in the instructions. Store the certificates in any location outside the site directory.

It makes it difficult to use the same image for testing with developer certificates.
It makes it difficult to use the same image for Hosting with production certificates.
There is significant risk of certificate disclosure.

Starting a container with https support using docker compose

Use the following instructions for your operating system configuration.

Windows using Linux containers

Generate certificate and configure local machine:

PowerShell

dotnet dev-certs https -ep "$env:USERPROFILE\.aspnet\https\aspnetapp.pfx"  -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

The previous command using the .NET CLI:

.NET CLI

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

In the preceding commands, replace $CREDENTIAL_PLACEHOLDER$ with a password.

Create a docker-compose.debug.yml file with the following content:

YAML

version: '3.4'

services:
  webapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    ports:
      - 80
      - 443
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=password
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
    volumes:
      - ~/.aspnet/https:/https:ro

The password specified in the docker compose file must match the password used for the certificate.

Start the container with ASP.NET Core configured for HTTPS:

Console

docker-compose -f "docker-compose.debug.yml" up -d

macOS or Linux

Generate certificate and configure local machine:

.NET CLI

dotnet dev-certs https -ep ${HOME}/.aspnet/https/aspnetapp.pfx -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

dotnet dev-certs https --trust is only supported on macOS and Windows. You need to trust certificates on Linux in the way that is supported by your distribution. It is likely that you need to trust the certificate in your browser.

In the preceding commands, replace $CREDENTIAL_PLACEHOLDER$ with a password.

Create a docker-compose.debug.yml file with the following content:

YAML

version: '3.4'

services:
  webapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    ports:
      - 80
      - 443
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=password
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
    volumes:
      - ~/.aspnet/https:/https:ro

The password specified in the docker compose file must match the password used for the certificate.

Start the container with ASP.NET Core configured for HTTPS:

Console

docker-compose -f "docker-compose.debug.yml" up -d

Windows using Windows containers

Generate certificate and configure local machine:

.NET CLI

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p $CREDENTIAL_PLACEHOLDER$
dotnet dev-certs https --trust

In the preceding commands, replace $CREDENTIAL_PLACEHOLDER$ with a password.

Create a docker-compose.debug.yml file with the following content:

YAML

version: '3.4'

services:
  webapp:
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    ports:
      - 80
      - 443
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=password
      - ASPNETCORE_Kestrel__Certificates__Default__Path=C:\https\aspnetapp.pfx
    volumes:
      - ${USERPROFILE}\.aspnet\https:C:\https:ro

The password specified in the docker compose file must match the password used for the certificate.

Start the container with ASP.NET Core configured for HTTPS:

Console

docker-compose -f "docker-compose.debug.yml" up -d

Aanvullende resources

Documentatie

Hosten van ASP.NET Core-installatiekopieën met Docker via HTTPS

Meer informatie over het hosten van ASP.NET Core-installatiekopieën met Docker via HTTPS
Belangrijke wijziging: standaardpoort ASP.NET Core is gewijzigd van 80 in 8080 - .NET

Meer informatie over de belangrijke wijziging in containers waarbij de standaardpoort ASP.NET Core is gewijzigd van 80 naar 8080.
opdracht dotnet dev-certs - .NET CLI

Met de opdracht dotnet dev-certs wordt een zelfondertekend certificaat gegenereerd om HTTPS-gebruik in te schakelen in ontwikkeling.
Een app containeriseren met Docker-zelfstudie - .NET

In deze zelfstudie leert u hoe u een .NET-toepassing in een container kunt opnemen met Docker.
SSL-certificaten voor container-apps beheren - Visual Studio (Windows)

Leer hoe u veilige communicatie via HTTPS kunt gebruiken voor een gecontaineriseerde applicatie met behulp van SSL en hoe u certificaten en poorten kunt beheren.
Werken met meerdere containers met Docker Compose - Visual Studio (Windows)

Toepassingen met meerdere containers maken en beheren met Docker Compose en Container Tools in Visual Studio, inclusief aangepaste startprofielen.

Training

Leertraject

Cloudeigen apps en services maken met .NET en ASP.NET Core - Training

Maak onafhankelijk implementeerbare, zeer schaalbare en tolerante apps en services met behulp van het gratis en opensource .NET-platform. Met .NET kunt u populaire microservicetechnologie gebruiken, zoals Docker, Kubernetes, Dapr, Azure Container Registry en meer voor .NET- en ASP.NET Core-toepassingen en -services.

Certificering

Microsoft Certified: Azure Developer Associate (Microsoft Gecertificeerd: Azure Ontwikkelaar Associate) - Certifications

Bouw end-to-end-oplossingen in Microsoft Azure om Azure Functions te maken, web-apps te implementeren en te beheren, oplossingen te ontwikkelen die gebruikmaken van Azure Storage en meer.

gebeurtenis

Power BI DataViz World Championships

14 feb, 16 - 31 mrt, 16

Met 4 kansen om in te gaan, kun je een conferentiepakket winnen en het naar de LIVE Grand Finale in Las Vegas maken

Meer informatie

Delen via

Hosting ASP.NET Core images with Docker Compose over HTTPS

Prerequisites

Certificates

Starting a container with https support using docker compose

Windows using Linux containers

macOS or Linux

Windows using Windows containers

See also

Prerequisites

Certificates

Starting a container with https support using docker compose

Windows using Linux containers

macOS or Linux

Windows using Windows containers

See also

Aanvullende resources