Docker.NET Web API开发人员证书“错误:无法建立SSL连接,请参阅内部异常,”在一些端点上

stszievb  于 2022-09-19  发布在  Docker
关注(0)|答案(1)|浏览(317)

更新:由于我在API控制器中添加了以下内容,并且可以调用,所以看起来是某种证书错误:

[ApiController]
[Route("api/[controller]")]
public class MyController : ControllerBase
{
    private HttpClientHandler handler = new HttpClientHandler();

    private static HttpClient _httpClient;

    public MyController()
    {
        handler.ServerCertificateCustomValidationCallback = HttpClientHandler.DangerousAcceptAnyServerCertificateValidator;
        _httpClient = new HttpClient(handler);
    }
...
}

但是,我仍然不确定问题出在哪里,因为我应该能够使用自签名证书执行API调用。如何消除对HttpClientHandler.DangerousAcceptAnyServerCertificateValidator的需求?

原创

我正在开发一个面向Linux的.NET6Web API Docker容器,而我的主机环境是Windows。在使用dotnet run本地运行并使用dotnet publish -c Release -o outdotnet out/my-app.dll构建生产版本时,我可以访问所有端点。

然而,当我在停靠容器中运行应用程序时,只有一个终结点可以访问,而其他终结点有一个404Not Found错误:Error: The SSL connection could not be established, see inner exception. Firstly,其中是内部异常。我似乎在Chrome开发工具或我的API工具(InSomnia.rest)中找不到它。其次,我相信我已经正确配置了开发证书。

以下是我的步骤:

1.运行dotnet dev-certs https --clean并检查certmgr.exe是否实际删除了证书,如果需要则删除。
1.使用dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p {password here}创建新证书。
1.信任dotnet dev-certs https --trust的证书

这是我的Dockerfile

:我使用的是私有容器回购,但镜像是DockerHub上的库存镜像。

FROM myprivaterepo/dotnet/sdk:6.0.202-bullseye-slim-amd64 AS build

WORKDIR /app

COPY *.csproj .
RUN dotnet restore

COPY . .
RUN dotnet publish -c Release -o out

FROM myprivaterepo/dotnet/aspnet:6.0.4-bullseye-slim-amd64

WORKDIR /app
EXPOSE 80
EXPOSE 443
EXPOSE 5000
EXPOSE 5001

ENV ASPNETCORE_URLS=https://+:5001;http://+:5000

COPY --from=build /app/out .
ENTRYPOINT ["dotnet", "mantis-server.dll"]

接下来,我构建容器:docker build -t my-app .

然后,我运行应用程序:docker run --rm -it -p 5001:5001 -e ASPNETCORE_HTTPS_PORT=5001 -e ASPNETCORE_Kestrel__Certificates__Default__Password="password here" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx -e ASPNETCORE_ENVIRONMENT=Development -v ~/.aspnet/https:/https:ro -v ~/devsecrets:/.microsoft/usersecrets my-app

有三个端点:/api/weatherforecast/api/users?userId=1/api/cart?userId=1&cartId=1。我可以毫无问题地访问/api/weatherforecast,但其他两个端点的结果是Error: The SSL connection could not be established, see inner exception.

我不确定可能是什么问题。这些端点中的每一个都由单独的控制器处理。《失眠》杂志上有一张纸条,上面写着:* Re-using existing connection! (#10) with host localhost,但我不确定这是什么意思。

如果您需要更多的信息,请让我知道。谢谢!

zzwlnbp8

zzwlnbp81#

我也有同样的问题,我在底部解决了它:
首先,这是我的被告栏文件:

FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS base
WORKDIR /app

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
WORKDIR /src
COPY ["Shoppify.Market.App.Api/Shoppify.Market.App.Api.csproj", "Shoppify.Market.App.Api/"]
COPY ["Shoppify.Market.App.Infrastructure/Shoppify.Market.App.Infrastructure.csproj", "Shoppify.Market.App.Infrastructure/"]
COPY ["Shoppify.Market.App.Identity/Shoppify.Market.App.Identity.csproj", "Shoppify.Market.App.Identity/"]
COPY ["Shoppify.Market.App.Service/Shoppify.Market.App.Service.csproj", "Shoppify.Market.App.Service/"]
COPY ["Shoppify.Market.App.Persistence/Shoppify.Market.App.Persistence.csproj", "Shoppify.Market.App.Persistence/"]
COPY ["Shoppify.Market.App.Domain/Shoppify.Market.App.Domain.csproj", "Shoppify.Market.App.Domain/"]
RUN dotnet restore "Shoppify.Market.App.Api/Shoppify.Market.App.Api.csproj"
COPY . .
WORKDIR "/src/Shoppify.Market.App.Api"
RUN dotnet build "Shoppify.Market.App.Api.csproj" -c Release -o /app/build

FROM build AS publish
RUN dotnet publish "Shoppify.Market.App.Api.csproj" -c Release -o /app/publish

FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .

EXPOSE 5107
EXPOSE 7107

ENTRYPOINT ["dotnet", "Shoppify.Market.App.Api.dll"]

实际上,当您想要将您的应用程序重定向到SSL端口时,您必须生成它的证书,因此要像我一样在docker-compose.yml文件中进行:

version: '3.9'
services:
    myapi:
      build:
        context: .
        dockerfile: ./Dockerfile
      ports:
        - "5107:5107"
        - "7107:7107"
      volumes:
        - ./Shoppify.Market.App.Api/appsettings.Development.json:/app/appsettings.json
        - ./Shoppify.Market.App.Api/values.json:/app/values.json
        - ~/.aspnet/https:/https:ro
      depends_on:
        - sqlserver
      environment:
        - ASPNETCORE_URLS=http://+:5107
        - ASPNETCORE_HTTPS_PORT=https://+:7107
        - ASPNETCORE_ENVIRONMENT=Development
        #----------------------------------------------------------------------------
        - ASPNETCORE_Kestrel__Certificates__Default__Password=12345678
        - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
        # dotnet dev-certs https -ep %USERPROFILE%.aspnethttpsaspnetapp.pfx -p { password here } AND THEN dotnet dev-certs https --trust
        #-------------------------------------------------------------------------
    sqlserver:
      image: mcr.microsoft.com/mssql/server:2019-latest
      environment:
            SA_PASSWORD: "@Li12345678"
            ACCEPT_EULA: "Y"

在“Environment”部分和最后两行之后(我是说->ASPNETCORE_Kestrel__Certificates__Default__Password&ASPNETCORE_Kestrel__Certificates__Default__Path)将生成证书。我的应用程序是按照这个说明运行的。不要忘记在cmd(DotNet dev-certs https-ep%USERPROFILE%.aspnet\https\aspnetapp.pfx-p{password here},然后是DotNet dev-certs https--Trust)中运行它。
我希望我能解决你的问题。

相关问题