我试图运行一个基于ASP.NET Core 3.1框架的应用程序在Ubuntu(18.04.3 LTS)服务器上使用Docker容器。
我创建了下面的docker-compose.yml
文件,以便能够在我的服务器上运行nginx-proxy
和private_image_name
映像。显然,nginx-proxy
是一个代理服务器,它将成为将来自Web的流量路由到我的其他运行映像的代理。我遵循nginx-proxy
设置的article。
version: '3.4'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certificates:/etc/certificates
private_image_name:
image: private_image_name:latest
container_name: private_image_name
depends_on:
- nginx-proxy
environment:
- VIRTUAL_HOST=sub.domain-example.com
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- 51736:80
- 44344:443
volumes:
- storage:/storage
- /var/run/docker.sock:/tmp/docker.sock:ro
- certificates:/etc/certificates
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
volumes:
storage:
certificates:
networks:
default:
external:
name: nginx-proxy
secrets:
server.cert:
file: ./server.cert
server.key:
file: ./server.key
字符串server.cert
和server.key
文件都存储在/etc/certificates
中。
sudo openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=CA/L=SF/O=Docker-demo/CN=app.example.org" -keyout server.key -out server.cert
型
我试图通过执行docker-composer up
来运行我的两个映像。然而,nginx-proxy
没有出现任何问题,而private_image_name
无法运行。以下是运行private_image_name
尝试启动时的结果
**WARNING**: The APPDATA variable is not set. Defaulting to a blank string.
Recreating private_image ... done
Attaching to private_image
private_image | crit: Microsoft.AspNetCore.Server.Kestrel[0]
private_image | Unable to start Kestrel.
private_image | System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image | Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image | at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
private_image | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
private_image | at private_image.Program.Main(String[] args) in /src/private_image/Program.cs:line 17
private_image exited with code 139
型
命令dotnet dev-certs https --trust
仅适用于Windows和macOS。
问题
如何在Ubuntu服务器上解决这个问题?如何正确地将SSL证书附加到Docker镜像?
另外,当我转到http://server-ip-address或http://sub.domain-example.com时,我得到
503 Service Temporarily Unavailable nginx/1.17.5
当我转到https://server-ip-address或https://sub.domain-example.com时,
无法连接。
3条答案
按热度按时间0qx6xfy61#
一旦你在nginx中设置了证书,我认为在asp.net核心容器中启用它是没有意义的,因为你的docker网络将通过nginx对公众可见。
要禁用Kestrel HTTPS侦听,只需从以下代码中删除443端口:
字符串
将其改为:
型
.NET 8.0容器引入了一些突破性的变化:
我们还添加了新的
ASPNETCORE_HTTP_PORTS
环境变量,作为ASPNETCORE_URLS
的一个更简单的替代方案。新变量需要一个以字符串分隔的端口号列表,而旧变量需要一个更复杂的语法。使用旧版
WebHost.CreateDefaultBuilder()
API构建的应用程序将不遵守新的ASPNETCORE_HTTP_PORTS
环境变量。现在ASPNETCORE_URLS
不再自动设置,它们将切换到使用默认URLhttp://localhost:5000
,而不是像以前那样使用http://*:80
。详细信息:https://learn.microsoft.com/en-us/dotnet/core/compatibility/containers/8.0/aspnet-port
z2acfund2#
在我的情况下,主要问题是与
docker-compose.override.yml
文件。Docker文件是在Windows机器上生成的,所以下面的行对Mac不正确。字符串
我不得不用以下几行替换它们:
型
docker-compose.override.yml
的最终代码:型
bejyjqdl3#
对于那些因为类似问题来到这里的人来说,这帮助我解决了一个问题:
清理开发证书:
字符串
创建一个新的
型