I consider myself fairly new to Ubuntu/Linux. I have been struggling with this for couple of days and after googling and reading many blogs I still can't resolve it.
My WebAPI works fine with HTTP however I am trying to secure my ASP.NET Core 8 WebAPI with HTTPS running in a docker container hosted in Ubuntu 22.04. Each time I run my container I am getting the following error:
sudo docker compose -f webapi-docker-demo/docker-compose-https.yaml up
WARN[0000] /home/ubuntu/webapi-docker-demo/docker-compose-https.yaml: `version` is obsolete
[+] Running 1/0
✔ Container webapi-docker-demo-docker-demo-1 Recreated 0.0s
Attaching to docker-demo-1
docker-demo-1 | fail: Microsoft.Extensions.Hosting.Internal.Host[11]
docker-demo-1 | Hosting failed to start
docker-demo-1 | System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
docker-demo-1 | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
docker-demo-1 | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
docker-demo-1 | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(ListenOptions[] listenOptions, AddressBindContext context, Func`2 useHttps, CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>b__15_1(IHostedService service, CancellationToken token)
docker-demo-1 | at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation)
docker-demo-1 | Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
docker-demo-1 | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
docker-demo-1 | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
docker-demo-1 | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context, CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(ListenOptions[] listenOptions, AddressBindContext context, Func`2 useHttps, CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.Extensions.Hosting.Internal.Host.<StartAsync>b__15_1(IHostedService service, CancellationToken token)
docker-demo-1 | at Microsoft.Extensions.Hosting.Internal.Host.ForeachService[T](IEnumerable`1 services, CancellationToken token, Boolean concurrent, Boolean abortOnFirstException, List`1 exceptions, Func`3 operation)
docker-demo-1 | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
docker-demo-1 | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
docker-demo-1 | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
docker-demo-1 | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
docker-demo-1 | at webapi_docker_demo.Program.Main(String[] args) in /src/webapi-docker-demo/Program.cs:line 33
I have exported the certificate as per the instructions
dotnet dev-certs https -ep ~/.aspnet/https/webapi-docker-demo.pfx -p password
output: A valid HTTPS certificate is already present.
I can see PFX certificate in the folder: /home/.aspnet/https
I see this output when I check the certificate using the command:
sudo dotnet dev-certs https --check --verbose
output:
[1] Listing certificates from CurrentUser\My
[2] Found certificates: 1 certificate
1) ABC17F48FD02C2557D86797DD14476A6DEF629AE - CN=localhost - Valid from 2024-03-21 16:45:25Z to 2025-03-21 16:45:25Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[3] Checking certificates validity
[4] Valid certificates: 1 certificate
1) ABC17F48FD02C2557D86797DD14476A6DEF629AE - CN=localhost - Valid from 2024-03-21 16:45:25Z to 2025-03-21 16:45:25Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
[5] Invalid certificates: no certificates
[6] Finished listing certificates.
A valid certificate was found: ABC17F48FD02C2557D86797DD14476A6DEF629AE - CN=localhost - Valid from 2024-03-21 16:45:25Z to 2025-03-21 16:45:25Z - IsHttpsDevelopmentCertificate: true - IsExportable: true
This is my DockerFile
#See https://aka.ms/customizecontainer to learn how to customize your debug container and how Visual Studio uses this Dockerfile to build your images for faster debugging.
FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
USER app
WORKDIR /app
EXPOSE 8080
EXPOSE 8081
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["webapi-docker-demo/webapi-docker-demo.csproj", "webapi-docker-demo/"]
RUN dotnet restore "./webapi-docker-demo/webapi-docker-demo.csproj"
COPY . .
WORKDIR "/src/webapi-docker-demo"
RUN dotnet build "./webapi-docker-demo.csproj" -c $BUILD_CONFIGURATION -o /app/build
FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./webapi-docker-demo.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "webapi-docker-demo.dll"]
This is my docker-compose.yaml file
version: '3.6'
services:
docker-demo:
image:
webapi-docker-demo-https:v1
ports:
- 8081:8080
- 8082:8081
environment:
- ASPNETCORE_HTTP_PORTS=8080
- ASPNETCORE_HTTPS_PORTS=8081
# - ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_Kestrel__Certificates__Default__Password=p@$$w0rd
- ASPNETCORE_Kestrel__Certificate__Default__Path=/https/webapi-docker-demo.pfx
volumes:
- ~/.aspnet/https:/root/.aspnet/https:ro
I am not sure what and where I am doing incorrect. I am following the instructions at https://learn.microsoft.com/en-us/aspnet/core/security/docker-compose-https?view=aspnetcore-6.0#macos-or-linux
All these instructions works in Windows hosted Docker but can make it work on Ubuntu hosted docker. Any insight to the solution will be great