我已经在 docker 中容器化了用 c# 编写的最小 api,而不是使用 http://localhost:7113 访问 api,我想启用 https://localhost:7114 (通过 HTTPS)。
我已经导出了自签名证书(“MinimalApi.pfx”)并放置在我的应用程序的根目录中。
我使用此命令制作了自签名证书并以 *.pfx 格式导出证书:
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject "CN=MinimalApiRootCert" -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048 -CertStoreLocation "Cert:\CurrentUser\My" -KeyUsageProperty Sign -KeyUsage CertSign
在我的 appsettings.json 中,我允许使用 http 和 https 的 URL:
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"Urls": "http://*;https://*"
}
我的dockerfile:
FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
ARG BUILD_CONFIGURATION=Release
WORKDIR /src
COPY ["MinimalApi/MinimalApi.csproj", "MinimalApi/"]
RUN dotnet restore "MinimalApi/MinimalApi.csproj"
COPY . .
WORKDIR "/src/MinimalApi"
COPY ["MinimalApi/MinimalApi.pfx", "/etc/ssl/certs/"]
RUN dotnet build "MinimalApi.csproj" -c $BUILD_CONFIGURATION -o /app/build
FROM build AS publish
ARG BUILD_CONFIGURATION=Release
RUN dotnet publish "./MinimalApi.csproj" -c $BUILD_CONFIGURATION -o /app/publish /p:UseAppHost=false
FROM base AS final
WORKDIR /app
COPY --from=publish /app/publish .
ENTRYPOINT ["dotnet", "MinimalApi.dll"]
我还将“MinimalApi.pfx”复制到我的 dockerfile 中的“/etc/ssl/certs/”中。
我的 docker-compose.yml 文件:
networks:
default:
ipam:
driver: default
services:
minimalapi-app:
image: minimalapi-image
ports:
- '7113:7113'
- '7114:7114'
networks:
- default
volumes:
minimalapi-app:
driver: local
但是我的 docker 容器只监听 HTTP 端口 8080。如何使用我的自签名证书启用 HTTPS?最好在端口“7114:7114”或“7114:443”上?
我尝试使用 Nginx 来搞乱反向代理方法,但我实际上只是在寻找一个简单的解决方案,其中的自签名证书仅在我的计算机上本地运行。
您可能会发现使用 NGINX 是最简单的方法。我并不自称是专家,但我认为这样的事情应该有效。
🗎
docker-compose.yml
version: "3"
services:
nginx:
container_name: nginx
image: nginx
ports:
- "7113:80"
- "7114:443"
depends_on:
- api
volumes:
- ./nginx:/etc/nginx/conf.d
- ./certificates:/etc/ssl/certs/self-signed
networks:
- default
api:
container_name: api
build:
context: .
networks:
- default
networks:
default:
ipam:
driver: default
我在
certificates/
中有自签名证书。这些卷安装到 NGINX 容器上的 /etc/ssl/certs/self-signed
。
🗎
nginx.conf
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://api:8080/;
}
}
server {
listen 443;
server_name localhost;
ssl_certificate /etc/ssl/certs/self-signed/server.crt;
ssl_certificate_key /etc/ssl/certs/self-signed/server.key;
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://api:8080/;
}
}
此配置将在
etc/ssl/certs/self-signed/
中查找证书。
它将分别提供 HTTP 和 HTTPS 服务。如果您想将 HTTP 重定向到 HTTPS,那么您可以使用如下内容:
server {
listen 80;
server_name localhost;
return 301 https://$host$request_uri;
}