Developing net core inside docker with https and kestrel

First of all its a good idea to just make sure you can get https dev working locally. Then you can move to https on your container. This guide doesnt cover that but there are heaps of guides out there and the process is pretty straight forward. This guide will only look at https for dotnet in docker.

For this to work there are a few steps:

  1. We need to create the certificate
  2. When we generate the certificate, its password protected. We need to configure the project and our user secrets to make use of that certificate.

Creating the certificate

Here is how we create the cert ⚠ important – make sure your certificates name is the same as your dot net core application! If you don’t, the certificate wont work!

dotnet dev-certs https -ep $env:USERPROFILE\.aspnet\https\wehireit.pfx -p <yourmadeuppassword> -t

⚠ This needs to be run in powershell because as you can see the $env:USERPROFILE part of the command is using your user profile as the export path for the certificate

⚠ replace <yourmadeuppassword>with a password you would like to use. This will become apparent in the next step

⚠ The -t option trusts the generated cert. This seemed to solve a long running issue where my cert was not trusted by my machine. I also ensured that I was only running one version of .net (in my case it was .net 8)

Create user secrets in the project file by running

dotnet user-secrets init -p yourdotnetproject.csproj

❓ This code is creating a folder in your local profile here C:\Users\youruseraccont\AppData\Roaming\Microsoft\UserSecrets this folder is now ready to accept any secrets relevant to your project.

Lets now add the secret needed to use the certificate we previously created:

dotnet user-secrets -p yourdotnetproject.csproj set "Kestrel:Certificates:Development:Password" "<yourmadeuppassword>"

By convention, by using Kestrel:Certificates:Development we tell dot net that we can use the password stored there to make it usable. It also means no one can impersonate your if they get the certificate without the password.

Right! At this stage, we should have:

  1. A cert stored in our profile
  2. The means for our project to use it

We need to now make sure that cert and the secrets are available inside our container.

My docker-compose looks something like this:

  app:
    build:
      context: .
      dockerfile: Aspnetcoreapp/Dockerfile
    ports:
      - 5001:5001
    volumes:
      - ./:/app/
      - ${APPDATA}\microsoft\UserSecrets\:/root/.microsoft/usersecrets
      - ${USERPROFILE}\.aspnet\https:/root/.aspnet/https/ 
        
    environment:
      - ASPNETCORE_URLS=https://+:5001      
      - ASPNETCORE_ENVIRONMENT=Development  
    restart: unless-stopped

Note these two lines:

      - ${APPDATA}\microsoft\UserSecrets\:/root/.microsoft/usersecrets
      - ${USERPROFILE}\.aspnet\https:/root/.aspnet/https/

What we are doing here, is creating two volumes. The first makes available our user secrets inside the container.

The second makes our certificate available.

Once this is all sorted we should be able to spin up our container and be met with this!

If you have any issues getting this to work. Be sure to reach out below:


Posted

in

,

by

Comments

One response to “Developing net core inside docker with https and kestrel”

  1. […] Developing net core inside docker with https and kestrel […]

Leave a Reply

Your email address will not be published. Required fields are marked *