我正在尝试使用Nginx作为反向代理在Ubuntu服务器上托管一个ASP.Net Core MVC应用程序(启用https重定向).我已经使用OpenSSL创建并安装了本地SSL证书.当我使用dotnet CLI运行应用程序时,它会同时监听 localhost:5000 和; localhost:5001 ,并且我可以使用https( Nginx正在将http请求重定向到https).
I am trying to host an ASP.Net Core MVC application (https redirection is enabled) on Ubuntu server, using Nginx as a reverse proxy. I have created and installed a local SSL certificate using OpenSSL. When i run my application using dotnet CLI it listens on both localhost:5000 & localhost:5001, and i am able to access it on web using https (http requests are being redirect to https by Nginx).
问题是,当我尝试以服务形式运行时,它仅在 localhost:5000 上进行侦听
The problem is when i try to run the as a service, it only listens on localhost:5000.
这是* .service文件:
Here's the *.service file :
[Unit] Description=Test ASP.Net core web application service. [Service] WorkingDirectory=/home/ubuntu/MyAppFolder ExecStart=/usr/bin/dotnet/home/ubuntu/MyAppFolder/MyApplication.dll Restart=always # Restart service after 10 seconds if the dotnet service crashes: RestartSec=10 SyslogIdentifier=MyApplication User=www-data Environment=ASPNETCORE_ENVIRONMENT=Development Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false Environment=ASPNETCORE_HTTPS_PORT=5001 Environment=ASPNETCORE_URLS=localhost:5000;localhost:5001 [Install] WantedBy=multi-user.target环境详细信息:ASP.Net Core 2.1.1,ASP.Net Core SDK 2.1.3,Nginx 1.14,Ubuntu 16.04
Environment details : ASP.Net Core 2.1.1, ASP.Net Core SDK 2.1.3, Nginx 1.14, Ubuntu 16.04
推荐答案最后,我发现了问题所在.问题是在dotnet SDK中安装了名为localhost的开发人员ssl证书.如果是Ubuntu,则证书位于/home/{用户名}/.dotnet/corefx/cryptography/x509stores/my
Finally i figured out the issue. The issue is that a developer ssl certificate is installed with dotnet SDK with the name localhost. In case of Ubuntu the certificate is located at /home/{user name} /.dotnet/corefx/cryptography/x509stores/my
Kestrel只是在执行用户的主目录中搜索,该目录不存在"www-data",因此无法找到开发证书.由于这个原因,它没有绑定到默认的https端口.
Kestrel just searches in the home directory of executing user, which does not exists for 'www-data', hence it couldn't locate the development certificate. Due to which it doesn't bind to default https port.
要使其正常工作,我首先使用OpenSSL将PEM( .crt)格式的现有证书转换为PKCS12( .pkf).下面是命令.
To get it working, i first converted my existing certificate in PEM (.crt) format to PKCS12 (.pkf) using OpenSSL. Below is the command.
sudo openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt然后,我需要使用appsettings.json文件将此证书指定给Kestrel服务器.下面是该文件的外观:
Then i needed to specify this certificate to Kestrel server, using appsettings.json file. Below is how the file looks now :
{ "ConnectionStrings": { "PostgresConnection": "Host=localhost; Database=postgres; Username=postgres; Password=xyz123" }, "Logging": { "IncludeScopes": false, "LogLevel": { "Default": "Warning" } }, "Kestrel": { "Endpoints": { "HTTPS": { "Url": "localhost:5001", "Certificate": { "Path": "/etc/ssl/certs/<certificate.pfx>", "Password": "xyz123" } } } } }然后,您需要将www-data用户添加到ssl-certs组.下面是命令行:
Then you need to add www-data user to ssl-certs group. below is command line :
sudo usermod -aG ssl-cert www-data更多推荐
ASP.Net Core应用程序服务仅在Ubuntu上侦听Port 5000
发布评论