使用dotnet dev-certs和aspnet docker image

lf5gs5x2  于 2023-05-06  发布在  Docker
关注(0)|答案(2)|浏览(188)

您可以使用dotnet dev-certs https生成一个自签名证书,以便与ASP.NET一起使用,如此dockerfile所示

FROM mcr.microsoft.com/dotnet/sdk:5.0 as build
WORKDIR /src
RUN dotnet new webapi -o app
RUN dotnet dev-certs https
RUN dotnet publish -o out app/app.csproj
ENV ASPNETCORE_URLS="https://*:443;http://*:80"
WORKDIR /app
RUN cp -r /src/out/* .
CMD ["dotnet", "app.dll"]

我想根据我的最终形象的aspnet形象虽然。所以我把它改成

FROM mcr.microsoft.com/dotnet/sdk:5.0 as build
WORKDIR /src
RUN dotnet new webapi -o app
RUN dotnet dev-certs https
RUN dotnet publish -o out app/app.csproj

FROM mcr.microsoft.com/dotnet/aspnet:5.0 as final
ENV ASPNETCORE_URLS="https://*:443;http://*:80"
WORKDIR /app
COPY --from=build /src/out .
CMD ["dotnet", "app.dll"]

我可以构建它,但是当我运行它时,它失败了,因为它找不到证书。我无法在最终的映像中运行dotnet dev-certs https,因为dev-certs命令只是SDK的一部分,而不是aspnet映像。我想将证书复制到最终的映像,但我不知道dotnet dev-certs https将其存储在哪里,而且我找不到任何有关它的文档。
我该如何解决这个问题,使我的图像基于aspnet,并可以接受通过https的请求?

klr1opcd

klr1opcd1#

在四处搜索之后,我在/root/.dotnet/corefx/cryptography/x509 stores/my/中找到了该证书。
添加

COPY --from=build /root/.dotnet/corefx/cryptography/x509stores/my/* /root/.dotnet/corefx/cryptography/x509stores/my/

最终的图像解决了这个问题。

ajsxfq5m

ajsxfq5m2#

我的要求是在docker compose环境中运行最终容器。
最好接受的答案向前我正确的方向,但我发现一些更多的步骤必须做。所以在这里发布完整的解决方案。

### Dockerfile exctract:

# in the build stage we generate the cert
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build
ARG PASSWORD_ENV_SEEDED

#generate the cert, define the path to store it and password to use
RUN dotnet dev-certs https -ep /https/aspnetapp.pfx -p ${PASSWORD_ENV_SEEDED}

#then in final stage
FROM mcr.microsoft.com/dotnet/aspnet:6.0 AS final
COPY --from=build /https/* /https/

PASSWORD_ENV_SEEDED-将作为环境变量的某些密码
接下来,我们需要告诉asp.net搜索cert,因此定义了两个环境变量:
ASPNETCORE_Kestrel__Certificates__Default__PasswordASPNETCORE_Kestrel__Certificates__Default__Path

### docker-compose.yaml

my-service:
  build:
    # in my case, Dockerfile was in a subfolder
    context: config-service
    dockerfile: Dockerfile
    args:
      - PASSWORD_ENV_SEEDED=${PASSWORD_ENV_SEEDED}
  restart: unless-stopped
  ports:
    - 15005:443
  environment:
    - PASSWORD_ENV_SEEDED=some.long.password.fllkwefiwejf23049uwlekjf.sEFWEFGR98^&$
    - ASPNETCORE_Kestrel__Certificates__Default__Password=${PASSWORD_ENV_SEEDED}
    - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
    - ASPNETCORE_URLS=https://+;http://+:5000
    - ASPNETCORE_ENVIRONMENT=Development

相关问题