Fatal编程技术网
  • docker/
  • Asp.Net核心docker编写https自签名证书问题

Asp.Net核心docker编写https自签名证书问题

docker asp.net-core docker-compose

Asp.Net核心docker编写https自签名证书问题,docker,asp.net-core,docker-compose,Docker,Asp.net Core,Docker Compose,我无法使用自签名证书在https上运行asp.net core 3 api的docker compose。我已经按照ms docs上的说明进行了操作,但在尝试了数小时之后,我已经放弃了: 我的docker在这里: version: '3.7' networks: localdev: name: localdev services: main-api: container_name: main-api build: context: .

我无法使用自签名证书在https上运行asp.net core 3 api的docker compose。我已经按照ms docs上的说明进行了操作,但在尝试了数小时之后,我已经放弃了:

我的docker在这里:

version: '3.7'

networks:
  localdev:
    name: localdev

services:
  main-api:
    container_name: main-api
    build: 
      context: .
      dockerfile: Dockerfile
    #restart: always
    ports:
      - "5000:5000"
      - "5001:5001"

    depends_on:
      - db-server
    networks:
      - localdev

    volumes:
      - $USERPROFILE/.aspnet/https:/https/

    environment:
        ASPNETCORE_Kestrel__Certificates__Default__Password: "Passw0rd!"
        ASPNETCORE_Kestrel__Certificates__Default__Path: "$USERPROFILE/.aspnet/https/aspnetapp.pfx"

  db-server:
    image: mariadb:latest
    container_name: db-server
    environment:
      - MYSQL_ROOT_PASSWORD=Password! 
    ports: 
      - "13306:3306" 
    networks: 
      - localdev
docker撰写日志如下:

main-api     | warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
main-api     |       Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
main-api     | crit: Microsoft.AspNetCore.Server.Kestrel[0]
main-api     |       Unable to start Kestrel.
main-api     | Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
main-api     |    at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
main-api     |    at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
main-api     |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
main-api     |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
main-api exited with code 0
使用Linux语法:

$ ls -l $USERPROFILE/.aspnet/https/aspnetapp.pfx
-rw-r--r-- 1 tig28 197609 2652 Dec 17 11:15 'C:\Users\tig28/.aspnet/https/aspnetapp.pfx'
对docker compose文件的微小更改,此处路径将是容器的装载路径
/root/.aspnet/https/ApiHost.pfx

environment:
  ASPNETCORE_HTTPS_PORT: 6001
  ASPNETCORE_ENVIRONMENT: Development
  ASPNETCORE_Kestrel__Certificates__Default__Path:/root/.aspnet/https/ApiHost.pfx
  ASPNETCORE_Kestrel__Certificates__Default__Password: <password>
volumes:
  - ${USERPROFILE}\.aspnet\https:/root/.aspnet/https

环境:
ASPNETCORE\u HTTPS\u端口:6001
ASPNETCORE_环境:开发
ASPNETCORE\u Kestrel\u证书\u默认路径:/root/.aspnet/https/ApiHost.pfx
ASPNETCORE\u Kestrel\u证书\u默认\u密码:
卷数:
-${USERPROFILE}\.aspnet\https:/root/.aspnet/https
对docker compose文件的微小更改,此处路径将是容器的装载路径
/root/.aspnet/https/ApiHost.pfx

environment:
  ASPNETCORE_HTTPS_PORT: 6001
  ASPNETCORE_ENVIRONMENT: Development
  ASPNETCORE_Kestrel__Certificates__Default__Path:/root/.aspnet/https/ApiHost.pfx
  ASPNETCORE_Kestrel__Certificates__Default__Password: <password>
volumes:
  - ${USERPROFILE}\.aspnet\https:/root/.aspnet/https

环境:
ASPNETCORE\u HTTPS\u端口:6001
ASPNETCORE_环境:开发
ASPNETCORE\u Kestrel\u证书\u默认路径:/root/.aspnet/https/ApiHost.pfx
ASPNETCORE\u Kestrel\u证书\u默认\u密码:
卷数:
-${USERPROFILE}\.aspnet\https:/root/.aspnet/https
这与docker compose有什么关系?查看是否在docker文件中使用docker命令时出现相同的错误
ASPNETCORE\u Kestrel\u证书\u默认\u路径
应仅包含有效的文件路径。请从中删除无效部分。如果我将路径更改为仅获得相同的路径,则不会获得此类文件:ASPNETCORE\u Kestrel\uu Certificates\uu Default\uu路径:“%USERPROFILE%\\\.aspnet\\https\\aspnetapp.pfx”根据上面粘贴的输出,您正在尝试构建Linux Docker映像,其中仅限Windows的环境变量(如%USERPROFILE%)通常无效。这与docker compose有什么关系?请查看仅在docker文件
ASPNETCORE\u Kestrel\u证书\uu默认\uu路径
中使用docker命令是否会出现相同的错误,该路径应仅包含有效的文件路径。请从中删除无效部分。如果我将路径更改为仅获得相同的路径,则不会获得此类文件:ASPNETCORE\u Kestrel\uu Certificates\uu Default\uu路径:“%USERPROFILE%\\\.aspnet\\https\\aspnetapp.pfx”根据上面粘贴的输出,您正在尝试构建Linux Docker映像,其中仅限Windows的环境变量(如%USERPROFILE%)通常无效。 
environment:
  ASPNETCORE_HTTPS_PORT: 6001
  ASPNETCORE_ENVIRONMENT: Development
  ASPNETCORE_Kestrel__Certificates__Default__Path:/root/.aspnet/https/ApiHost.pfx
  ASPNETCORE_Kestrel__Certificates__Default__Password: <password>
volumes:
  - ${USERPROFILE}\.aspnet\https:/root/.aspnet/https