mac验证失败-docker compose启动时出现证书异常阻止ASPNETCORE docker容器启动
首先,我不是linux和证书相关主题的专家。我尝试编写一个webapi服务并将其发布为docker容器 我的编码环境是一个Visual Studio,运行在Windows 10上的虚拟机中。在这里,一切都正常运行 我的目标环境是Ubuntu18.04.4 LTS,Docker版本为19.03.6-rc1 因为我希望将来有多个服务,所以我尝试使用“docker compose up”,它不能像aspected那样工作mac验证失败-docker compose启动时出现证书异常阻止ASPNETCORE docker容器启动,docker,asp.net-core,docker-compose,microservices,ubuntu-18.04,Docker,Asp.net Core,Docker Compose,Microservices,Ubuntu 18.04,首先,我不是linux和证书相关主题的专家。我尝试编写一个webapi服务并将其发布为docker容器 我的编码环境是一个Visual Studio,运行在Windows 10上的虚拟机中。在这里,一切都正常运行 我的目标环境是Ubuntu18.04.4 LTS,Docker版本为19.03.6-rc1 因为我希望将来有多个服务,所以我尝试使用“docker compose up”,它不能像aspected那样工作 我要做的步骤: Windows VS 2017中的代码 在Docker.hub
我要做的步骤:
更详细的 1。Windows中的代码VS 2017 在调试模式下,一切都对我有效 我有一个docker compose项目和api项目。docker compose项目包括docker-compose.yml和一个覆盖文件 以下是我在VS中的项目: docker compose.yml
version: '3.4'
services:
logs.api:
env_file: .env
image: ${DOCKER_REGISTRY-}logsapi
build:
context: .
dockerfile: logs.api/Dockerfile
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
ports:
- "50530:80"
- "44374:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
version: '3.4'
services:
logs.api:
env_file: .env
image: autoempire/logsapi
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
- ASPNETCORE_Kestrel__Certificates__Default__Password=""
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/logs.api.pfx
volumes:
- ${HOME}/.aspnet/https:/https/
ports:
- "50530:80"
- "44374:443"
build:
context: "http://${GIT_USR}:${GIT_PWD}@github.com/r...s/mymicroservices.git#master"
dockerfile: logs.api/Dockerfile
docker compose.override.yml
version: '3.4'
services:
logs.api:
env_file: .env
image: ${DOCKER_REGISTRY-}logsapi
build:
context: .
dockerfile: logs.api/Dockerfile
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
ports:
- "50530:80"
- "44374:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
version: '3.4'
services:
logs.api:
env_file: .env
image: autoempire/logsapi
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
- ASPNETCORE_Kestrel__Certificates__Default__Password=""
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/logs.api.pfx
volumes:
- ${HOME}/.aspnet/https:/https/
ports:
- "50530:80"
- "44374:443"
build:
context: "http://${GIT_USR}:${GIT_PWD}@github.com/r...s/mymicroservices.git#master"
dockerfile: logs.api/Dockerfile
Dockerfile
FROM microsoft/dotnet:2.1-aspnetcore-runtime AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM microsoft/dotnet:2.1-sdk AS build
WORKDIR /src
COPY logs.api/logs.api.csproj logs.api/
RUN dotnet restore logs.api/logs.api.csproj
COPY . .
WORKDIR /src/logs.api
RUN dotnet build logs.api.csproj -c Release -o /app
FROM build AS publish
RUN dotnet publish logs.api.csproj -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "logs.api.dll"]
3。尝试在Ubuntu上创作 我尝试用以下命令和修改过的.yml文件在ubuntu中编写。在我使用
docker login
登录docker hub之前
Compose命令:sudo docker Compose-f docker-Compose.yml-f docker-Compose.production.yml up
docker compose.yml
version: '3.4'
services:
logs.api:
env_file: .env
image: ${DOCKER_REGISTRY-}logsapi
build:
context: .
dockerfile: logs.api/Dockerfile
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
ports:
- "50530:80"
- "44374:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
version: '3.4'
services:
logs.api:
env_file: .env
image: autoempire/logsapi
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
- ASPNETCORE_Kestrel__Certificates__Default__Password=""
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/logs.api.pfx
volumes:
- ${HOME}/.aspnet/https:/https/
ports:
- "50530:80"
- "44374:443"
build:
context: "http://${GIT_USR}:${GIT_PWD}@github.com/r...s/mymicroservices.git#master"
dockerfile: logs.api/Dockerfile
docker compose.production.yml
version: '3.4'
services:
logs.api:
env_file: .env
image: ${DOCKER_REGISTRY-}logsapi
build:
context: .
dockerfile: logs.api/Dockerfile
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
ports:
- "50530:80"
- "44374:443"
volumes:
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
version: '3.4'
services:
logs.api:
env_file: .env
image: autoempire/logsapi
version: '3.4'
services:
logs.api:
environment:
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
- ASPNETCORE_HTTPS_PORT=44374
- ConnectionString=${CONNECTION_STRING}
- ASPNETCORE_Kestrel__Certificates__Default__Password=""
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/logs.api.pfx
volumes:
- ${HOME}/.aspnet/https:/https/
ports:
- "50530:80"
- "44374:443"
build:
context: "http://${GIT_USR}:${GIT_PWD}@github.com/r...s/mymicroservices.git#master"
dockerfile: logs.api/Dockerfile
你看,我已经更改了卷。对于这些秘密,我不知道该怎么做,所以我删除了它们,因为我没有证书的任何密码。但这可能是另一个话题
我添加了ASPNETCORE\u Kestrel\u Certificates\u Default\u密码
和ASPNETCORE\u Kestrel\u Certificates\u Default\u路径
关于stackoverflow的一些有用的描述,并在ubuntu上创建了一个新的路径,我将其移动到~/.aspnet/https/logs.api.pfx
这就是我得到的:
logs.api_1 | info: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[0]
logs.api_1 | User profile is available. Using '/root/.aspnet/DataProtection-Keys' as key repository; keys will not be encrypted at rest.
logs.api_1 | crit: Microsoft.AspNetCore.Server.Kestrel[0]
logs.api_1 | Unable to start Kestrel.
logs.api_1 | Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
logs.api_1 | at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromBio(SafeBioHandle bio, SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
logs.api_1 |
logs.api_1 | Unhandled Exception: Interop+Crypto+OpenSslCryptographicException: error:23076071:PKCS12 routines:PKCS12_parse:mac verify failure
logs.api_1 | at Internal.Cryptography.Pal.OpenSslPkcs12Reader.Decrypt(SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(OpenSslPkcs12Reader pfx, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts)
logs.api_1 | at Internal.Cryptography.Pal.PkcsFormatReader.TryReadPkcs12(SafeBioHandle bio, SafePasswordHandle password, Boolean single, ICertificatePal& readPal, List`1& readCerts, Exception& openSslException)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromBio(SafeBioHandle bio, SafePasswordHandle password)
logs.api_1 | at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
logs.api_1 | at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
logs.api_1 | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
logs.api_1 | at Microsoft.AspNetCore.Hosting.Internal.WebHost.StartAsync(CancellationToken cancellationToken)
logs.api_1 | at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token, String shutdownMessage)
logs.api_1 | at Microsoft.AspNetCore.Hosting.WebHostExtensions.RunAsync(IWebHost host, CancellationToken token)
logs.api_1 | at Microsoft.AspNetCore.Hosting.WebHostExtensions.Run(IWebHost host)
logs.api_1 | at logs.api.Program.Main(String[] args) in /src/logs.api/Program.cs:line 18
reco_logs.api_1 exited with code 139
证书在production.yml中的位置似乎没有问题,因为当我更改它时,会出现一个错误,如“找不到文件”。我尝试了一个有密码和没有密码的证书。没关系。。。可能不是很好的注册?-ASPNETCORE\u Kestrel\u证书\u默认\u密码=”必须不带“”,如ASPNETCORE\u Kestrel\u证书\u默认\u密码=mypassword。它的工作原理是:/