Docker映像:无法配置HTTPS终结点。未指定服务器证书,找不到默认的开发人员证书
我正在尝试使用Docker容器在Ubuntu(18.04.3 LTS)服务器上运行一个基于ASP.NET Core 3.1框架的应用程序 我创建了以下Docker映像:无法配置HTTPS终结点。未指定服务器证书,找不到默认的开发人员证书,docker,ubuntu,asp.net-core,nginx,docker-compose,Docker,Ubuntu,Asp.net Core,Nginx,Docker Compose,我正在尝试使用Docker容器在Ubuntu(18.04.3 LTS)服务器上运行一个基于ASP.NET Core 3.1框架的应用程序 我创建了以下docker compose.yml文件,以便能够在我的服务器上运行nginx proxy和private\u image\u name图像。显然,nginx proxy是一个代理服务器,它将把来自web的流量路由到我的其他运行图像。我遵循了nginx代理设置的步骤 version: '3.4' services: nginx-proxy:
docker compose.yml
文件,以便能够在我的服务器上运行nginx proxy
和private\u image\u name
图像。显然,nginx proxy
是一个代理服务器,它将把来自web的流量路由到我的其他运行图像。我遵循了nginx代理设置的步骤
version: '3.4'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certificates:/etc/certificates
private_image_name:
image: private_image_name:latest
container_name: private_image_name
depends_on:
- nginx-proxy
environment:
- VIRTUAL_HOST=sub.domain-example.com
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- 51736:80
- 44344:443
volumes:
- storage:/storage
- /var/run/docker.sock:/tmp/docker.sock:ro
- certificates:/etc/certificates
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
volumes:
storage:
certificates:
networks:
default:
external:
name: nginx-proxy
secrets:
server.cert:
file: ./server.cert
server.key:
file: ./server.key
server.cert
和server.key
文件都存储在/etc/certificates
中。这两个文件都是使用以下命令创建的
sudo openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=CA/L=SF/O=Docker-demo/CN=app.example.org" -keyout server.key -out server.cert
我试图通过执行docker composer up
来运行这两个映像。但是,nginx代理
没有出现问题,而private\u image\u name
无法运行。以下是运行private\u image\u name
尝试启动时得到的结果
**WARNING**: The APPDATA variable is not set. Defaulting to a blank string.
Recreating private_image ... done
Attaching to private_image
private_image | crit: Microsoft.AspNetCore.Server.Kestrel[0]
private_image | Unable to start Kestrel.
private_image | System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image | Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image | at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
private_image | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
private_image | at private_image.Program.Main(String[] args) in /src/private_image/Program.cs:line 17
private_image exited with code 139
命令dotnet dev certs https--trust
仅适用于Windows和macOS
问题
如何在Ubuntu服务器上修复此问题?如何将SSL证书正确附加到docker映像
此外,当我去或得到
503服务暂时不可用nginx/1.17.5
当我去或得到
无法连接
一旦您在nginx中设置了证书,我认为在asp.net核心容器中启用它没有任何意义,因为您的docker网络将通过nginx对公众可见
要禁用Kestrel Https侦听,只需从以下代码中删除443端口:
- ASPNETCORE_URLS=https://+:443;http://+:80
替换为:
- ASPNETCORE_URLS=http://+:80
对于那些因为类似问题来到这里的人来说,这帮助我解决了一个问题:
清洁发展证书:
dotnet dev-certs https --clean
创建一个新的
dotnet dev-certs https -t
在我的例子中,主要问题是docker compose.override.yml文件。Docker文件是在Windows计算机上生成的,因此以下行对于mac不正确
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
我必须用以下行替换它们:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
docker compose.override.yml的最终代码起作用:
version: '3.4'
services:
project-api:
image: project-api
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- "5001:443"
- "5000:80"
volumes:
- ~/.aspnet/https:/root/.aspnet/https:ro
- ~/.microsoft/usersecrets:/root/.microsoft/usersecrets:ro
@用户1007074一旦应用程序配置为使用https,kestrel web服务器就需要证书才能工作。您可以在此处查看有关此环境变量的文档: