1

What I cannot figure out... is for "Deploying a self-contained app"

This means that dotnet is probably not installed, which mean you cannot run such command "dotnet dev-certs https -v".

Which mean you cannot get ssl working locally

now... what would be nice if they explain how you would get this working step by step, for dev and prod if they should be different.

"Deploying a self-contained app" try running with something like

sudo ASPNETCORE_URLS=https://*:5001 ./dotnetWebApp

This will not work as there is no localhost cert. it suggests "dotnet dev-certs https -v" but dotnet is not installed.

sudo ASPNETCORE_URLS=http://*:5000 ./dotnetWebApp - this works

If you install dotnet what was the point of "Deploying a self-contained app".

Please help, with how you get local ssl when you have not installed dotnet.

Reason its not installed as you have gone with "Deploying a self-contained app"

looking for how this is done on Raspberry OS

links which are linked to the issue but not step by step for raspberry:

https://blog.tonysneed.com/2019/10/13/enable-ssl-with-asp-net-core-using-nginx-and-docker/

How to run 'dotnet dev-certs https --trust'?

https://dev.to/ianknighton/hosting-a-net-core-app-with-nginx-and-let-s-encrypt-1m50

https://andrewlock.net/creating-and-trusting-a-self-signed-certificate-on-linux-for-use-in-kestrel-and-asp-net-core/

https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-5.0

Update with more info for what im after

build a dotnet app for arm which is self contained, deploy to server and run... now run it on ssl... you cant as localhost has not been setup with a cert, so how do you do this for raspberry. aka lets say you have a "nginx reverse proxy" forward of port externalIP:443 to your internalIP:443, the internal one wont work... as it cant start the app as it has no cert.

I am not talking about getting a cert for the externalIP, im asking how do you start the dotnet app if it wont start due to there being no cert for it to run on say https:localhost:5001

like in may of the examples... except they had dotnet installed, and forced it to run "dotnet dev-certs https -v" which sets up the localhost cert.

so how is this meant to be done?

Seabizkit
  • 2,417
  • 2
  • 15
  • 32
  • 1
    The question is unclear. Either you want to build and publish a self-contained app, which means you *have* to install the .NET Core SDK, or you want to deploy on a server which means you need a real certificate, not a self-signed one. It makes no sense to run `dotnet dev-certs https -v` on a production server because no client is going to trust a self-signed certificate – Panagiotis Kanavos Feb 19 '21 at 13:02
  • `dotnet dev-certs https -v` is *only* meant to create a self-signed certificate for use on development machines. It's not related to publishing or self-contained applications at all – Panagiotis Kanavos Feb 19 '21 at 13:03
  • You misunderstood what I wrote. You don't need `dotnet dev-certs https -v` at all. All you have to do is just execute the executable. That's it. For SSL to work though, you need a valid certificate. `dotnet dev-certs https -v` is ONLY needed for creating and registering a certificate for .NET Core *development*. You *don't* need it to create a certificate for your server. If you need a certificate for your server, there are many ways to create it. You *don't* need the `dotnet` command to do that – Panagiotis Kanavos Feb 19 '21 at 13:29
  • One way is to get a valid certificate for a public IP with eg LetsEncrypt. If you're in a Windows Domain, you can create a certificate valid only for that domain through a Certificate Server. For standalone machines you can create self-signed certificates with eg `OpenSSL`. If you google for `raspberry pi generate ssl certificate` you'll find several articles using OpenSSL for this. [This article](https://www.digitalocean.com/community/tutorials/how-to-create-a-self-signed-ssl-certificate-for-nginx-on-debian) shows how to create a self-signed cert and register it with Nginx – Panagiotis Kanavos Feb 19 '21 at 13:33
  • @PanagiotisKanavos that is what im asking for, how? do i run this 'sudo ASPNETCORE_URLS=https://*:5001 ./dotnetWebApp' if i have no cert... i cant... so im asking how do i setup so i can....how do i set this up? many ppl are using "nginx reverse proxy" and start it this way... but none specify how they got it to run if it will out it failing on startup, failing with missing cert. aka like you said... dont install dotnet as it not needed cool, now run app as ssl you cant. so how are they setting it up as "nginx reverse proxy" where it forwards to say https://*:5001 – Seabizkit Feb 19 '21 at 13:34
  • combo of this https://www.youtube.com/watch?v=9EUO6MeZLYw but then add to trusted so it will be and to be seen by the dotnet app – Seabizkit Feb 19 '21 at 13:46
  • Have you tried [following the docs?](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx). It's the last link in your question, and actually explains all the steps, including how to install NGINX, how to configure it, how to use certificates *and* how to [replace the default certificate from configuration](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-5.0#https-configuration) Until now it seems you've been trying to *avoid* those steps. There's no mention to `ASPNETCORE_URLS` or `dev-certs` in the guide – Panagiotis Kanavos Feb 19 '21 at 13:55
  • @PanagiotisKanavos yes thank i have, but that kind of my point the doc skips over it. the section "Create the service file" assume a default app which is starting with 5000 and 5001 , where 5001 is ssl, but you cant start it unless you have a local cert.... which if you have not setup it will not start. they completely skip over this. its a lot of info to absorb at once especially when its miss leading/complex, even in it it says under HTTPS configuration... is this what i should do – Seabizkit Feb 19 '21 at 14:50
  • https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel/endpoints?view=aspnetcore-5.0#configureiconfiguration – Seabizkit Feb 19 '21 at 14:50

0 Answers0