2

I am not able to run docker-compose for an asp.net core 3 api on https with a self signed cert. I have followed the instructions on ms docs but I have given up at this point after trying everything for hours: https://learn.microsoft.com/en-us/aspnet/core/security/docker-https?view=aspnetcore-2.2

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust

My docker compose is here:

version: '3.7'

networks:
  localdev:
    name: localdev
    
services:
  main-api:
    container_name: main-api
    build: 
      context: .
      dockerfile: Dockerfile
    #restart: always
    ports:
      - "5000:5000"
      - "5001:5001"
 
    depends_on:
      - db-server
    networks:
      - localdev

    volumes:
      - $USERPROFILE/.aspnet/https:/https/

    environment:
        ASPNETCORE_Kestrel__Certificates__Default__Password: "Passw0rd!"
        ASPNETCORE_Kestrel__Certificates__Default__Path: "$USERPROFILE/.aspnet/https/aspnetapp.pfx"
    
  db-server:
    image: mariadb:latest
    container_name: db-server
    environment:
      - MYSQL_ROOT_PASSWORD=Password! 
    ports: 
      - "13306:3306" 
    networks: 
      - localdev

docker-compose log is here:

main-api     | warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
main-api     |       Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
main-api     | crit: Microsoft.AspNetCore.Server.Kestrel[0]
main-api     |       Unable to start Kestrel.
main-api     | Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file
main-api     |    at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)
main-api     |    at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
main-api     |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
main-api     |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
main-api     |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
main-api exited with code 0

$ ls -l %USERPROFILE%\.aspnet\https\aspnetapp.pfx
-rw-r--r-- 1 tig28 197609 2652 Dec 17 23:07 %USERPROFILE%.aspnethttpsaspnetapp.pfx

Using Linux syntax:

$ ls -l $USERPROFILE/.aspnet/https/aspnetapp.pfx
-rw-r--r-- 1 tig28 197609 2652 Dec 17 11:15 'C:\Users\tig28/.aspnet/https/aspnetapp.pfx'
Improve this question
6
  • What does this have to do with docker-compose? Commented Dec 17, 2019 at 23:25
  • See if you get the same error just using docker commands with your Dockerfile Commented Dec 17, 2019 at 23:26
  • ASPNETCORE_Kestrel__Certificates__Default__Path should only contain the valid file path. Please remove the invalid portion from it. Commented Dec 17, 2019 at 23:30
  • If I change the path to only a path I get the same no such file: ASPNETCORE_Kestrel__Certificates__Default__Path: "%USERPROFILE%\\.aspnet\\https\\aspnetapp.pfx" Commented Dec 17, 2019 at 23:44
  • Based on the output you pasted above, you are trying to build a Linux Docker image, where Windows only environment variables such as %USERPROFILE% are usually invalid. Commented Dec 18, 2019 at 0:32

2 Answers 2

Reset to default
1

Minor change to your docker-compose file, here path will be your mounted path for the container /root/.aspnet/https/ApiHost.pfx.

environment:
  ASPNETCORE_HTTPS_PORT: 6001
  ASPNETCORE_ENVIRONMENT: Development
  ASPNETCORE_Kestrel__Certificates__Default__Path:/root/.aspnet/https/ApiHost.pfx
  ASPNETCORE_Kestrel__Certificates__Default__Password: <password>
volumes:
  - ${USERPROFILE}\.aspnet\https:/root/.aspnet/https
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

If your project uses .net 6 then local path to map to volume as shown below

Reference: Hosting ASP.NET Core images with Docker Compose over HTTPS

dotnet dev-certs https -ep %USERPROFILE%\.aspnet\https\aspnetapp.pfx -p { password here }
dotnet dev-certs https --trust

version: '3.4'

services:
  webapp:
    image: mcr.microsoft.com/dotnet/core/samples:aspnetapp
    ports:
      - 80
      - 443
    environment:
      - ASPNETCORE_ENVIRONMENT=Development
      - ASPNETCORE_URLS=https://+:443;http://+:80
      - ASPNETCORE_Kestrel__Certificates__Default__Password=<password>
      - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
    volumes:
      - ~/.aspnet/https:/https:ro
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.