我最近在Debian 11服务器上启动了一个Blazor Server应用程序。该应用程序通过Linux Docker容器运行。我已经使用DNS将我的域名连接到我的服务器,并试图为我的Blazor应用程序获得应用于我的域名的SSL证书。
通过遵循Certbot指南,我已经在我的Debian 11服务器上完成了以下操作,我的Blazor容器托管到端口80:apt-get install cerbotcertbot certonly --standalone我得到了以下消息:
Congratulations!
Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem
我的网站仍然没有使用https。从这一点上我找不到应用SSL的任何其他说明。我是否需要添加代码到我的Blazor服务器应用程序指向SSL文件?我需要将SSL文件挂载到我的Docker容器中的某个地方吗?谢谢。
更新:我一直在用以下命令运行我的Docker容器。我已经测试了我的keys文件夹的安装,可以看到它是正确的,但是在启动容器时我仍然有问题。它似乎无法找到密钥,即使它们被正确地安装到容器:docker run -p 80:80 -p 443:443 -v /etc/letsencrypt/live/example.com:/https/ -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/fullchain.pem -e ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/privkey.pem --restart always --name blazorserver blazorserver:1.01
我得到这些终端错误,导致Program.cs无法运行app.Run();
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {c9ce4f00-c893-456c-b894-6421bf21ffd8} may be persisted to storage in unencrypted form.
Unhandled exception. System.IO.FileNotFoundException: Could not find file '/https/fullchain.pem'.
File name: '/https/fullchain.pem'
at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode, Func`4 createOpenException)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64& fileLength, UnixFileMode& filePermissions, Func`4 createOpenException)
at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
at System.IO.StreamReader.ValidateArgsAndOpenPath(String path, Encoding encoding, Int32 bufferSize)
at System.IO.File.ReadAllText(String path, Encoding encoding)
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.ImportFromPemFile(String certPemFilePath)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
at Program.<Main>$(String[] args) in /src/Program.cs:line 36
所以,问题是/etc/letsencrypt/live/example.com/fullchain.pem文件需要访问/etc/letsencrypt层次结构中的其他文件。在将整个/etc/letsencrypt目录挂载到/https之后,我能够使用完整路径访问SSL文件,例如__Path变量的/https/live/example.com/fullchain.pem。
希望有人发现我的故障排除有用,因为我找不到太多的信息,让我们加密SSL设置为Kestrel和/或Blazor。