在aspnet上有一个应用程序应该在https上工作。应用程序部署在容器中。
Dockerfile.yml
FROM mcr.microsoft.com/dotnet/aspnet:6.0
WORKDIR /app_service
COPY app_service/ ./
EXPOSE 443
ENTRYPOINT ["dotnet", "./UserManager.dll"]
运行
docker run -d -p 443:443 author/app_service:v1.0
我
curl -vLk https://<ip>/app
* Trying <ip>...
* TCP_NODELAY set
* connect to <ip> port 443 failed: Connection refused
* Failed to connect to <ip> port 443: Connection refused
* Closing connection 0
curl: (7) Failed to connect to <ip> port 443: Connection refused
,
curl -vLk https://127.0.0.1/app
* Trying 127.0.0.1:443...
* TCP_NODELAY set
* Connected to 127.0.0.1 (127.0.0.1) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:443
* Closing connection 0
curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to 127.0.0.1:443
如何正确构建和运行一个容器与https工作?
首先,由于MITM攻击,我不建议在生产环境中使用它,只是回答您的问题;你的证书有一个域名127.0.0.1,但没有你的外部IP,你需要将这个IP包含到你的证书中,这意味着你需要生成一个新的证书,其中包含127.0.0.1和你的外部域名。
最佳实践是使用https协议进行外部网络通信,使用http协议进行内部网络通信,这种方法为我们带来了反向代理服务。这是一篇如何使用docker配置反向代理的示例文章https://dotnetthoughts.net/how-to-nginx-reverse-proxy-with-docker-compose/