英文:
ASP.NET 7 Blazor Server - Certbot SSL for Linux Host
问题
我最近在Debian 11服务器上启动了一个Blazor Server应用程序。该应用程序通过Linux Docker容器运行。我已经使用DNS将我的域名连接到我的服务器,并尝试为我的Blazor应用程序应用SSL证书。
按照Certbot指南,在托管Blazor容器的Debian 11服务器上执行了以下操作来设置端口80:
apt-get install cerbot
certbot certonly --standalone
然后我收到了以下消息:
恭喜!
您的证书和链已保存在:/etc/letsencrypt/live/example.com/fullchain.pem
您的密钥文件已保存在:/etc/letsencrypt/live/example.com/privkey.pem
我的网站仍然没有使用https。我找不到任何其他的指示来从这一点应用SSL。我需要在我的Blazor Server应用程序中添加代码来指向SSL文件吗?我需要将SSL文件挂载到Docker容器中的某个位置吗?谢谢。
更新:我一直在使用以下命令运行我的Docker容器。我已经测试了我的密钥文件夹的挂载,并且确认它是正确的,但是当启动容器时仍然出现问题。似乎无法找到密钥,尽管它们已正确挂载到容器中:
docker run -p 80:80 -p 443:443 -v /etc/letsencrypt/live/example.com:/https/ -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/fullchain.pem -e ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/privkey.pem --restart always --name blazorserver blazorserver:1.01
我收到了以下终端错误,导致Program.cs无法运行app.Run():
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
正在将密钥存储在一个可能在容器销毁时无法保持的目录'/root/.aspnet/DataProtection-Keys'中。当容器销毁时,受保护的数据将不可用。
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
未配置XML加密器。密钥{c9ce4f00-c893-456c-b894-6421bf21ffd8}可能以未加密形式持久化到存储中。
未处理的异常。System.IO.FileNotFoundException: 无法找到文件'/https/fullchain.pem'。
文件名:'/https/fullchain.pem'
在Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
在Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode, Func`4 createOpenException)
在Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64& fileLength, UnixFileMode& filePermissions, Func`4 createOpenException)
在System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
在System.IO.StreamReader.ValidateArgsAndOpenPath(String path, Encoding encoding, Int32 bufferSize)
在System.IO.File.ReadAllText(String path, Encoding encoding)
在System.Security.Cryptography.X509Certificates.X509Certificate2Collection.ImportFromPemFile(String certPemFilePath)
在Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
在Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
在Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
在Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
在Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
在Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
在Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
在Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
在Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
在Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
在Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
在Program.<Main>$(String[] args) in /src/Program.cs:line 36
英文:
I recently launched a Blazor Server application on a Debian 11 server. The application is running through a Linux Docker container. I have used a DNS to connect my domain name to my server, and am trying to get an SSL certificate applied to my domain for my Blazor app.
By following Certbot guides, I have done the following on my Debian 11 server where my Blazor container is hosted to port 80:
apt-get install cerbot
certbot certonly --standalone
And I got the following message:
Congratulations!
Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem
My site is still not using https. I cannot find any other instructions to apply the SSL from this point. Do I need to add code to my Blazor Server app to point to the SSL files? Do I need to mount the SSL files to somewhere in my Docker container? Thanks.
Update: I have been running my Docker container with the following command. I've tested the mounting of my keys folder and can see it is correct, but I still have issues when launching the container. It appears to be unable to find the keys even though they are mounted to the container correctly:
docker run -p 80:80 -p 443:443 -v /etc/letsencrypt/live/example.com:/https/ -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/fullchain.pem -e ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/privkey.pem --restart always --name blazorserver blazorserver:1.01
I get these terminal errors, resulting in Program.cs failing to run app.Run();
warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
Storing keys in a directory '/root/.aspnet/DataProtection-Keys' that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
No XML encryptor configured. Key {c9ce4f00-c893-456c-b894-6421bf21ffd8} may be persisted to storage in unencrypted form.
Unhandled exception. System.IO.FileNotFoundException: Could not find file '/https/fullchain.pem'.
File name: '/https/fullchain.pem'
at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode, Func`4 createOpenException)
at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64& fileLength, UnixFileMode& filePermissions, Func`4 createOpenException)
at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
at System.IO.StreamReader.ValidateArgsAndOpenPath(String path, Encoding encoding, Int32 bufferSize)
at System.IO.File.ReadAllText(String path, Encoding encoding)
at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.ImportFromPemFile(String certPemFilePath)
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
at Program.<Main>$(String[] args) in /src/Program.cs:line 36
答案1
得分: 0
所以,问题在于 /etc/letsencrypt/live/example.com/fullchain.pem 文件需要访问 /etc/letsencrypt 层次结构中的其他文件。在将整个 /etc/letsencrypt 目录挂载到 /https 后,我能够使用完整路径访问 SSL 文件,例如 /https/live/example.com/fullchain.pem 用于 __Path 变量。
希望有人会发现我的故障排除对他们有用,因为我在网络上找不到关于在 Kestrel 和/或 Blazor 上设置 Let's Encrypt SSL 的大量信息。
英文:
So, the issue was that the /etc/letsencrypt/live/example.com/fullchain.pem file needs access to other files in the /etc/letsencrypt hierarchy. After mounting the entire /etc/letsencrypt directory to /https, I was able to access the SSL files with the full path, e.g. /https/live/example.com/fullchain.pem for the __Path variable.
Hopefully somebody finds my troubleshooting useful, as I could not find much information out there for Let's Encrypt SSL setup for Kestrel and/or Blazor.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论