ASP.NET 7 Blazor Server – Certbot SSL for Linux Host

huangapple go评论127阅读模式
英文:

ASP.NET 7 Blazor Server - Certbot SSL for Linux Host

问题

我最近在Debian 11服务器上启动了一个Blazor Server应用程序。该应用程序通过Linux Docker容器运行。我已经使用DNS将我的域名连接到我的服务器,并尝试为我的Blazor应用程序应用SSL证书。

按照Certbot指南,在托管Blazor容器的Debian 11服务器上执行了以下操作来设置端口80:

apt-get install cerbot
certbot certonly --standalone

然后我收到了以下消息:

恭喜!
您的证书和链已保存在:/etc/letsencrypt/live/example.com/fullchain.pem
您的密钥文件已保存在:/etc/letsencrypt/live/example.com/privkey.pem

我的网站仍然没有使用https。我找不到任何其他的指示来从这一点应用SSL。我需要在我的Blazor Server应用程序中添加代码来指向SSL文件吗?我需要将SSL文件挂载到Docker容器中的某个位置吗?谢谢。

更新:我一直在使用以下命令运行我的Docker容器。我已经测试了我的密钥文件夹的挂载,并且确认它是正确的,但是当启动容器时仍然出现问题。似乎无法找到密钥,尽管它们已正确挂载到容器中:

docker run -p 80:80 -p 443:443 -v /etc/letsencrypt/live/example.com:/https/ -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/fullchain.pem -e ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/privkey.pem --restart always --name blazorserver blazorserver:1.01

我收到了以下终端错误,导致Program.cs无法运行app.Run():

warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
      正在将密钥存储在一个可能在容器销毁时无法保持的目录'/root/.aspnet/DataProtection-Keys'中。当容器销毁时,受保护的数据将不可用。
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
      未配置XML加密器。密钥{c9ce4f00-c893-456c-b894-6421bf21ffd8}可能以未加密形式持久化到存储中。
未处理的异常。System.IO.FileNotFoundException: 无法找到文件'/https/fullchain.pem'。
文件名:'/https/fullchain.pem'
   在Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
   在Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode, Func`4 createOpenException)
   在Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64& fileLength, UnixFileMode& filePermissions, Func`4 createOpenException)
   在System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   在System.IO.StreamReader.ValidateArgsAndOpenPath(String path, Encoding encoding, Int32 bufferSize)
   在System.IO.File.ReadAllText(String path, Encoding encoding)
   在System.Security.Cryptography.X509Certificates.X509Certificate2Collection.ImportFromPemFile(String certPemFilePath)
   在Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
   在Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
   在Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
   在Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
   在Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
   在Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
   在Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
   在Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
   在Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   在Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   在Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
   在Program.<Main>$(String[] args) in /src/Program.cs:line 36
英文:

I recently launched a Blazor Server application on a Debian 11 server. The application is running through a Linux Docker container. I have used a DNS to connect my domain name to my server, and am trying to get an SSL certificate applied to my domain for my Blazor app.

By following Certbot guides, I have done the following on my Debian 11 server where my Blazor container is hosted to port 80:
apt-get install cerbot
certbot certonly --standalone
And I got the following message:

Congratulations!
Your certificate and chain have been saved at: /etc/letsencrypt/live/example.com/fullchain.pem
Your key file has been saved at: /etc/letsencrypt/live/example.com/privkey.pem

My site is still not using https. I cannot find any other instructions to apply the SSL from this point. Do I need to add code to my Blazor Server app to point to the SSL files? Do I need to mount the SSL files to somewhere in my Docker container? Thanks.

Update: I have been running my Docker container with the following command. I've tested the mounting of my keys folder and can see it is correct, but I still have issues when launching the container. It appears to be unable to find the keys even though they are mounted to the container correctly:
docker run -p 80:80 -p 443:443 -v /etc/letsencrypt/live/example.com:/https/ -e ASPNETCORE_URLS=&quot;https://+;http://+&quot; -e ASPNETCORE_HTTPS_PORT=443 -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/fullchain.pem -e ASPNETCORE_Kestrel__Certificates__Default__KeyPath=/https/privkey.pem --restart always --name blazorserver blazorserver:1.01

I get these terminal errors, resulting in Program.cs failing to run app.Run();

warn: Microsoft.AspNetCore.DataProtection.Repositories.FileSystemXmlRepository[60]
      Storing keys in a directory &#39;/root/.aspnet/DataProtection-Keys&#39; that may not be persisted outside of the container. Protected data will be unavailable when container is destroyed.
warn: Microsoft.AspNetCore.DataProtection.KeyManagement.XmlKeyManager[35]
      No XML encryptor configured. Key {c9ce4f00-c893-456c-b894-6421bf21ffd8} may be persisted to storage in unencrypted form.
Unhandled exception. System.IO.FileNotFoundException: Could not find file &#39;/https/fullchain.pem&#39;.
File name: &#39;/https/fullchain.pem&#39;
   at Interop.ThrowExceptionForIoErrno(ErrorInfo errorInfo, String path, Boolean isDirError)
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String path, OpenFlags flags, Int32 mode, Func`4 createOpenException)
   at Microsoft.Win32.SafeHandles.SafeFileHandle.Open(String fullPath, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, UnixFileMode openPermissions, Int64&amp; fileLength, UnixFileMode&amp; filePermissions, Func`4 createOpenException)
   at System.IO.Strategies.OSFileStreamStrategy..ctor(String path, FileMode mode, FileAccess access, FileShare share, FileOptions options, Int64 preallocationSize, Nullable`1 unixCreateMode)
   at System.IO.StreamReader.ValidateArgsAndOpenPath(String path, Encoding encoding, Int32 bufferSize)
   at System.IO.File.ReadAllText(String path, Encoding encoding)
   at System.Security.Cryptography.X509Certificates.X509Certificate2Collection.ImportFromPemFile(String certPemFilePath)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()
   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()
   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
   at Program.&lt;Main&gt;$(String[] args) in /src/Program.cs:line 36

答案1

得分: 0

所以,问题在于 /etc/letsencrypt/live/example.com/fullchain.pem 文件需要访问 /etc/letsencrypt 层次结构中的其他文件。在将整个 /etc/letsencrypt 目录挂载到 /https 后,我能够使用完整路径访问 SSL 文件,例如 /https/live/example.com/fullchain.pem 用于 __Path 变量。

希望有人会发现我的故障排除对他们有用,因为我在网络上找不到关于在 Kestrel 和/或 Blazor 上设置 Let's Encrypt SSL 的大量信息。

英文:

So, the issue was that the /etc/letsencrypt/live/example.com/fullchain.pem file needs access to other files in the /etc/letsencrypt hierarchy. After mounting the entire /etc/letsencrypt directory to /https, I was able to access the SSL files with the full path, e.g. /https/live/example.com/fullchain.pem for the __Path variable.

Hopefully somebody finds my troubleshooting useful, as I could not find much information out there for Let's Encrypt SSL setup for Kestrel and/or Blazor.

huangapple
  • 本文由 发表于 2023年1月9日 03:42:16
  • 转载请务必保留本文链接:https://go.coder-hub.com/75050750.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定