How to enable ssl using .Net 6 Web API, NGINX, OpenSSL?
I created the Certificates using OpenSSL, these certificates are working with my Blazor Wasm App, so the certificates are ok. If I run the API over a http configuration on port 80 the API runs as expected, so API is also ok.
Running the API throws the following error message:
Aborted
root#TEST:/var/www/TEST/api# ./TEST_Web_API
Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https –trust'.
This is my NGINX configuration:
server {
listen 444 ssl;
server_name test.fritz.box;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}}
server {
#Working Blazor wasm app
listen 443 ssl default_server;
server_name test.fritz.box;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
access_log /var/log/nginx/access.demo.log;
error_log /var/log/nginx/error.demo.log;
root /var/www/test;
index index.html;}
This is my API setup:
string _MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
builder.Services.AddCors(options =>
{
//allow CORS
options.AddPolicy(_MyAllowSpecificOrigins, builder => builder.WithOrigins("https://localhost:444","http://localhost:81", "http://localhost:5000")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
.SetIsOriginAllowed((host) => true));
});
var app = builder.Build();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseSwagger();
app.UseSwaggerUI();
if (!app.Environment.IsDevelopment())
{
//Raspberry PI
app.UseHttpsRedirection();
app.Urls.Add("http://192.168.178.51:5000");
app.Urls.Add("http://localhost:5000");
}
app.UseCors(_MyAllowSpecificOrigins);//Do not change the position of app.UseCors, the order is important!
app.UseAuthorization();
app.MapControllers();
app.Run();
I guess something in the API configuration is wrong. What's wrong here?
Related
I have published the default blazor server application that visual studio creates on an nginx server, however I can't find a way to reference the _framework/blazor.server.js file, this is my nginx configuration file:
server {
listen 8080;
listen [::]:8080;
server_name blazor.local;
location ~* \.(css|js|styles\.css|server\.js|lib|png|ttf|otf|woff)$ {
root html/blazor/wwwroot;
}
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
The setup works fine and it can reference the css that it couldn't but there is no way to reference the _framework/blazor.server.js ?????
I am trying to deploy a dotnet application with angular. However, when I am configuring nginx as the documentation by Microsoft recommends it, then accessing the website on the base url throws a 404 not found, but all other urls work fine.
My sites-available:
server {
listen 80 default_server;
# listen [::]:80 default_server deferred;
return 444;
}
server {
listen *:80;
listen 443 ssl;
server_name v2202207178565194475.supersrv.de *.supersrv.de;
index /var/www/donau_lead_generator/donau-lead-generator/bin/Release/net6.0/publish/wwwroot/index.html;
root /var/www/donau_lead_generator/donau-lead-generator/bin/Release/net6.0/publish/;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# try_files $uri $uri/ /index.html;
}
ssl_certificate /etc/letsencrypt/live/v2202207178565194475.supersrv.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/v2202207178565194475.supersrv.de/privkey.pem; # managed by Certbot
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
I am building using:
dotnet publish --configuration Release
If i access the /index.html it finds the index.html but if I access without it it returns 404 not found even though I redirect every url to index.html in my angular code:
#NgModule({
declarations: [
AppComponent,
NavMenuComponent,
HomeComponent,
RewardComponent,
],
imports: [
BrowserModule.withServerTransition({ appId: 'ng-cli-universal' }),
HttpClientModule,
FormsModule,
ReactiveFormsModule,
FontAwesomeModule,
RouterModule.forRoot([
{ path: '', component: HomeComponent, pathMatch: 'full' },
{ path: 'reward', component: RewardComponent, pathMatch: 'full' },
{ path: '**', redirectTo: '' }
])
],
providers: [],
bootstrap: [AppComponent]
})
export class AppModule { }
After hours of trying different solutions I found here 1 that one has to specify the nginx sites-available file like the following:
server {
listen *:80;
listen 443 ssl;
server_name v2202207178565194475.supersrv.de *.v2202207178565194475.supersrv.de;
location /reward {
proxy_pass http://localhost:5000/reward;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /person {
proxy_pass http://localhost:5000/person;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/{
proxy_pass http://localhost:5000/api/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
# try_files $uri $uri/index.html; -> this makes index page work but rest fails
root /var/www/donau_lead_generator/donau-lead-generator/bin/Release/net6.0/publish/wwwroot;
index index.html;
# proxy_pass http://localhost:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/v2202207178565194475.supersrv.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/v2202207178565194475.supersrv.de/privkey.pem; # managed by Certbot
# # Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot
}
For every api endpoint one has to define the proxy pass but for the index / one has to serve the wwwroot folder.
I've recently converted my project from .NET Framework 4.8 to .NET 5. Everything is working except the ability for users to sign in when the authentication is passing through a reverse proxy.
When the users are connected to the VPN, everything works, but off the VPN, they get a 404 after signing into ADFS when trying to POST to /signin-wsfed.
I've added this to my Startup:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
options.ForwardLimit = null;
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
}
I've turned on some header debugging as prescribed in: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-5.0#forwarded-headers-middleware-options
I noticed that the X-Forwarded-For value when not using the UserForwardedHeaders is not equal to the X-Original-For when I have it turned on, the link suggests they should be the same.
NGINX is our reverse proxy, here is some of the config:
location / {
proxy_pass https://redacted_ip_address/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Queue-Start "t=${msec}000";
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_cache_bypass $http_upgrade;
client_max_body_size 50m;
client_body_buffer_size 128k;
}
If anyone has any suggestions of something I could try, it would be greatly appreciated.
It turns out that .NET Core stores more information in the authentication Cookie and that was causing the size of the cookie to exceed that of the Nginx configuration.
I am working with the Identity set on an ASP.NET Core 3.0 application, deployed to Ubuntu 19.04.
The Identity areas don't seem to be working correctly. When I navigate to it, it gives me a 'not found' from Nginx. I am trying to figure what I need to change to get Nginx to allow the Identity area (and other areas) through the reverse proxy. When I curl localhost:5000/Identity/Account/Register, I receive HTML.
Nginx setup:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/jl3/linux-x64/publish/;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /css/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
location /images/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
location /js/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
location /lib/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
}
Am I missing a location reference, or is my root command incorrect? The main (not Identity) page works fine, but for a few other pages, I had to include Hrefs instead of using asp-controller and asp-action helper tags.
Goal
Deploying/hosting a blazor-hosted (.Net Core 3 Preview 6) app on a Ubuntu server with a reserve-proxy (nginx) and docker (all containerized).
Config Files
The dockerfile which got generated by Visual Studio:
FROM mcr.microsoft.com/dotnet/core/aspnet:3.0-buster-slim AS base
WORKDIR /app
EXPOSE 80
EXPOSE 443
FROM mcr.microsoft.com/dotnet/core/sdk:3.0-buster AS build
WORKDIR /src
COPY ["Website.Server/Website.Server.csproj", "Website.Server/"]
COPY ["Website.Client/Website.Client.csproj", "Website.Client/"]
RUN dotnet restore "Website.Server/Website.Server.csproj"
COPY . .
WORKDIR "/src/Website.Server"
RUN dotnet build "Website.Server.csproj" -c Release -o /app
FROM build AS publish
RUN dotnet publish "Website.Server.csproj" -c Release -o /app
FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "Website.Server.dll"]
The docker-compose.yml file which is used to launch the application:
version: '3'
services:
nginx:
image: nginx:1.17-alpine
volumes:
- ./data/nginx:/etc/nginx/conf.d
ports:
- "80:80"
- "443:443"
restart: always
wesbite:
image: ImageToTheDockerFileAbove
expose:
- "80"
- "443"
restart: always
And finally my nginx config:
server {
listen 80;
server_name domain;
location / {
return 301
https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name domain;
location / {
proxy_pass http://website:80;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Startup.cs of my ASP.Net Core app
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc().AddNewtonsoftJson();
services.AddResponseCompression(opts =>
{
opts.MimeTypes = ResponseCompressionDefaults.MimeTypes.Concat(
new[] { "application/octet-stream" });
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseResponseCompression();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
app.UseBlazorDebugging();
}
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseClientSideBlazorFiles<Client.Startup>();
app.UseRouting();
app.UseEndpoints(endpoints =>
{
endpoints.MapDefaultControllerRoute();
endpoints.MapFallbackToClientSideBlazor<Client.Startup>("index.html");
});
}
}
Problems
Actually there is just no content served at all and I am just getting a 404, but
the link between the container does exist. Since I can see the following output as soon as I type in my domain in the browser:
info: Microsoft.AspNetCore.Hosting.Diagnostics[1]
Request starting HTTP/1.1 GET domain
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[0]
Executing endpoint 'Fallback {*path:nonfile}'
info: Microsoft.AspNetCore.Routing.EndpointMiddleware[1]
Executed endpoint 'Fallback {*path:nonfile}'
Regarding to MSDN you are not required to add the following lines to the config of nginx, since the blazor app sits behind a normal ASP.Net Core application.
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html =404;
But when reading the error this still seems to me as a routing issue or similar.