I have a .net core 3.0 web application that I want to run on a Debian Buster service. I followed the Microsoft instructions found Here.
I was able to get Nginx to serve the pages however none of the styles are showing up.
Config file
server {
listen 80;
server_name yourdomain.com;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name demo.cerebral.local;
#ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
#ssl on;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
#gzip_types text/plain text/html text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
gzip_buffers 16 8k;
gzip_disable “MSIE [1-6].(?!.*SV1)”;
#access_log /var/log/nginx/demo.access.log;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
I am not sure what I am doing wrong. Please push me in the right direction.
If anyone is interested in the solution I had to explicitly set a location block for the static files
server {
listen 80;
server_name demo.cerebral.local;
#ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
#ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
#ssl on;
#ssl_session_cache builtin:1000 shared:SSL:10m;
#ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
#ssl_prefer_server_ciphers on;
gzip on;
gzip_http_version 1.1;
gzip_vary on;
gzip_comp_level 6;
gzip_proxied any;
#gzip_types text/plain text/html text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml;
gzip_buffers 16 8k;
gzip_disable “MSIE [1-6].(?!.*SV1)”;
#access_log /var/log/nginx/demo.access.log;
# This location block fixed my issue.
location ~* /(css|js|lib) {
root /var/www/demo/wwwroot;
}
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
the likely reason for the problem is that the working directory where you're running the application doesn't have the wwwroot files. Pay attention to the logs on startup. You're looking for the "content root path" item.
Jan 04 11:14:19 nero dashboard-iot[54792]: info: Microsoft.Hosting.Lifetime[0]
Jan 04 11:14:19 nero dashboard-iot[54792]: Now listening on: http://localhost:5000
Jan 04 11:14:19 nero dashboard-iot[54792]: info: Microsoft.Hosting.Lifetime[0]
Jan 04 11:14:19 nero dashboard-iot[54792]: Application started. Press Ctrl+C to shut down.
Jan 04 11:14:19 nero dashboard-iot[54792]: info: Microsoft.Hosting.Lifetime[0]
Jan 04 11:14:19 nero dashboard-iot[54792]: Hosting environment: Production
Jan 04 11:14:19 nero dashboard-iot[54792]: info: Microsoft.Hosting.Lifetime[0]
Jan 04 11:14:19 nero dashboard-iot[54792]: Content root path: /var/www/iotui
Simple solution is to run from the right directory.
If you choose to create a service file, which is highly recommended, the docs point in the right direction.
[Service]
WorkingDirectory=/var/www/helloapp
ExecStart=/usr/bin/dotnet /var/www/helloapp/helloapp.dll
Nonetheless, your solution is perfectly fine, and perhaps even better. It's letting NGINX serve the static files and letting ASP.NET focus on the generated files. Still, in case anyone stumbles across this like I did, I wanted to be sure folks know what's going on.
Related
I have published the default blazor server application that visual studio creates on an nginx server, however I can't find a way to reference the _framework/blazor.server.js file, this is my nginx configuration file:
server {
listen 8080;
listen [::]:8080;
server_name blazor.local;
location ~* \.(css|js|styles\.css|server\.js|lib|png|ttf|otf|woff)$ {
root html/blazor/wwwroot;
}
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
The setup works fine and it can reference the css that it couldn't but there is no way to reference the _framework/blazor.server.js ?????
How to enable ssl using .Net 6 Web API, NGINX, OpenSSL?
I created the Certificates using OpenSSL, these certificates are working with my Blazor Wasm App, so the certificates are ok. If I run the API over a http configuration on port 80 the API runs as expected, so API is also ok.
Running the API throws the following error message:
Aborted
root#TEST:/var/www/TEST/api# ./TEST_Web_API
Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https –trust'.
This is my NGINX configuration:
server {
listen 444 ssl;
server_name test.fritz.box;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}}
server {
#Working Blazor wasm app
listen 443 ssl default_server;
server_name test.fritz.box;
ssl_certificate /etc/ssl/certs/nginx.crt;
ssl_certificate_key /etc/ssl/private/nginx.key;
access_log /var/log/nginx/access.demo.log;
error_log /var/log/nginx/error.demo.log;
root /var/www/test;
index index.html;}
This is my API setup:
string _MyAllowSpecificOrigins = "_myAllowSpecificOrigins";
builder.Services.AddCors(options =>
{
//allow CORS
options.AddPolicy(_MyAllowSpecificOrigins, builder => builder.WithOrigins("https://localhost:444","http://localhost:81", "http://localhost:5000")
.AllowAnyHeader()
.AllowAnyMethod()
.AllowCredentials()
.SetIsOriginAllowed((host) => true));
});
var app = builder.Build();
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseSwagger();
app.UseSwaggerUI();
if (!app.Environment.IsDevelopment())
{
//Raspberry PI
app.UseHttpsRedirection();
app.Urls.Add("http://192.168.178.51:5000");
app.Urls.Add("http://localhost:5000");
}
app.UseCors(_MyAllowSpecificOrigins);//Do not change the position of app.UseCors, the order is important!
app.UseAuthorization();
app.MapControllers();
app.Run();
I guess something in the API configuration is wrong. What's wrong here?
I am trying to deploy a dotnet application with angular. However, when I am configuring nginx as the documentation by Microsoft recommends it, then accessing the website on the base url throws a 404 not found, but all other urls work fine.
My sites-available:
server {
listen 80 default_server;
# listen [::]:80 default_server deferred;
return 444;
}
server {
listen *:80;
listen 443 ssl;
server_name v2202207178565194475.supersrv.de *.supersrv.de;
index /var/www/donau_lead_generator/donau-lead-generator/bin/Release/net6.0/publish/wwwroot/index.html;
root /var/www/donau_lead_generator/donau-lead-generator/bin/Release/net6.0/publish/;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# try_files $uri $uri/ /index.html;
}
ssl_certificate /etc/letsencrypt/live/v2202207178565194475.supersrv.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/v2202207178565194475.supersrv.de/privkey.pem; # managed by Certbot
# Redirect non-https traffic to https
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
I am building using:
dotnet publish --configuration Release
If i access the /index.html it finds the index.html but if I access without it it returns 404 not found even though I redirect every url to index.html in my angular code:
#NgModule({
declarations: [
AppComponent,
NavMenuComponent,
HomeComponent,
RewardComponent,
],
imports: [
BrowserModule.withServerTransition({ appId: 'ng-cli-universal' }),
HttpClientModule,
FormsModule,
ReactiveFormsModule,
FontAwesomeModule,
RouterModule.forRoot([
{ path: '', component: HomeComponent, pathMatch: 'full' },
{ path: 'reward', component: RewardComponent, pathMatch: 'full' },
{ path: '**', redirectTo: '' }
])
],
providers: [],
bootstrap: [AppComponent]
})
export class AppModule { }
After hours of trying different solutions I found here 1 that one has to specify the nginx sites-available file like the following:
server {
listen *:80;
listen 443 ssl;
server_name v2202207178565194475.supersrv.de *.v2202207178565194475.supersrv.de;
location /reward {
proxy_pass http://localhost:5000/reward;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /person {
proxy_pass http://localhost:5000/person;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api/{
proxy_pass http://localhost:5000/api/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
# try_files $uri $uri/index.html; -> this makes index page work but rest fails
root /var/www/donau_lead_generator/donau-lead-generator/bin/Release/net6.0/publish/wwwroot;
index index.html;
# proxy_pass http://localhost:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
ssl_certificate /etc/letsencrypt/live/v2202207178565194475.supersrv.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/v2202207178565194475.supersrv.de/privkey.pem; # managed by Certbot
# # Redirect non-https traffic to https
# if ($scheme != "https") {
# return 301 https://$host$request_uri;
# } # managed by Certbot
}
For every api endpoint one has to define the proxy pass but for the index / one has to serve the wwwroot folder.
I've recently converted my project from .NET Framework 4.8 to .NET 5. Everything is working except the ability for users to sign in when the authentication is passing through a reverse proxy.
When the users are connected to the VPN, everything works, but off the VPN, they get a 404 after signing into ADFS when trying to POST to /signin-wsfed.
I've added this to my Startup:
public void ConfigureServices(IServiceCollection services)
{
services.Configure<ForwardedHeadersOptions>(options =>
{
options.KnownNetworks.Clear();
options.KnownProxies.Clear();
options.ForwardLimit = null;
options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
}
I've turned on some header debugging as prescribed in: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/proxy-load-balancer?view=aspnetcore-5.0#forwarded-headers-middleware-options
I noticed that the X-Forwarded-For value when not using the UserForwardedHeaders is not equal to the X-Original-For when I have it turned on, the link suggests they should be the same.
NGINX is our reverse proxy, here is some of the config:
location / {
proxy_pass https://redacted_ip_address/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Queue-Start "t=${msec}000";
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_cache_bypass $http_upgrade;
client_max_body_size 50m;
client_body_buffer_size 128k;
}
If anyone has any suggestions of something I could try, it would be greatly appreciated.
It turns out that .NET Core stores more information in the authentication Cookie and that was causing the size of the cookie to exceed that of the Nginx configuration.
I am working with the Identity set on an ASP.NET Core 3.0 application, deployed to Ubuntu 19.04.
The Identity areas don't seem to be working correctly. When I navigate to it, it gives me a 'not found' from Nginx. I am trying to figure what I need to change to get Nginx to allow the Identity area (and other areas) through the reverse proxy. When I curl localhost:5000/Identity/Account/Register, I receive HTML.
Nginx setup:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/jl3/linux-x64/publish/;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name _;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location /css/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
location /images/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
location /js/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
location /lib/ {
root /var/www/jl3/linux-x64/publish/wwwroot;
}
}
Am I missing a location reference, or is my root command incorrect? The main (not Identity) page works fine, but for a few other pages, I had to include Hrefs instead of using asp-controller and asp-action helper tags.