10

I am trying to host an ASP.Net Core MVC application (https redirection is enabled) on Ubuntu server, using Nginx as a reverse proxy. I have created and installed a local SSL certificate using OpenSSL. When i run my application using dotnet CLI it listens on both http://localhost:5000 & https://localhost:5001, and i am able to access it on web using https (http requests are being redirect to https by Nginx).

The problem is when i try to run the as a service, it only listens on http://localhost:5000.

Here's the *.service file :

[Unit]
Description=Test ASP.Net core web application service.

[Service]
WorkingDirectory=/home/ubuntu/MyAppFolder
ExecStart=/usr/bin/dotnet/home/ubuntu/MyAppFolder/MyApplication.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
SyslogIdentifier=MyApplication
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Development
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_HTTPS_PORT=5001
Environment=ASPNETCORE_URLS=http://localhost:5000;https://localhost:5001

[Install]
WantedBy=multi-user.target

Environment details : ASP.Net Core 2.1.1, ASP.Net Core SDK 2.1.3, Nginx 1.14, Ubuntu 16.04

Improve this question

1 Answer 1

Reset to default
14

Finally i figured out the issue. The issue is that a developer ssl certificate is installed with dotnet SDK with the name localhost. In case of Ubuntu the certificate is located at /home/{user name} /.dotnet/corefx/cryptography/x509stores/my

Kestrel just searches in the home directory of executing user, which does not exists for 'www-data', hence it couldn't locate the development certificate. Due to which it doesn't bind to default https port.

To get it working, i first converted my existing certificate in PEM (.crt) format to PKCS12 (.pkf) using OpenSSL. Below is the command.

sudo openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt -certfile more.crt

Then i needed to specify this certificate to Kestrel server, using appsettings.json file. Below is how the file looks now : 

{
  "ConnectionStrings": {
    "PostgresConnection": "Host=localhost; Database=postgres; Username=postgres; Password=xyz123"
  },
  "Logging": {
    "IncludeScopes": false,
    "LogLevel": {
      "Default": "Warning"
    }
  },

  "Kestrel": {
    "Endpoints": {
      "HTTPS": {
        "Url": "https://localhost:5001",
        "Certificate": {
          "Path": "/etc/ssl/certs/<certificate.pfx>",
          "Password": "xyz123"
        }
      }
    }
  }
}

Then you need to add www-data user to ssl-certs group. below is command line :

sudo usermod -aG ssl-cert www-data
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Can you take a look at my question please: stackoverflow.com/questions/58226762/…
This was helpful, but only worked partially. I have summarized my solution on stackoverflow.com/a/59702094/3167480.
@chrisvdb I've been away from this topic for a while now, but i appreciate your answer. It certainly takes step by step approach towards the configurations needed. For me trust wasn't the issue, i was struggling to just open the website on https port.
This is outdated, kestrel now supports PEM files via "HttpsFromPem" in the AppSettings.Json config under kestrel

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.