Skip to content
loading...

re: Hosting a .Net Core App with Nginx and Let's Encrypt VIEW POST

FULL DISCUSSION
 

Hi Ian,

Firstly thanks for this article, it's been a major help, completely agree that the Microsoft docs are not up to scratch.

One issue I've had is that my aspnet core app would only start up as http:// localhost:5000. on my ubuntu server.

I understand that's because kestrel didn't have access to it's self signed cert like it does when running locally.

I've got around this by setting nginx to direct to http:// localhost:5000 and removing app.UseHttpsRedirection(); in startup.cs. I'm assuming this is fine considering nginx is the reverse proxy.

Your article shows that you are directing nginx to https:// localhost:5001 yet you don't mention this issue? Can you elaborate on this please? Would be super helpful.

 

I had this same issue when revisiting the app I was working on back in July. Now I'm using .NET Core 3.1 instead of 2.2. I ran a command on the Ubuntu server to have dotnet generate a new self-signed cert (I believe it was "dotnet dev-certs https"). This allowed the .NET Core Web API app to run using Https/5001.

I believe you are correct in your thinking with this sort of "jankness" being okay because it's running behind Nginx. When I go to my app in a browser, it is using the LetsEncrypt certificate, so the self-signed cert just seems to be there to check a box that dotnet goes through when starting the app.

Friendly note on the LetsEncrypt... the .NET app cannot be running when you run the certbot command to refresh the cert, else you get an error about not being able to bind to port 80 (has nothing to do with you using 443 only, it's just that it tries 80 before 443 so we see that 80 error first). At first I thought the opposite, that an app needed to be running on 80/443 for the Letsencrypt people to see it's a valid website.

For forcing https/5001 only in the .NET Core Web API app, I added "app.UseHttpsRedirection();" to Startup.cs and "webBuilder.UseUrls("localhost:5001");" to Program.cs. It's okay to "disable" http/80 within the .NET Core Web API app as Nginx redirects 80 to 443 and then sends it to the .NET Core app. I know you knew that, just being detailed for others who may happen by ;)

code of conduct - report abuse