.NET Core Docker with Automated SSL
up vote
1
down vote
favorite
I am currently working on deploying a .NET Core web api on a server. I wanted to do it using docker compose for easy management. In my Startup.cs I have this code:
public class Startup
{
public Startup (IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices (IServiceCollection services)
{
var databaseHost = Configuration["DB_HOST"] ?? "localhost";
// ........
}
// ........
}
My Dockerfile is pretty standard, as Microsoft's documentation states it should be:
FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore
# Copy everything else and build
COPY . ./
RUN dotnet publish -c Release -o out
# Build runtime image
FROM microsoft/dotnet:aspnetcore-runtime
WORKDIR /app
COPY --from=build-env /app/out .
EXPOSE 80/tcp
ENTRYPOINT ["dotnet", "ApiProject.dll"]
I define my environment variables in my docker-compose.yml file:
version: '3'
services:
restapi:
build:
context: ./ApiProject
dockerfile: Dockerfile
depends_on:
- db
ports:
- "5000:80"
restart: always
environment:
- DB_HOST=db
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
This docker-compose.yml file works just fine on my local machine. The issue comes when I want to deploy it on the server. Someone online have made a docker-compose file which runs an nginx proxy and containers for automatically retrieving valid SSL certificates using Let's Encrypt (jwilder/nginx-proxy).
It is pretty easy to get it working. When starting a new docker container, you just have to assign it to the correct external docker network (in this case: nginx-proxy), and then give it the following environment variables:
VIRTUAL_HOST: example.comLETSENCRYPT_HOST: example.comLETSENCRYPT_EMAIL: myemail@example.com
Furthermore, instead of mapping ports, you just have to expose port 80. Then when the container starts up, the other containers will automatically get the SSL certificates and make a proxy to the newly started container.
The issue here is the way Microsoft's containers works with environment variables. The container for my web api has a few environment variables of itself, such as DB_HOST=mydbhost.com. It then automatically gets imported in the code. That means I can't add the environment variables (i.e. VIRTUAL_HOST: example.com) needed for the proxy containers to work properly.
I tried out with the following docker-compose.yml configuration:
version: '3'
services:
restapi:
build:
context: ./EffortlessApi
dockerfile: Dockerfile
depends_on:
- db
expose:
- 80
restart: always
environment:
- DB_HOST=db
- VIRTUAL_HOST: my_domain.com
- LETSENCRYPT_HOST: my_domain.com
- LETSENCRYPT_EMAIL: my@email.com
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
networks:
default:
external:
name: nginx-proxy
But that resolved in the following error when running docker-compose up:
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.restapi.environment contains {"VIRTUAL_HOST":
"api.effortless.dk"}, which is an invalid type, it should be a string
I'm quite lost on how I should solve this issue. I want to easily deploy and manage multiple containers with valid SSL certificates, and this setup is pretty cool, if just it worked with the .NET project as well.
.net docker docker-compose lets-encrypt
asked Nov 22 at 14:19
Algorythm
183
add a comment |
up vote
1
down vote
favorite
I am currently working on deploying a .NET Core web api on a server. I wanted to do it using docker compose for easy management. In my Startup.cs I have this code:
public class Startup
{
public Startup (IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices (IServiceCollection services)
{
var databaseHost = Configuration["DB_HOST"] ?? "localhost";
// ........
}
// ........
}
My Dockerfile is pretty standard, as Microsoft's documentation states it should be:
FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore
# Copy everything else and build
COPY . ./
RUN dotnet publish -c Release -o out
# Build runtime image
FROM microsoft/dotnet:aspnetcore-runtime
WORKDIR /app
COPY --from=build-env /app/out .
EXPOSE 80/tcp
ENTRYPOINT ["dotnet", "ApiProject.dll"]
I define my environment variables in my docker-compose.yml file:
version: '3'
services:
restapi:
build:
context: ./ApiProject
dockerfile: Dockerfile
depends_on:
- db
ports:
- "5000:80"
restart: always
environment:
- DB_HOST=db
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
This docker-compose.yml file works just fine on my local machine. The issue comes when I want to deploy it on the server. Someone online have made a docker-compose file which runs an nginx proxy and containers for automatically retrieving valid SSL certificates using Let's Encrypt (jwilder/nginx-proxy).
It is pretty easy to get it working. When starting a new docker container, you just have to assign it to the correct external docker network (in this case: nginx-proxy), and then give it the following environment variables:
VIRTUAL_HOST: example.comLETSENCRYPT_HOST: example.comLETSENCRYPT_EMAIL: myemail@example.com
Furthermore, instead of mapping ports, you just have to expose port 80. Then when the container starts up, the other containers will automatically get the SSL certificates and make a proxy to the newly started container.
The issue here is the way Microsoft's containers works with environment variables. The container for my web api has a few environment variables of itself, such as DB_HOST=mydbhost.com. It then automatically gets imported in the code. That means I can't add the environment variables (i.e. VIRTUAL_HOST: example.com) needed for the proxy containers to work properly.
I tried out with the following docker-compose.yml configuration:
version: '3'
services:
restapi:
build:
context: ./EffortlessApi
dockerfile: Dockerfile
depends_on:
- db
expose:
- 80
restart: always
environment:
- DB_HOST=db
- VIRTUAL_HOST: my_domain.com
- LETSENCRYPT_HOST: my_domain.com
- LETSENCRYPT_EMAIL: my@email.com
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
networks:
default:
external:
name: nginx-proxy
But that resolved in the following error when running docker-compose up:
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.restapi.environment contains {"VIRTUAL_HOST":
"api.effortless.dk"}, which is an invalid type, it should be a string
I'm quite lost on how I should solve this issue. I want to easily deploy and manage multiple containers with valid SSL certificates, and this setup is pretty cool, if just it worked with the .NET project as well.
.net docker docker-compose lets-encrypt
asked Nov 22 at 14:19
Algorythm
183
add a comment |
up vote
1
down vote
favorite
up vote
1
down vote
favorite
I am currently working on deploying a .NET Core web api on a server. I wanted to do it using docker compose for easy management. In my Startup.cs I have this code:
public class Startup
{
public Startup (IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices (IServiceCollection services)
{
var databaseHost = Configuration["DB_HOST"] ?? "localhost";
// ........
}
// ........
}
My Dockerfile is pretty standard, as Microsoft's documentation states it should be:
FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore
# Copy everything else and build
COPY . ./
RUN dotnet publish -c Release -o out
# Build runtime image
FROM microsoft/dotnet:aspnetcore-runtime
WORKDIR /app
COPY --from=build-env /app/out .
EXPOSE 80/tcp
ENTRYPOINT ["dotnet", "ApiProject.dll"]
I define my environment variables in my docker-compose.yml file:
version: '3'
services:
restapi:
build:
context: ./ApiProject
dockerfile: Dockerfile
depends_on:
- db
ports:
- "5000:80"
restart: always
environment:
- DB_HOST=db
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
This docker-compose.yml file works just fine on my local machine. The issue comes when I want to deploy it on the server. Someone online have made a docker-compose file which runs an nginx proxy and containers for automatically retrieving valid SSL certificates using Let's Encrypt (jwilder/nginx-proxy).
It is pretty easy to get it working. When starting a new docker container, you just have to assign it to the correct external docker network (in this case: nginx-proxy), and then give it the following environment variables:
VIRTUAL_HOST: example.comLETSENCRYPT_HOST: example.comLETSENCRYPT_EMAIL: myemail@example.com
Furthermore, instead of mapping ports, you just have to expose port 80. Then when the container starts up, the other containers will automatically get the SSL certificates and make a proxy to the newly started container.
The issue here is the way Microsoft's containers works with environment variables. The container for my web api has a few environment variables of itself, such as DB_HOST=mydbhost.com. It then automatically gets imported in the code. That means I can't add the environment variables (i.e. VIRTUAL_HOST: example.com) needed for the proxy containers to work properly.
I tried out with the following docker-compose.yml configuration:
version: '3'
services:
restapi:
build:
context: ./EffortlessApi
dockerfile: Dockerfile
depends_on:
- db
expose:
- 80
restart: always
environment:
- DB_HOST=db
- VIRTUAL_HOST: my_domain.com
- LETSENCRYPT_HOST: my_domain.com
- LETSENCRYPT_EMAIL: my@email.com
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
networks:
default:
external:
name: nginx-proxy
But that resolved in the following error when running docker-compose up:
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.restapi.environment contains {"VIRTUAL_HOST":
"api.effortless.dk"}, which is an invalid type, it should be a string
I'm quite lost on how I should solve this issue. I want to easily deploy and manage multiple containers with valid SSL certificates, and this setup is pretty cool, if just it worked with the .NET project as well.
.net docker docker-compose lets-encrypt
asked Nov 22 at 14:19
Algorythm
183
I am currently working on deploying a .NET Core web api on a server. I wanted to do it using docker compose for easy management. In my Startup.cs I have this code:
public class Startup
{
public Startup (IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
public void ConfigureServices (IServiceCollection services)
{
var databaseHost = Configuration["DB_HOST"] ?? "localhost";
// ........
}
// ........
}
My Dockerfile is pretty standard, as Microsoft's documentation states it should be:
FROM microsoft/dotnet:sdk AS build-env
WORKDIR /app
# Copy csproj and restore as distinct layers
COPY *.csproj ./
RUN dotnet restore
# Copy everything else and build
COPY . ./
RUN dotnet publish -c Release -o out
# Build runtime image
FROM microsoft/dotnet:aspnetcore-runtime
WORKDIR /app
COPY --from=build-env /app/out .
EXPOSE 80/tcp
ENTRYPOINT ["dotnet", "ApiProject.dll"]
I define my environment variables in my docker-compose.yml file:
version: '3'
services:
restapi:
build:
context: ./ApiProject
dockerfile: Dockerfile
depends_on:
- db
ports:
- "5000:80"
restart: always
environment:
- DB_HOST=db
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
This docker-compose.yml file works just fine on my local machine. The issue comes when I want to deploy it on the server. Someone online have made a docker-compose file which runs an nginx proxy and containers for automatically retrieving valid SSL certificates using Let's Encrypt (jwilder/nginx-proxy).
It is pretty easy to get it working. When starting a new docker container, you just have to assign it to the correct external docker network (in this case: nginx-proxy), and then give it the following environment variables:
VIRTUAL_HOST: example.comLETSENCRYPT_HOST: example.comLETSENCRYPT_EMAIL: myemail@example.com
Furthermore, instead of mapping ports, you just have to expose port 80. Then when the container starts up, the other containers will automatically get the SSL certificates and make a proxy to the newly started container.
The issue here is the way Microsoft's containers works with environment variables. The container for my web api has a few environment variables of itself, such as DB_HOST=mydbhost.com. It then automatically gets imported in the code. That means I can't add the environment variables (i.e. VIRTUAL_HOST: example.com) needed for the proxy containers to work properly.
I tried out with the following docker-compose.yml configuration:
version: '3'
services:
restapi:
build:
context: ./EffortlessApi
dockerfile: Dockerfile
depends_on:
- db
expose:
- 80
restart: always
environment:
- DB_HOST=db
- VIRTUAL_HOST: my_domain.com
- LETSENCRYPT_HOST: my_domain.com
- LETSENCRYPT_EMAIL: my@email.com
db:
image: postgres
ports:
- "5432:5432"
restart: always
environment:
POSTGRES_USER: "root"
POSTGRES_PASSWORD: "root"
networks:
default:
external:
name: nginx-proxy
But that resolved in the following error when running docker-compose up:
ERROR: The Compose file './docker-compose.yml' is invalid because:
services.restapi.environment contains {"VIRTUAL_HOST":
"api.effortless.dk"}, which is an invalid type, it should be a string
I'm quite lost on how I should solve this issue. I want to easily deploy and manage multiple containers with valid SSL certificates, and this setup is pretty cool, if just it worked with the .NET project as well.
.net docker docker-compose lets-encrypt
.net docker docker-compose lets-encrypt
asked Nov 22 at 14:19
Algorythm
183
asked Nov 22 at 14:19
Algorythm
183
edited Nov 22 at 15:10
asked Nov 22 at 14:19
Algorythm
183
asked Nov 22 at 14:19
Algorythm
183
asked Nov 22 at 14:19
Algorythm
183
183
add a comment |
add a comment |
active
oldest
votes
Your Answer
StackExchange.ifUsing("editor", function () {
StackExchange.using("externalEditor", function () {
StackExchange.using("snippets", function () {
StackExchange.snippets.init();
});
});
}, "code-snippets");
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "1"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432945%2fnet-core-docker-with-automated-ssl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
active
oldest
votes
active
oldest
votes
active
oldest
votes
active
oldest
votes
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Some of your past answers have not been well-received, and you're in danger of being blocked from answering.
Please pay close attention to the following guidance:
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f53432945%2fnet-core-docker-with-automated-ssl%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
