在 CentOS 7 上使用 Letsencrypt 的 Net Core 2.2

【问题标题】:Net Core 2.2 with Letsencrypt on CentOS 7在 CentOS 7 上使用 Letsencrypt 的 Net Core 2.2
【发布时间】:2019-02-25 14:07:58
【问题描述】:

我正在尝试在我的 asp.net core 2.2 中使用letsencrypt证书 Letencrypt 证书已安装并正常工作..(SSL 实验室测试)

== 抛出异常 ==

[FTL] Unable to start Kestrel. Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle) at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName) at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)

我的 appsettings.json

...
,
  "Kestrel": {
    "EndPoints": {
      "Http": {
        "Url": "http://localhost:5000"
      },
      "HttpsInlineCertFile": {
        "Url": "https://localhost:5001",
        "Certificate": {
          "Path": "/etc/myletsencrypt/cert.pfx"  // ==> this is converted from .pem to pfx
        }
      }
    }
  }

== 程序.cs==

public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)

        .UseStartup<Startup>()   
        .UseUrls("http://0.0.0.0:5000","https://0.0.0.0:5001");

== 启动.cs ==

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddSerilog();

        // linux setting
        app.UseForwardedHeaders(new ForwardedHeadersOptions
        {
            ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
        });

        app.UseAuthentication();
        app.UseHttpsRedirection();

        app.UseMvc(routes =>
        {
            routes.MapRoute(
                name: "default",
                template: "{api}/{controller}/{action}");
        });

}

}

我错过了什么? 有没有人有过这方面的经验?

需要建议

提前非常感谢 唐

【问题讨论】:

    标签: centos7 core


    【解决方案1】:

    最后,我通过在 apache 中设置反向代理解决了这个问题:

    我只使用端口 5000 并为 /api/ 设置 proxypass 所以如果用户访问https://dev.myexample.com/api/xxxx,那么它会转到http://localhost:5000/api/xxxx 我觉得挺好的,不用我做NAT 5000端口

    如果有更好的想法请告诉我

    感谢和问候 唐

    === httpd.conf ===

    <VirtualHost dev.example.com:443>
  ServerName dev.example.com
  DocumentRoot /var/www/html/dev.example.com
  ErrorLog /var/log/httpd/dev.example.com.error.log
  CustomLog /var/log/httpd/dev.example.com.access.log combined

  SSLEngine On

 <Directory "/var/www/html/dev.example.com">
    allow from all
    Options None
  </Directory>

  Include /etc/letsencrypt/options-ssl-apache.conf
  SSLCertificateFile /etc/letsencrypt//dev.example.com/cert.pem
  SSLCertificateKeyFile /etc/letsencrypt/dev.example.com/privkey.pem
  SSLCertificateChainFile /etc/letsencrypt/dev.example.com/chain.pem

<Location /api/>
ProxyPass http://localhost:5000/api/
</Location>
</VirtualHost>

    == 程序.cs ==

    public static void Main(string[] args)
        {
            CreateWebHostBuilder(args).Build().Run();
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
            WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>();

    == == 启动.cs ==

    public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
        {
            loggerFactory.AddSerilog();

            if (!env.IsDevelopment())
            {
                app.UseHsts();

                // linux setting
                app.UseForwardedHeaders(new ForwardedHeadersOptions
                {
                    ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
                });
            }

            app.UseAuthentication();
            app.UseHttpsRedirection();

            app.UseMvc(routes =>
            {
                routes.MapRoute(
                    name: "default",
                    template: "{api}/{controller}/{action}");
            });


        }

    【讨论】:

      猜你喜欢
      • 1970-01-01
      • 2021-08-17
      • 2019-04-06
      • 1970-01-01
      • 2019-05-18
      • 2020-05-13
      • 2019-10-12
      • 1970-01-01
      • 1970-01-01
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode