Я пытаюсь запустить приложение ASP. NET Core 3.1 Framework на сервере Ubuntu (18.04.3 LTS), используя контейнер Docker.
Я создал следующее docker-compose.yml файл для запуска на моем сервере изображений nginx-proxy и private_image_name. Очевидно, nginx-proxy - это прокси-сервер, который будет прокси-сервером, который будет перенаправлять трафик c, поступающий из Интернета, на другие мои запущенные образы. Я следовал статье для настройки nginx-proxy.
version: '3.4'
services:
nginx-proxy:
image: jwilder/nginx-proxy
container_name: nginx-proxy
ports:
- 80:80
- 443:443
volumes:
- /var/run/docker.sock:/tmp/docker.sock:ro
- certificates:/etc/certificates
private_image_name:
image: private_image_name:latest
container_name: private_image_name
depends_on:
- nginx-proxy
environment:
- VIRTUAL_HOST=sub.domain-example.com
- ASPNETCORE_ENVIRONMENT=Production
- ASPNETCORE_URLS=https://+:443;http://+:80
ports:
- 51736:80
- 44344:443
volumes:
- storage:/storage
- /var/run/docker.sock:/tmp/docker.sock:ro
- certificates:/etc/certificates
- ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro
- ${APPDATA}/ASP.NET/Https:/root/.aspnet/https:ro
volumes:
storage:
certificates:
networks:
default:
external:
name: nginx-proxy
secrets:
server.cert:
file: ./server.cert
server.key:
file: ./server.key
Оба файла server.cert и server.key хранятся в /etc/certificates. Оба файла были созданы с помощью следующей команды
sudo openssl req -new -newkey rsa:4096 -days 3650 -nodes -x509 -subj "/C=US/ST=CA/L=SF/O=Docker-demo/CN=app.example.org" -keyout server.key -out server.cert
Я попытался запустить оба своих изображения, выполнив docker-composer up. Тем не менее, nginx-proxy не возникло никаких проблем, а private_image_name не удалось запустить. Вот что я получаю при запуске private_image_name попыток запуска
**WARNING**: The APPDATA variable is not set. Defaulting to a blank string.
Recreating private_image ... done
Attaching to private_image
private_image | crit: Microsoft.AspNetCore.Server.Kestrel[0]
private_image | Unable to start Kestrel.
private_image | System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image | Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, and the default developer certificate could not be found or is out of date.
private_image | To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
private_image | For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
private_image | at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IServerAddressesFeature addresses, KestrelServerOptions serverOptions, ILogger logger, Func`2 createBinding)
private_image | at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
private_image | at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
private_image | at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
private_image | at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
private_image | at private_image.Program.Main(String[] args) in /src/private_image/Program.cs:line 17
private_image exited with code 139
Команда dotnet dev-certs https --trust работает только на Windows и macOS.
Вопрос
Как я могу исправить эту проблему на сервере Ubuntu? Как правильно прикрепить сертификат SSL к изображению docker?
Кроме того, когда я go до http://server-ip-address или http://sub.domain-example.com я получаю
503 Сервис временно недоступен nginx / 1.17.5
А когда я go до https://server-ip-address или https://sub.domain-example.com получаю
Невозможно для подключения.