CentOS 7 上带有 Letsencrypt 的 Net Core 2.2
Net Core 2.2 with Letsencrypt on CentOS 7
我正在尝试在我的 asp.net 核心 2.2 中使用 letsencrypt 证书
letsencrypt 证书已安装并正常工作..(经过 SSL 实验室测试)
==抛出异常==
[FTL] Unable to start Kestrel. Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle) at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName) at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
我的appsettings.json
...
,
"Kestrel": {
"EndPoints": {
"Http": {
"Url": "http://localhost:5000"
},
"HttpsInlineCertFile": {
"Url": "https://localhost:5001",
"Certificate": {
"Path": "/etc/myletsencrypt/cert.pfx" // ==> this is converted from .pem to pfx
}
}
}
}
== program.cs==
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseUrls("http://0.0.0.0:5000","https://0.0.0.0:5001");
== startup.cs ==
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddSerilog();
// linux setting
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{api}/{controller}/{action}");
});
}
}
我错过了什么?
有没有人有这方面的经验?
需要建议
非常感谢
唐
最后,我通过在 apache 中设置反向代理解决了这个问题:
我只使用端口 5000 并为 /api/ 设置了 proxypass
所以如果用户访问 https://dev.myexample.com/api/xxxx then it goes to http://localhost:5000/api/xxxx
我觉得挺好的,还不如非要做NAT 5000端口
如果有更好的想法请告诉我
感谢和问候
唐
=== httpd.conf ===
<VirtualHost dev.example.com:443>
ServerName dev.example.com
DocumentRoot /var/www/html/dev.example.com
ErrorLog /var/log/httpd/dev.example.com.error.log
CustomLog /var/log/httpd/dev.example.com.access.log combined
SSLEngine On
<Directory "/var/www/html/dev.example.com">
allow from all
Options None
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt//dev.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/dev.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/dev.example.com/chain.pem
<Location /api/>
ProxyPass http://localhost:5000/api/
</Location>
</VirtualHost>
== program.cs ==
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>();
==
== startup.cs ==
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddSerilog();
if (!env.IsDevelopment())
{
app.UseHsts();
// linux setting
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
}
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{api}/{controller}/{action}");
});
}
我正在尝试在我的 asp.net 核心 2.2 中使用 letsencrypt 证书 letsencrypt 证书已安装并正常工作..(经过 SSL 实验室测试)
==抛出异常==
[FTL] Unable to start Kestrel. Interop+Crypto+OpenSslCryptographicException: error:2006D002:BIO routines:BIO_new_file:system lib at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle) at Internal.Cryptography.Pal.CertificatePal.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags) at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password) at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName) at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions() at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
我的appsettings.json
...
,
"Kestrel": {
"EndPoints": {
"Http": {
"Url": "http://localhost:5000"
},
"HttpsInlineCertFile": {
"Url": "https://localhost:5001",
"Certificate": {
"Path": "/etc/myletsencrypt/cert.pfx" // ==> this is converted from .pem to pfx
}
}
}
}
== program.cs==
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>()
.UseUrls("http://0.0.0.0:5000","https://0.0.0.0:5001");
== startup.cs ==
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory) { loggerFactory.AddSerilog();
// linux setting
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{api}/{controller}/{action}");
});
}
}
我错过了什么? 有没有人有这方面的经验?
需要建议
非常感谢 唐
最后,我通过在 apache 中设置反向代理解决了这个问题:
我只使用端口 5000 并为 /api/ 设置了 proxypass 所以如果用户访问 https://dev.myexample.com/api/xxxx then it goes to http://localhost:5000/api/xxxx 我觉得挺好的,还不如非要做NAT 5000端口
如果有更好的想法请告诉我
感谢和问候 唐
=== httpd.conf ===
<VirtualHost dev.example.com:443>
ServerName dev.example.com
DocumentRoot /var/www/html/dev.example.com
ErrorLog /var/log/httpd/dev.example.com.error.log
CustomLog /var/log/httpd/dev.example.com.access.log combined
SSLEngine On
<Directory "/var/www/html/dev.example.com">
allow from all
Options None
</Directory>
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt//dev.example.com/cert.pem
SSLCertificateKeyFile /etc/letsencrypt/dev.example.com/privkey.pem
SSLCertificateChainFile /etc/letsencrypt/dev.example.com/chain.pem
<Location /api/>
ProxyPass http://localhost:5000/api/
</Location>
</VirtualHost>
== program.cs ==
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>();
== == startup.cs ==
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
loggerFactory.AddSerilog();
if (!env.IsDevelopment())
{
app.UseHsts();
// linux setting
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
}
app.UseAuthentication();
app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{api}/{controller}/{action}");
});
}