4

I have an Asp.net core 3.1 web app in docker and in Azure Service Fabric.

The asp.net core web app has https enabled and gets its Certificate from AzureKeyVault. When deployed it seems the https is not responding but http works.

The console host looks so

public static void ConfigureKestrelServer(this IWebHostBuilder host)
    {
        try
        { 
            host.ConfigureKestrel(options =>
            {
               
                options.ConfigureHttpsDefaults(listenOptions =>
                {
                    listenOptions.ServerCertificate = GetCertificateFromStore();
                });

            });
        }
        catch (System.Exception e)
        {
            throw;
        }
    }

    public static X509Certificate2 GetCertificateFromStore()
    {
        return  AzureKeyVaultExtensions.GetCertificateSecretAsync().GetAwaiter().GetResult();
    }

The code above is able to download the certificate when deployed. The docker file looks like this

FROM  mcr.microsoft.com/dotnet/core/aspnet:3.1    
ARG source
WORKDIR /app
ADD ${source} . 
ENV APP_UTILS=C:\\app 
VOLUME ${APP_UTILS}    
EXPOSE 80
EXPOSE 443 
ENTRYPOINT ["dotnet", "MyWebApp.dll"]
Arshad Badar Khan
  • 942
  • 1
  • 12
  • 32

1 Answers1

0

You probably should do SSL Termination somewhere in front of your container. But if you want to do it in the container, I believe you need to map the port via Service Fabric as well.

https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-tutorial-package-containers#configure-communication-and-container-port-to-host-port-mapping

https://learn.microsoft.com/en-us/azure/service-fabric/service-fabric-service-manifest-resources#example-specifying-an-https-endpoint-for-your-service

You probably need a second entry here:

<Resources>
  <Endpoints>
      <!-- This endpoint is used by the communication listener to obtain the port number on which to
           listen. Note that if your service is partitioned, this port is shared with
           replicas of different partitions that are placed in your code. -->
      <Endpoint Name="ServiceEndpoint1" Protocol="http"/>
      <Endpoint Name="ServiceEndpoint2" Protocol="http" Port="80"/>
      <Endpoint Name="ServiceEndpoint3" Protocol="https"/>
      <Endpoint Name="ServiceEndpoint4" Protocol="https" Port="14023"/>
  </Endpoints>
</Resources>

There is also a bin more information specifically on HTTPs, but you need to check which part apply to your setup.

Alex AIT
  • 17,361
  • 3
  • 36
  • 73