Senti
Senti
PostsComments
CC#
Created by Senti on 6/10/2024 in #help
Webapi with SSL in production, using docker
Hi there, I'm able to run my webapi on HTTP through docker (and docker-compose) on my production server (classic VPS). I found a lot of different things about certificates on the web, to enable HTTPS, but nothing is clear to me. Could you give me some hint about what needs to be done ? At this stage, I already have a fullchain.pem and privkey.pem files (generated with LetsEncrypt, and used by my nginx container, serving my Angular app on HTTPS). Can I use these 2 files to enable HTTPS on the API container ? I see we can use "openssl" to map these files into one pfx certificate. Is it the way to go ? I also saw some info about "dotnet dev-certs", but I guess it's only for development purpose ? In my docker-compose, I have my backend block done this way (but not working) : 
backend:
    container_name: myWebApi
    image: mydockerhub/myWebApi:1.0
    expose:
      - "5001"
    depends_on:
      - database
    restart: always
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - ASPNETCORE_URLS=https://+5001
      #- ASPNETCORE_Kestrel__Certificate__Default__Path=/app/cert/some_certificate.pfx
      #- ASPNETCORE_Kestrel__Certificate__Default__Password=some_password
      - DB_CONNECTION_STRING=server=database;port=3306;user id=root;password=root;database=some_db
    volumes:
      - ./cert:/app/cert:ro
backend:
    container_name: myWebApi
    image: mydockerhub/myWebApi:1.0
    expose:
      - "5001"
    depends_on:
      - database
    restart: always
    environment:
      - ASPNETCORE_ENVIRONMENT=Production
      - ASPNETCORE_URLS=https://+5001
      #- ASPNETCORE_Kestrel__Certificate__Default__Path=/app/cert/some_certificate.pfx
      #- ASPNETCORE_Kestrel__Certificate__Default__Password=some_password
      - DB_CONNECTION_STRING=server=database;port=3306;user id=root;password=root;database=some_db
    volumes:
      - ./cert:/app/cert:ro
Is it the good way to do (if I remove both comments) ? Do I have to handle something particular on code side ? Is the solution to use some reverse_proxy in front of the API ? (if I understand, the idea could be to use some nginx receiving HTTPS calls, and passing it to the API only in HTTP) Sorry I'm a bit lost, my brain has burnt all day long on this. Thanks for any help !
6 replies