I am trying to host an asp.net core app to nginx as on docs. The app has 2 ports one http and other https. The SSL certificate is provided on nginx and not on appsettings.json.
The appsettings.json code:
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"Kestrel": {
"Endpoints": {
"MyHttpEndpoint": {
"Url": "http://localhost:5000"
},
"MyHttpsEndpoint": {
"Url": "https://localhost:5001"
}
}
}
}
The redirection middlewares is provided on program.cs class:
app.UseHsts();
app.UseHttpsRedirection();
The redirection works when running the app on Visual Studio.
Now I have hosted this app on nginx + ubuntu. The app opens on http but not on https. Redirection does not work.
See the attached images. Note that (test-asp.com is just on etc/hosts and not real domain)
- App opens on http
- App fails on https
Nginx configuration is:
limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
server {
listen 83;
server_name test-asp.com;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name test-asp.com;
ssl_certificate /etc/ssl/certs/server1.crt;
ssl_certificate_key /etc/ssl/private/server1.key;
ssl_session_timeout 1d;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDS>
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling off;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://127.0.0.1:5000;
limit_req zone=one burst=10 nodelay;
}
}
Redirection should work as given on MS DOCS but not here. Any suggestions?
Update
I have also tried the following appsettings with ("https_port": 443) and just one port but no use:
{
"https_port": 443,
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"Kestrel": {
"Endpoints": {
"MyHttpEndpoint": {
"Url": "http://localhost:5000"
}
}
}
}
Update the solution
I just found out that no https port is needed on appsetting.json. The code of this file which works is below:
{
"Logging": {
"LogLevel": {
"Default": "Information",
"Microsoft.AspNetCore": "Warning"
}
},
"AllowedHosts": "*",
"Kestrel": {
"Endpoints": {
"MyHttpEndpoint": {
"Url": "http://localhost:5000"
}
}
}
}
It amazes me that we don't need ssl ports on production appsettings.json?? Anybody who have experience in hosting asp.net core on nginx please share some better solution which you have implemented in the answer.