asp.net core网站SSL nginx配置

时间 2019-11-12

标签 asp.net asp core 网站 ssl nginx 配置栏目 ASP 繁體版

原文原文链接

1.前提
首先须要申请SSL验证，我用的是阿里
阿里有个1年时间的免费安全令牌申请，固然能够选择其余收费或免费机构nginx

2.
关键一些配置，这里是centos系统的nginxweb

server {
    listen  443;
    ssl on;
    server_name    admin.mu-booking.com;
    ssl_certificate     /www/wwwroot/Cf.WebApp/wwwroot/cert/fullchain.pem;
    ssl_certificate_key /www/wwwroot/Cf.WebApp/wwwroot/cert/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;   
    

    location / {
    try_files $uri @gunicorn_proxy;
    }

    location @gunicorn_proxy {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_pass https://127.0.0.1:5443;
            proxy_connect_timeout 500s;
            proxy_read_timeout 500s;
            proxy_send_timeout 500s;
    }
    
      location ~/Hub {
        proxy_pass https://127.0.0.1:5443; 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

ssl_certificate,ssl_certificate_key 路径要对应好，固然路径能够设置到其余位置，方便更新，
这个SSL验证令牌文件，下载时要选择好对应的服务，有nginx,有iis,阿帕奇的等等，反正都会兼容主流的服务。

这里看出，咱们的web必须有个可访问的内网地址。例如 https://127.0.0.1:5443
而后nginx会代理到443 ssl端口，外网就直接能够用https访问了。centos

3.
一些.net core下ssl的设置安全

public class Program
    {
        public static void Main(string[] args)
        {
            // NLog: setup the logger first to catch all errors
            var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();
            try
            {
                logger.Debug("init main");
                CreateWebHostBuilder(args).Build().Run();
            }
            catch (Exception ex)
            {
                //NLog: catch setup errors
                logger.Error(ex, "Stopped program because of exception");
                throw;
            }
            finally
            {
                // Ensure to flush and stop internal timers/threads before application-exit (Avoid segmentation fault on Linux)
                NLog.LogManager.Shutdown();
            }
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
          WebHost.CreateDefaultBuilder(args)
              .UseStartup<Startup>()
             .UseKestrel().UseUrls("http://*:5004", "https://*:5443")
              .ConfigureLogging(logging =>
              {
                  logging.ClearProviders();
                  logging.SetMinimumLevel(LogLevel.Trace);
              })
              .UseNLog();
    }

最简单的，UseKestrel()后加UseUrls,这样2个地址均可以启动了。
若是没UseKestrel,直接UseUrls是只能使用httpapp