Search code examples
asp.netdockerdocker-composenano-server

How do I go about installing a certificate on a nanoserver-1709 based image on a docker container?

I've been looking around this image for any cert managers but I can't find anything that will help me install a .cer certificate. The 1709 nanoserver image doesn't come with powershell so in order to use that I would have to do a multi-staged build with the microsoft/windowsservercore image but I'm not quite sure how I'd go about doing this, I can't seem to find anything through google that will help.

If anybody knows a way to install the cert with or withour a multi-stage build that would be very appreciated.

For those interested, here's my docker-compose.yml and Dockerfile

docker-compose.yml

version: '3'

services:
  myapp:
    image: myapp
    ports:
    - "5000:80"
    build:
      context: .
      dockerfile: MyApp\Dockerfile
    container_name: "myapp"
    hostname: "myapp"
    depends_on:
      - db
  db:
    image: "microsoft/mssql-server-windows-express"
    environment:
      SA_PASSWORD: ""
      ACCEPT_EULA: "Y"
    container_name: "myapp"
    hostname: "myapp"

Dockerfile

FROM microsoft/aspnetcore:2.0-nanoserver-1709 AS base
WORKDIR /app
EXPOSE 80

FROM microsoft/aspnetcore-build:2.0-nanoserver-1709 AS build
WORKDIR /src
COPY MyApp.sln ./
COPY MyApp/MyApp.csproj MyApp/
RUN dotnet restore -nowarn:msb3202,nu1503
COPY . .
WORKDIR /src/MyApp
RUN dotnet restore
RUN dotnet ef database update
RUN dotnet build -c Release -o /app

FROM build AS publish
RUN dotnet publish -c Release -o /app

FROM base AS final
WORKDIR /app
COPY --from=publish /app .
ENTRYPOINT ["dotnet", "MyApp.dll"]

Thanks!

Solution

  • On some images, there is a tool called certoc.exe that allows you to import a certificate (usage: certoc.exe -addstore root my_root_certificate.cer). This tool is not present on the 1709 images, but is present on images such as microsoft/nanoserver:sac2016.

    To sum-up, the best way I found to deal with that is to change the Dockerfile to contain something like:

    FROM microsoft/nanoserver:sac2016 as tool COPY --from=tool /Windows/System32/certoc.exe . USER ContainerAdministrator RUN certoc.exe -addstore root my_root_certificate.cer

    Complete example available here: https://pvlerick.github.io/2018/11/how-to-run-an-https-asp.net-core-app-using-test-certificates-in-nanoserver-1709-1803-with-docker

    A huge thanks to Joshua Chini here: https://joshuachini.com/2018/02/08/how-to-import-an-enterprise-certificate-into-a-windows-container/