angular docker debian lets-encrypt aspnetcore-environment

Debian / docker / aspnet core : SSL

I meet some problems with my aspnetcore API's and Linux's environment.

I have an Angular project et 5 .net projects (API's and Worker Services) deployed for each of them in an docker container, all orchestred by a docker-compose.

I have a last Nginx container and I successfully certified my domain with "Letsencrypt" (docker image), that work's with my angular project.

But when I try to do request from the client to the aspnetcore API's (self-signed certificate), this doesn't work at all.

ISSUE => net::ERR_CERT_AUTHORITY_INVALID

So, I read many and many topics and articles about this issue, and I found this last article : https://letsencrypt.org/docs/certificates-for-localhost/, that explain, we can't certified "localhost" , so we should declare our self-signed certificate in each browser.

So my question is : can I do that once for all and for every user want to access my website?

May be aspnetcore and linux are absolutely not compatible (especially for SSL).

What can I do? I am a bit lost now...

Solution

Proxy all your traffix through nginx and set the API as an upstream.

Example nginx config(add your already working TLS config to this):

worker_processes 1;

events { worker_connections 1024; }

http {

    sendfile on;

    upstream web-api {
        server mydotnetapi:80;
    }

    server {
        listen 80;
        server_name example.com;
        location /symbiosisapi/ {
            proxy_pass         http://web-api/;
            proxy_redirect     off;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
        
        
        location / {
            autoindex on;
            root  /home/www-data/mysite;
        } 
    }
}

If someone hits the / location, it will receive the static stuff, and if someone hits the /api location the requests will be forwarded to your dotnet API. And nginx will handle all the TLS. Change the mydotnetapi to you container name what you set up in your compose file.