Search code examples
asp.net-corekestrel

How to configure Kestrel for HTTPS outside of the app’s distributables?


I keep seeing people put HTTPS config including urls and certificate paths inside program.cs. I get that I wouldn’t have to leave the actual string literals in there and could pull them from somewhere else, but it still strikes me as an odd place to do this.

Apparently everything necessary can also be configured in appsettings.json without touching any compiled code. This feels much better, but since appsettings.json is published together with the app, I would prefer to keep it agnostic of such environment matters. Ideally I would be able to update the app by dropping the entire output of dotnet publish on top of it and restarting Kestrel, which would overwrite appsettings.json.

I would also like to keep this out of appsettings.json because it’s a hassle in the dev environment, where I don’t care about https.

Tbh I would like to let users configure everything specific to their hosting environment, including whether they want https at all, in dotnet run just like you can bind to urls/ports using --urls.

So my question is, is there a dotnet run equivalent to this appsettings.json?

"Kestrel": {
    "EndPoints": {
        "Http": {
            "Url": "http://example.com:80"
        },
        "Https": {
            "Url": "https://example.com:443",
            "Certificate": {
                "Subject": "example.com",
                "Store": "webhosting"
                "Location": "LocalMachine"
            },
        }
    }
},

Thanks!


Solution

  • indeed everything in appsettings.json can be transformed to dotnet run switches (and also environment variables).

    Your example configuration would look like so (line breaks added for readability):

    --Kestrel:Endpoints:Https:Url=https://*:443
    --Kestrel:Endpoints:Https:Certificate:Subject=example.com
    --Kestrel:Endpoints:Https:Certificate:Store=webhosting
    --Kestrel:Endpoints:Https:Certificate:Location=LocalMachine
    

    You can probably spot the pattern. For environment variables you would use __ instead of :.

    See this great post for more info: https://www.paraesthesia.com/archive/2018/06/20/microsoft-extensions-configuration-deep-dive/