Search code examples
dockerasp.net-coresslhttpsblazor

How do I switch Docker containers with .NET Blazor applications from HTTP to HTTPS?

We run several self-developed .NET Blazor web applications as Docker containers on a Linux server. Each container runs on port 80 (HTTP) and can be accessed via different host ports (e.g. http://server-ip:8080 for application A, http://server-ip:8081 for application B, etc.).

To make the URLs to the applications more descriptive, we use DNS entries. For example, the host server has the address host.intra.contoso.de, and the applications are accessible via DNS entries such as application1.intra.contoso.de and application2.intra.contoso.de, which also point to the host.

Now we would like to switch the communication to HTTPS.

The main questions are:

  1. What is the best approach to enable HTTPS for this architecture? Should we: 1.1 Implement HTTPS directly in the Docker containers? 1.2. Use a reverse proxy like Nginx on the host to manage the certificates and route the requests?

  2. Are there any special challenges when using SSL encryption due to the use of DNS records (e.g. anwendung1.intra.contoso.de)? How should we manage the certificates and configure the reverse proxy or the applications accordingly?

Additional information:

  • The applications are only accessible in the internal network.
  • Certificates are provided by our internal certificate management.
  • It would be ideal if we could continue to use existing URLs (with the DNS entries).

If further information is required, I will provide it as soon as possible. Thank you very much for any kind of support!

Solution

  • You will need to put certificate and key in a folder . And create nginx.conf like below

    events{}
http{
    server {
        listen 443 ssl;
        server_name application1.intra.contoso.de;

        ssl_certificate /etc/nginx/ssl/certificate.crt;
        ssl_certificate_key /etc/nginx/ssl/private.key;

        location / {
            proxy_pass http://{app1 contianer ip}:80; # Adjust this to point to your backend
        }
    }

    server {
        listen 443 ssl;
        server_name application2.intra.contoso.de;

        ssl_certificate /etc/nginx/ssl/certificate.crt;
        ssl_certificate_key /etc/nginx/ssl/private.key;

        location / {
            proxy_pass http://{app2 contianer ip}:80; # Adjust this to point to your backend
        }
    }
    //redirect http to https for app1, could do same for app2
    server {
        listen 80;
        server_name application1.intra.contoso.de;

        return 301 https://$host$request_uri;
    }
}

    Then you could run the nginx with mount the custom config and ssl folder like following:

    docker run --name my-nginx -d \
    -p 80:80 -p 443:443 \
    -v /path/to/nginx.conf:/etc/nginx/conf.d/default.conf:ro \
    -v /path/to/ssl:/etc/nginx/ssl:ro \
    nginx

    Make sure nginx is in bridge network. Then you could visit "application1.intra.contoso.de" and "application1.intra.contoso.de"