【问题标题】:Why my docker container with SSL does not work?为什么我的带有 SSL 的 docker 容器不起作用?
【发布时间】:2023-01-14 07:27:22
【问题描述】:

我的 startup.cs 已经适用于 https。我将它用于 Windows Server。但是我想实现docker技术。我在没有https的情况下实现了它。在我通过 https 后,它不再起作用了。这是我的 docker 运行命令 =>

docker run --name containername -p 8081:80 -p 8082:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8082 -e ASPNETCORE_Kestrel__Certificates__Default__Password="mypass" -e ASPNETCORE_Kestrel__Certificates__Default__Path=/https/myssl.pfx -v rbpc\.dotnet\https -e DOTNET_SYSTEM_GLOBALIZATION_INVARIANT=false -d username/repositoryname:versionname

这是我在 docker cli 上的错误 =>

crit: Microsoft.AspNetCore.Server.Kestrel[0]

      Unable to start Kestrel.

      Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file

         at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)

         at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)

         at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)

         at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)

         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)

         at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()

         at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()

         at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()

         at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)

         at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)

Unhandled exception. Interop+Crypto+OpenSslCryptographicException: error:2006D080:BIO routines:BIO_new_file:no such file

   at Interop.Crypto.CheckValidOpenSslHandle(SafeHandle handle)

   at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)

   at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)

   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)

   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Certificates.CertificateConfigLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)

   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert()

   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Reload()

   at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()

   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)

   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)

   at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)

   at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)

   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)

   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)

   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)

   at MyWebApi.Program.Main(String[] args) in /src/MyWebApi/Program.cs:line 16

【问题讨论】:

  • 在我的 docker-compose 中,ASPNETCORE_ 之后的部分之间有 __(即 ASPNETCORE_Kestrel__Certificates__Default__Password)。这有什么区别吗?
  • 我已将您的建议和错误更改为 x509 @DiplomacyNotWar
  • 您的卷装载似乎无效:-v rbpc\.dotnet\https。我希望你想要-v rbpc\.dotnetnet\https://https
  • 你的解决方案给了我一个错误,它是“docker:来自守护进程的错误响应:创建 rbpc\.dotnet\https:“rbpc\\.dotnet\\https”包含本地卷名的无效字符,只有“[a-zA- Z0-9][a-zA-Z0-9_.-]" 是允许的。如果您打算传递主机目录,请使用绝对路径。
  • 啊,那么你需要 rbpc\.dotnet\https 的完整路径(我似乎也打错了)。那是主机上的一个文件夹,对吧?

标签: c# docker asp.net-core ssl dockerfile


【解决方案1】:

使用--user ContainerAdministrator 应该可以解决这个问题。

【讨论】:

    猜你喜欢
    • 2016-01-23
    • 1970-01-01
    • 2014-11-23
    • 1970-01-01
    • 2023-03-29
    • 2023-03-21
    • 1970-01-01
    • 2023-03-21
    • 2020-03-23
    相关资源
    最近更新 更多