dockerized blazor wasm over https 不起作用

Question

我需要在 docker 容器中运行 blazor wasm 托管 pwa 并使其通过 https 运行。我关注了这个Quick Start 但它似乎并没有像预期的那样对 blazor 起作用。完全相同的步骤也适用于其他 asp.net 核心项目（如 webapi 项目）。

以下是重现的步骤：

• 在文件夹Foo/ 中创建一个示例 blazor wasm 托管 pwa：

  dotnet new blazorwasm --hosted --pwa

• 创建一个 docker 文件：

FROM mcr.microsoft.com/dotnet/sdk:5.0-alpine as builder

WORKDIR /src

COPY ./Shared/Foo.Shared.csproj Shared/
COPY ./Client/Foo.Client.csproj Client/
COPY ./Server/Foo.Server.csproj Server/
COPY ./Foo.sln .

RUN dotnet restore

COPY . .

RUN dotnet build -c Release --no-restore

RUN dotnet publish -c Release --no-build ./Server -o /publish

FROM mcr.microsoft.com/dotnet/aspnet:5.0-alpine as runner
WORKDIR /app
COPY --from=builder /publish .

ENTRYPOINT dotnet Foo.Server.dll

• 从 dockerfile 创建一个图像：

  docker build -t Foo:latest .

• 要使其与 https 一起使用，我们需要一个证书。因此，为本地开发创建一个：

  dotnet dev-certs https -ep ./.aspnet/https/Foo.Server.pfx -p Password

  dotnet dev-certs https --trust

因为证书名称应该与程序集名称相同，而 Foo.Server 是程序集的名称（因为服务器项目将运行并为客户端项目的文件提供服务），我是对的吗？

• 接下来，在用户密码中添加证书的密码：

  cd Server/

  dotnet user-secrets init

  dotnet user-secrets set "Kestrel:Certificates:Default:Password" "Password"

• 现在，运行容器并将证书的文件夹挂载为卷，以便 Kestrel 找到它。同时挂载 UserSecrets 以提供证书的密码：

docker run --rm -it -p 8000:80 -p 8001:443 -e ASPNETCORE_URLS="https://+;http://+" -e ASPNETCORE_HTTPS_PORT=8001 -e ASPNETCORE_ENVIRONMENT=Development -v "C:\Absolute\Path\To\Foo\.aspnet\https":/root/.aspnet/https/ -v "C:\Absolute\Path\To\UserSecrets":/root/.microsoft/usersecrets/ Foo:latest

预期行为：容器启动，应用可通过端口 8001 上的 https 访问。

实际行为：抛出异常，表示未找到证书。

Microsoft.AspNetCore.Server.Kestrel[0]
      Unable to start Kestrel.
      System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate was specified, 
and the default developer certificate could not be found or is out of date.
      To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
      For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
         at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
         at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)      
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable`1 listenOptions, AddressBindContext context)
         at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)
         at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
Unhandled exception. System.InvalidOperationException: Unable to configure HTTPS endpoint. No server certificate 
was specified, and the default developer certificate could not be found or is out of date.
To generate a developer certificate run 'dotnet dev-certs https'. To trust the certificate (Windows and macOS only) run 'dotnet dev-certs https --trust'.
For more information on configuring HTTPS see https://go.microsoft.com/fwlink/?linkid=848054.
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions, Action`1 configureOptions)
   at Microsoft.AspNetCore.Hosting.ListenOptionsHttpsExtensions.UseHttps(ListenOptions listenOptions)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.AddressesStrategy.BindAsync(AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.AddressBinder.BindAsync(IEnumerable`1 listenOptions, AddressBindContext context)
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.BindAsync(CancellationToken cancellationToken)  
   at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServerImpl.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)
   at Microsoft.AspNetCore.Hosting.GenericWebHostService.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.Internal.Host.StartAsync(CancellationToken cancellationToken)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.RunAsync(IHost host, CancellationToken token)
   at Microsoft.Extensions.Hosting.HostingAbstractionsHostExtensions.Run(IHost host)
   at foo.Server.Program.Main(String[] args) in /src/Server/Program.cs:line 16

编辑：我使用的是 Windows 10 和 .Net5

Answer 1

原来我必须添加证书的路径和密码：

dotnet user-secrets set "Kestrel:Certificates:Default:Path" "/root/.aspnet/https/Foo.Server.pfx"

在其他类型的项目（除了 blazor）中，我不必明确添加此路径。我认为是因为/root/.aspnet/https 被视为默认文件夹，如果没有提及路径，则在其中查找证书。但对于 blazor 项目，显然没有。