Docker dotnet core

Short notice on how to build docker images from aspnet core apps. So that you can can publish them to cloud services like AWS, GCP and Azure

• Dotnet core docker images for dotnet core
• Microsoft article on building docker images of aspnet core
• How to install docker properly on WSL2

Typical Dockerfile

This is for aspnet core

# https://hub.docker.com/_/microsoft-dotnet-core
FROM mcr.microsoft.com/dotnet/core/sdk:3.1 AS build
WORKDIR /source

# copy everything and build app
COPY aspnetapp/. ./aspnetapp/
WORKDIR /source/aspnetapp
RUN dotnet restore
RUN dotnet publish -c release -o /app --no-restore

# final stage/image
FROM mcr.microsoft.com/dotnet/core/aspnet:3.1
WORKDIR /app
COPY --from=build /app ./
ENTRYPOINT ["dotnet", "aspnetapp.dll"]

build image

docker build -t aspnetapp .

run container

-it means interactive and --rm means the container will be deleted after it exits

docker run -it --rm -p 5000:80 --name aspnetcore_sample aspnetapp

General work with docker

Images

List all

docker images

Should display

REPOSITORY                             TAG                 IMAGE ID            CREATED             SIZE
aspnetapp                              latest              80774e4391e4        55 minutes ago      212MB
mcr.microsoft.com/dotnet/core/sdk      3.1                 336698ad1713        2 days ago          691MB
mcr.microsoft.com/dotnet/core/aspnet   3.1                 9ac62e540b12        2 days ago          207MB

Remove image

docker rmi [image-id]

Containers

List all

docker ps -a

Should display

CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS                          PORTS                  NAMES
d7ad96dca6e9        aspnetapp           "dotnet aspnetapp.dll"   30 seconds ago      Up 30 seconds                   0.0.0.0:5000->80/tcp   aspnetcore_sample2
596e75e8e1d9        aspnetapp           "dotnet aspnetapp.dll"   4 minutes ago       Exited (0) About a minute ago                          aspnetcore_sample

Create new and run in foreground

docker run -p 5000:80 --name aspnetcore_sample aspnetapp

Create new and run in background

docker run -d -p 5000:80 --name aspnetcore_sample aspnetapp

Stop container running in the background

docker stop aspnetcore_sample

Start existing container again

docker start aspnetcore_sample

Restart running container

docker restart aspnetcore_sample

Deploy to Azure

Using Azure Container Registry

First you need to create an Azure Container Registry

Once you have built your image, log in to your registry, lets say you chose the name myazureregistryname

docker login myazureregistryname.azurecr.io

Then you should tag your image

docker tag aspnetapp:latest myazureregistryname.azurecr.io/aspnetapp

Then push it

docker push myazureregistryname.azurecr.io/aspnetapp

HTTPS in developer mode

Helpful SO thread

Method 1

# generate a self-signed cert
dotnet dev-certs https -v

# go to cert
cd ~/.dotnet/corefx/cryptography/x509stores/my

# convert the generated cert from pfx to pem, enter blank pw
openssl pkcs12 -in <certname>.pfx -nokeys -out localhost.crt -nodes

# copy to ca-certificates
sudo cp localhost.crt /usr/local/share/ca-certificates/

# verify the file is there
sudo cat /etc/ssl/certs/localhost.pem

# verify if it's trusted
openssl verify localhost.crt

Method 2

Create localhost.conf

[req]
  default_bits       = 2048
  default_keyfile    = localhost.key
  distinguished_name = req_distinguished_name
  req_extensions     = req_ext
  x509_extensions    = v3_ca

  [req_distinguished_name]
  commonName                  = localhostaspnetcore
  commonName_default          = localhost
  commonName_max              = 64

  [req_ext]
  subjectAltName = @alt_names

  [v3_ca]
  subjectAltName = @alt_names
  basicConstraints = critical, CA:false
  keyUsage = keyCertSign, cRLSign, digitalSignature,keyEncipherment

  [alt_names]
  DNS.1   = localhost
  DNS.2   = 127.0.0.1

Generate cert

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout localhost.key -out localhost.crt -config localhost.conf

# new
openssl req -x509 -newkey rsa:4096 -keyout server.key -out server.crt -days 365 -nodes -subj "/CN=localhost"

# Convert cert to pfx
openssl pkcs12 -export -out localhost.pfx -inkey localhost.key -in localhost.crt

#new
openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt -name "My Self-Signed Certificate" -passout pass:your_password

# Verify
openssl verify -CAfile localhost.crt localhost.crt

Trust cert

# Copy
sudo cp localhost.crt /usr/local/share/ca-certificates
sudo cp server.crt /usr/local/share/ca-certificates/


# Trust
sudo update-ca-certificates

 certutil -d sql:$HOME/.pki/nssdb -A -t "CP,CP," -n localhost -i /usr/local/share/ca-certificates/server.crt

certutil \
  -d sql:$HOME/.pki/nssdb \
  -A \
  -t "CP,CP," \
  -n localhost \
  -i /usr/local/share/ca-certificates/localhost-ca.crt

# Verify exists
sudo cat /etc/ssl/certs/localhost.pem

# Cerify without -CAfile option
cd /usr/local/share/ca-certificates/
sudo openssl verify localhost.crt

Now force kestrel to use it with appsetting.json

"Kestrel": {
    "Certificates": {
        "Default": {
            "Path": "localhost.pfx",
            "Password": ""
        }
    }
}