. net core and jexus configuration HTTPS service method

Time:2020-2-7

Spent a few days, read a lot of blogs, and finally got the HTTPS service of the website, so as to write a blog, so as to make friends in need less detours.

1、 Environment introduction

1. Under Linux, a website is deployed in the docker container. The website needs to access the Microsoft login platform through an external provider, using the oauth2.0 protocol. Therefore, SSL service must be used, and HTTPS service must be added to the website.

  

2. Outside the container, the host uses jexus for port forwarding. (I didn’t plan to use jexus, but I saw it was wrong, so I had to pull it in.)

3. HTTPS service needs certificate. You can apply for the free certificate https://console.cloud.tencent.com/ssl on Tencent cloud within one day. Please pay attention!!! If we use jexus as well as I do, and there is no jexus in the certificate download package provided by Tencent cloud, only IIS, nginx, Apache,

We can directly use the two files of nginx. The first is the CRT file, and the second is the key file.

If you need a file with the end of PFX, you can synthesize the two files to generate a PFX file by command:

openssl pkcs12 -export -out server.pfx -inkey server.key -in server.crt

Just change the file name to your file name. Or Du Niang also has the website that pastes the content and then generates automatically. Don’t knock the order, it will no longer provide the website.

2、 Full configuration

First of all, I want to say that I have configured the HTTPS service in jexus and the website running in the docker container.As shown in this figure:

  

Some people may think that it’s enough to only configure jexus. Of course, it’s enough to configure jexus, but if I need to call a website supported by oauth2.0 protocol in my website, the HTTP protocol is always used to return the address. There’s no problem in the development environment, but once the domain name or IP address is accessed, the HTTP protocol is generated.

I have configured the external provider of Microsoft. When I click the button, I will jump to the Microsoft login page:

After the jump, the URL of the current login page indicates some parameters that we want, such as redirect \ u URL. At this time, I have configured the HTTPS protocol on the website. When it is not configured, the redirect \ u URL is always http

OK, start to configure HTTPS service:

1. Configure HTTPS protocol in. Net core

First of all, it may be necessary to make clear about the request forwarding between jexus and the website. This is also a question I want to make clear. When jexus port forwards the request, is it still HTTPS protocol, or is it just request forwarding? When it comes to the website, it becomes HTTP again.Just like this model, after jexus forwarding, is it HTTP protocol or HTTPS protocol after entering kestrel? I hope you guys can help me. I didn’t find any references.

    

What I can do is to visit the website without configuring HTTPS protocol in kestrel. Although it is successful to visit the website, it will be the HTTP protocol used when the website is accessed by callback address after the successful login by the third party of Microsoft. It will also cause problems. It conflicts with OAuth’s requirement that the service using SSL must use HTTPS protocol, which urges me to be in kestrel Configure HTTPS protocol. The specific configuration is as follows:

In the program.cs file, add the previously synthesized PFX file. In this case, I need to use a certificate for each website running in my container. At the same time, please note that. Useurls (“HTTPS:” / /: 443 “) cannot be used here to set HTTPS service. If. Usekestrel() is not configured, an error will be reported. Please note!

using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Server.Kestrel.Core;
using System.Security.Cryptography.X509Certificates;
using System.Net;
using Identity.Api.Web.Core;

namespace Identity.Api
{
 public class Program
 {
 public static void Main(string[] args)
 {
  BuildWebHost(args).Run();
 }

 public static IWebHost BuildWebHost(string[] args) =>
  WebHost.CreateDefaultBuilder(args)
  //.UseJexusIntegration()
  .UseKestrel(options =>
  {
   options.Listen(IPAddress.Any, 1101, listenOptions =>
   {
   Var certificate = new x509certificate2 ("hdshopserver. PFX", "your certificate password");
   listenOptions.UseHttps(certificate);
   });
  })
  .UseStartup<Startup>()
  .Build();
 }
}

2. Configure HTTPS protocol on jexus (skip here if jexus is not used or is not used)

First of all, through the command, I found that my version of jexus is 5.8.3, which supports HTTPS.

  

Enter your jexus configuration folder, and I will use graphics to show more intuitive points:

The specific file functions of jexus will not be introduced any more. Here, only for configuring certificate services, you need to view themUse details based on jexus-5.6.3

We can configure all websites on the whole server to use HTTPS service in jws.conf:

You can also configure the separate website you need to use HTTPS service in siteconf:

Through usehttps = true and the two files mentioned above, the HTTPS service of jexus is finished. Then you can view the information through HTTPS: / / domain name. If it fails, you can view the information in the log file under the jexus folder, which is very important!!.

We also need to thank @ wordless 1994 for its help in the configuration of jexus. When we first configured it, we used the certificate generated by our own command on the server. No matter what, we couldn’t see the website page. Then we used the certificate on Tencent cloud to smooth it out!

After two configurations, my website can use HTTPS service. Therefore, it’s no problem to log in to the third-party page of Microsoft on the external provider of Microsoft, which can be displayed normally.

To view it, visit https://www.hdshop.xyz: 1101 /. Call the Microsoft login page through the login button.

3、 Personal summary

In terms of configuration, I took many detours. First of all, I just wanted to configure in the website, but I tried to find that when I closed jexussh /usr/jexus/jws stop, that is to say, the website can be accessed successfully by directly facing the Internet.

  

At this time, each website in each container has its own HTTPS service configured, but if you think of it here, you will feel that each website is configured, which is a bit redundant. Then you can configure it directly on jexus.Certainly.

 

After the configuration is completed on jexus, the HTTPS services configured on each website are removed. If a website does not need to use those requiring high security, such as OAuth, wechat payment, etc., then it is enough to configure HTTPS services on jexus. However, after using those security requirements, its website also needs to configure HTTPS services. As a result, I was trapped for many days, and the final effect was:

 

4、 Leave questions to ask for help

The first question is in the picture mentioned before:

What is the mode of transmission between jexus and kestrel? I can see that it is the TCP used. But for example, the URL that users visit is https://xxx.com to enter jexus, and the service is transferred to kestrel. What is received in kestrel is https://xxx.com or http://xxx.com, or other ways.

The second problem is to see the solution of HTTP redirection to HTTPS provided by Microsoft in the process of configuration, which means that I will convert the HTTP access request to HTTPS access request after I access through HTTP? That is to say, there are two ways to support HTTP and HTTPS, right?

The above. Net core and jexus HTTPS service configuration method is all that Xiaobian has shared with you. I hope it can give you a reference, and I hope you can support developepaer more.