asp.net core網站SSL nginx配置

時間 2019-11-12

標籤 asp.net asp core 網站 ssl nginx 配置欄目 ASP 简体版

原文原文鏈接

1.前提
首先須要申請SSL驗證，我用的是阿里
阿里有個1年時間的免費安全令牌申請，固然能夠選擇其餘收費或免費機構nginx

2.
關鍵一些配置，這裏是centos系統的nginxweb

server {
    listen  443;
    ssl on;
    server_name    admin.mu-booking.com;
    ssl_certificate     /www/wwwroot/Cf.WebApp/wwwroot/cert/fullchain.pem;
    ssl_certificate_key /www/wwwroot/Cf.WebApp/wwwroot/cert/privkey.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;   
    

    location / {
    try_files $uri @gunicorn_proxy;
    }

    location @gunicorn_proxy {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_redirect off;
            proxy_pass https://127.0.0.1:5443;
            proxy_connect_timeout 500s;
            proxy_read_timeout 500s;
            proxy_send_timeout 500s;
    }
    
      location ~/Hub {
        proxy_pass https://127.0.0.1:5443; 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection upgrade;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

ssl_certificate,ssl_certificate_key 路徑要對應好，固然路徑能夠設置到其餘位置，方便更新，
這個SSL驗證令牌文件，下載時要選擇好對應的服務，有nginx,有iis,阿帕奇的等等，反正都會兼容主流的服務。

這裏看出，咱們的web必須有個可訪問的內網地址。例如 https://127.0.0.1:5443
而後nginx會代理到443 ssl端口，外網就直接能夠用https訪問了。centos

3.
一些.net core下ssl的設置安全

public class Program
    {
        public static void Main(string[] args)
        {
            // NLog: setup the logger first to catch all errors
            var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger();
            try
            {
                logger.Debug("init main");
                CreateWebHostBuilder(args).Build().Run();
            }
            catch (Exception ex)
            {
                //NLog: catch setup errors
                logger.Error(ex, "Stopped program because of exception");
                throw;
            }
            finally
            {
                // Ensure to flush and stop internal timers/threads before application-exit (Avoid segmentation fault on Linux)
                NLog.LogManager.Shutdown();
            }
        }

        public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
          WebHost.CreateDefaultBuilder(args)
              .UseStartup<Startup>()
             .UseKestrel().UseUrls("http://*:5004", "https://*:5443")
              .ConfigureLogging(logging =>
              {
                  logging.ClearProviders();
                  logging.SetMinimumLevel(LogLevel.Trace);
              })
              .UseNLog();
    }