kestrelhttps's Introduction

Enforce HTTPS for an ASP.NET Web API hosted in Kestrel

Kestrel used as an edge (Internet-facing) web server.

Medium Article: Hosting an ASP.NET Core App on Docker with HTTPS

Configure Kestrel

Kestrel used as an edge server without a reverse proxy server doesn't support sharing the same IP and port among multiple processes. When Kestrel is configured to listen on a port, Kestrel handles all of the traffic for that port regardless of requests' Host headers.

Kestrel options

Maximum request body size The default maximum request body size is 30,000,000 bytes, which is approximately 28.6 MB.

The recommended approach to override the limit in an ASP.NET Core MVC app is to use the RequestSizeLimitAttribute attribute on an action method:
```
[RequestSizeLimit(100 * 1024 * 1024)]
public IActionResult MyActionMethod()
```
Minimum request body data rate

Kestrel checks every second if data is arriving at the specified rate in bytes/second. If the rate drops below the minimum, the connection is timed out. The grace period is the amount of time that Kestrel gives the client to increase its send rate up to the minimum; the rate isn't checked during that time. The grace period helps avoid dropping connections that are initially sending data at a slow rate due to TCP slow-start.

The default minimum rate is 240 bytes/second with a 5 second grace period.

A minimum rate also applies to the response. The code to set the request limit and the response limit is the same except for having RequestBody or Response in the property and interface names.
Request headers timeout

Gets or sets the maximum amount of time the server spends receiving request headers. Defaults to 30 seconds.

Build an ASP.NET Core Web App on Docker

# in this directory
docker compose up --build

Then visit https://localhost:44392/

# in this directory
docker build . -t aspnetapp
docker run -it -p 5000:5000 aspnetapp
docker run --rm -it \
    -p 5000:5000 -p 5001:5001 \
    -e ASPNETCORE_URLS="https://+;http://+" \
    -e ASPNETCORE_HTTPS_PORT=5001 \
    -e ASPNETCORE_Kestrel__Certificates__Default__Password="mypassword123" \
    -e ASPNETCORE_Kestrel__Certificates__Default__Path=//https/aspnetapp.pfx \
    -v /$PWD/https/aspnetapp.pfx://https/aspnetapp.pfx \
    aspnetapp

Check Certificate

HTTPS Redirect

License

Feel free to use the code in this repository as it is under MIT license.

kestrelhttps's People

Contributors

Stargazers

Watchers

kestrelhttps's Issues

Unable to start Kestrel

When I download your repo and run this command

docker-compose up

I get this error

api_1  | crit: Microsoft.AspNetCore.Server.Kestrel[0]
api_1  |       Unable to start Kestrel.
api_1  | Interop+Crypto+OpenSslCryptographicException: error:0D06B08E:asn1 encoding routines:asn1_d2i_read_bio:not enough data
api_1  |    at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromBio(SafeBioHandle bio, SafePasswordHandle password)
api_1  |    at Internal.Cryptography.Pal.OpenSslX509CertificateReader.FromFile(String fileName, SafePasswordHandle password, X509KeyStorageFlags keyStorageFlags)
api_1  |    at System.Security.Cryptography.X509Certificates.X509Certificate..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
api_1  |    at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)
api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadCertificate(CertificateConfig certInfo, String endpointName)
api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.LoadDefaultCert(ConfigurationReader configReader)
api_1  |    at Microsoft.AspNetCore.Server.Kestrel.KestrelConfigurationLoader.Load()
api_1  |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.ValidateOptions()
api_1  |    at Microsoft.AspNetCore.Server.Kestrel.Core.KestrelServer.StartAsync[TContext](IHttpApplication`1 application, CancellationToken cancellationToken)

I have the latest 3.1 SDK

Recommend Projects