Nginx and Certbot won't forward to 443, only port 5001 on aspnet core and kestrel

北城余情 提交于 2019-12-08 14:28:24

问题


I'm trying to deploy an aspnet core 2.2 site with the following setup but when entering url somesite.co.uk it forwards to port 5001 and not 443. Can anyone spot what I'm doing wrong?

When entering somesite.co.uk in a browser it redirects to https://somesite.co.uk:5001

C#-Program

public class Program
{
    public static void Main(string[] args)
    {
        CreateWebHostBuilder(args).Build().Run();
    }

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>();
}

C# - appsettings.json

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://0.0.0.0:5000"
      },
      "Https": {
        "Url": "https://0.0.0.0:5001"
      }
    }
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Linux - /etc/systemd/system/kestrel-somesite.service

[Service]
WorkingDirectory=/usr/share/nginx/html
ExecStart=/usr/bin/dotnet /usr/share/nginx/html/somesite.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-coretest
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_HTTPS_PORT=5001
Environment=ASPNETCORE_URLS=http://*:5000;https://*:5001

[Install]
WantedBy=multi-user.target

Linux - /etc/nginx/sites-available/first.conf

server {

    server_name somesite.co.uk;
    root /usr/share/nginx/html;

        location / {
            proxy_pass         http://localhost:5000;
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/somesite.co.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/somesite.co.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = somesite.co.uk) {
        return 301 https://$server_name$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name somesite.co.uk;
    return 404; # managed by Certbot

}

回答1:


But have you remembered to use app.UseForwaredHeaders in startup?

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
   ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

Usually you don't have to specify ports in the service file (the last two environment lines). I recommend going over the docs at linode for nginx too, they are helpful in addition to the official docs in microsoft's site.



来源:https://stackoverflow.com/questions/55170709/nginx-and-certbot-wont-forward-to-443-only-port-5001-on-aspnet-core-and-kestre

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!