I am trying and failing at deploying an ASP.NET Core 6 MVC app in a docker container over ssl. I have a mystery crash issue of which I can't seem to find the cause. I can't even get a meaningful error. It works perfectly when I run it locally and it even works over docker "non-ssl" lol. But for some reason when I follow the Microsoft docs https://learn.microsoft.com/en-us/aspnet/core/security/docker-compose-https?view=aspnetcore-6.0, it fails.
This is what my Dockerfile looks like:
FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
WORKDIR /app
# Copy everything
COPY . ./
# Restore as distinct layers
RUN dotnet restore
RUN dotnet publish -c Development -o out
# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:6.0
WORKDIR /app
COPY --from=build-env /app/out .
ENTRYPOINT ["dotnet", "amaranth.dll"]
This is docker-compose.yml:
version: '3.8'
volumes:
data:
services:
postgresql_MENTIONvlt_bg:
image: postgres
# explicit container name
container_name: postgresql_vlt_bg
env_file:
- .env
ports:
- 5432:5432
volumes:
- data:/var/lib/postgresql_vlt_bg
amaranth_main:
container_name: amaranth_main
links:
- postgresql_MENTIONvlt_bg
depends_on:
- postgresql_MENTIONvlt_bg
build:
context: .
dockerfile: Dockerfile
ports:
- 8000:80
- 8001:443
environment:
- ASPNETCORE_ENVIRONMENT=Development
- ASPNETCORE_URLS=https:// ;http://
- ASPNETCORE_Kestrel__Certificates__Default__Password=<MY PASSWORD HERE>
- ASPNETCORE_Kestrel__Certificates__Default__Path=/https/aspnetapp.pfx
volumes:
- ~/.aspnet/https:/https:ro
This is my Program.cs file. It might seem random that I'm including this but according to my logs it's where the error is being thrown.
using System;
using System.Collections.Generic;
using System.IO;
using System.Linq;
using System.Threading.Tasks;
using amaranth.Data;
using Microsoft.AspNetCore;
using Microsoft.AspNetCore.Hosting;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.Logging;
namespace amaranth
{
public class Program
{
public static void Main(string[] args)
{
var host = CreateHostBuilder(args).Build();
using (var scope = host.Services.CreateScope())
{
var db = scope.ServiceProvider.GetRequiredService<ApplicationDbContext>();
db.Database.Migrate();
}
host.Run();
}
public static IHostBuilder CreateHostBuilder(string[] args) =>
Host.CreateDefaultBuilder(args)
.ConfigureWebHostDefaults(webBuilder =>
{
webBuilder.ConfigureKestrel(serverOptions =>
{
// Set properties and call methods on options
})
.UseStartup<Startup>();
});
}
}
This is the logs where it fails:
<MYUSERNAME>@<MYCOMPUTERNAME> amaranth % docker-compose up
Creating network "amaranth_default" with the default driver
Creating volume "amaranth_data" with default driver
Building amaranth_main
[ ] Building 32.7s (14/14) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 37B 0.0s
=> [internal] load .dockerignore 0.0s
=> => transferring context: 2B 0.0s
=> [internal] load metadata for mcr.microsoft.com/dotnet/aspnet:6.0 0.1s
=> [internal] load metadata for mcr.microsoft.com/dotnet/sdk:6.0 0.1s
=> [build-env 1/5] FROM mcr.microsoft.com/dotnet/sdk:6.0@sha256:<RANDOM SHA256 SUM HERE> 0.0s
=> [internal] load build context 0.0s
=> => transferring context: 38.79kB 0.0s
=> [stage-1 1/3] FROM mcr.microsoft.com/dotnet/aspnet:6.0@sha256:<RANDOM SHA256 SUM HERE> 0.0s
=> CACHED [build-env 2/5] WORKDIR /app 0.0s
=> [build-env 3/5] COPY . ./ 0.4s
=> [build-env 4/5] RUN dotnet restore 26.3s
=> [build-env 5/5] RUN dotnet publish -c Release -o out 5.7s
=> CACHED [stage-1 2/3] WORKDIR /app 0.0s
=> CACHED [stage-1 3/3] COPY --from=build-env /app/out . 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:<RANDOM SHA256 SUM HERE> 0.0s
=> => naming to docker.io/library/amaranth_amaranth_main 0.0s
Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
WARNING: Image for service amaranth_main was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Creating postgresql_vlt_bg ... done
Creating amaranth_main ... done
Attaching to postgresql_vlt_bg, amaranth_main
postgresql_vlt_bg | The files belonging to this database system will be owned by user "postgres".
postgresql_vlt_bg | This user must also own the server process.
postgresql_vlt_bg |
postgresql_vlt_bg | The database cluster will be initialized with locale "en_US.utf8".
postgresql_vlt_bg | The default database encoding has accordingly been set to "UTF8".
postgresql_vlt_bg | The default text search configuration will be set to "english".
postgresql_vlt_bg |
postgresql_vlt_bg | Data page checksums are disabled.
postgresql_vlt_bg |
postgresql_vlt_bg | fixing permissions on existing directory /var/lib/postgresql/data ... ok
postgresql_vlt_bg | creating subdirectories ... ok
postgresql_vlt_bg | selecting dynamic shared memory implementation ... posix
postgresql_vlt_bg | selecting default max_connections ... 100
postgresql_vlt_bg | selecting default shared_buffers ... 128MB
postgresql_vlt_bg | selecting default time zone ... Etc/UTC
postgresql_vlt_bg | creating configuration files ... ok
postgresql_vlt_bg | running bootstrap script ... ok
postgresql_vlt_bg | performing post-bootstrap initialization ... ok
postgresql_vlt_bg | syncing data to disk ... ok
postgresql_vlt_bg |
postgresql_vlt_bg | initdb: warning: enabling "trust" authentication for local connections
postgresql_vlt_bg | You can change this by editing pg_hba.conf or using the option -A, or
postgresql_vlt_bg | --auth-local and --auth-host, the next time you run initdb.
postgresql_vlt_bg |
postgresql_vlt_bg | Success. You can now start the database server using:
postgresql_vlt_bg |
postgresql_vlt_bg | pg_ctl -D /var/lib/postgresql/data -l logfile start
postgresql_vlt_bg |
postgresql_vlt_bg | waiting for server to start....2022-09-26 03:15:59.900 UTC [48] LOG: starting PostgreSQL 14.5 (Debian 14.5-1.pgdg110 1) on aarch64-unknown-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
postgresql_vlt_bg | 2022-09-26 03:15:59.902 UTC [48] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgresql_vlt_bg | 2022-09-26 03:15:59.908 UTC [49] LOG: database system was shut down at 2022-09-26 03:15:59 UTC
postgresql_vlt_bg | 2022-09-26 03:15:59.913 UTC [48] LOG: database system is ready to accept connections
postgresql_vlt_bg | done
postgresql_vlt_bg | server started
postgresql_vlt_bg | CREATE DATABASE
postgresql_vlt_bg |
postgresql_vlt_bg |
postgresql_vlt_bg | /usr/local/bin/docker-entrypoint.sh: ignoring /docker-entrypoint-initdb.d/*
postgresql_vlt_bg |
postgresql_vlt_bg | waiting for server to shut down...2022-09-26 03:16:00.145 UTC [48] LOG: received fast shutdown request
postgresql_vlt_bg | .2022-09-26 03:16:00.147 UTC [48] LOG: aborting any active transactions
postgresql_vlt_bg | 2022-09-26 03:16:00.149 UTC [48] LOG: background worker "logical replication launcher" (PID 55) exited with exit code 1
postgresql_vlt_bg | 2022-09-26 03:16:00.150 UTC [50] LOG: shutting down
postgresql_vlt_bg | 2022-09-26 03:16:00.169 UTC [48] LOG: database system is shut down
postgresql_vlt_bg | done
postgresql_vlt_bg | server stopped
postgresql_vlt_bg |
postgresql_vlt_bg | PostgreSQL init process complete; ready for start up.
postgresql_vlt_bg |
postgresql_vlt_bg | 2022-09-26 03:16:00.263 UTC [1] LOG: starting PostgreSQL 14.5 (Debian 14.5-1.pgdg110 1) on aarch64-unknown-linux-gnu, compiled by gcc (Debian 10.2.1-6) 10.2.1 20210110, 64-bit
postgresql_vlt_bg | 2022-09-26 03:16:00.263 UTC [1] LOG: listening on IPv4 address "0.0.0.0", port 5432
postgresql_vlt_bg | 2022-09-26 03:16:00.263 UTC [1] LOG: listening on IPv6 address "::", port 5432
postgresql_vlt_bg | 2022-09-26 03:16:00.267 UTC [1] LOG: listening on Unix socket "/var/run/postgresql/.s.PGSQL.5432"
postgresql_vlt_bg | 2022-09-26 03:16:00.272 UTC [62] LOG: database system was shut down at 2022-09-26 03:16:00 UTC
postgresql_vlt_bg | 2022-09-26 03:16:00.276 UTC [1] LOG: database system is ready to accept connections
amaranth_main | info: Microsoft.EntityFrameworkCore.Infrastructure[10403]
amaranth_main | Entity Framework Core 6.0.5 initialized 'ApplicationDbContext' using provider 'Npgsql.EntityFrameworkCore.PostgreSQL:6.0.4 <RANDOM CHECKSUM HERE>' with options: None
amaranth_main | Unhandled exception. Npgsql.NpgsqlException (0x80004005): Failed to connect to [::1]:5432
amaranth_main | ---> System.Net.Internals.SocketExceptionFactory ExtendedSocketException (99): Cannot assign requested address [::1]:5432
amaranth_main | at System.Net.Sockets.Socket.DoConnect(EndPoint endPointSnapshot, SocketAddress socketAddress)
amaranth_main | at System.Net.Sockets.Socket.Connect(EndPoint remoteEP)
amaranth_main | at Npgsql.Internal.NpgsqlConnector.Connect(NpgsqlTimeout timeout)
amaranth_main | at Npgsql.Internal.NpgsqlConnector.Connect(NpgsqlTimeout timeout)
amaranth_main | at Npgsql.Internal.NpgsqlConnector.RawOpen(SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt)
amaranth_main | at Npgsql.Internal.NpgsqlConnector.<Open>g__OpenCore|191_1(NpgsqlConnector conn, SslMode sslMode, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken, Boolean isFirstAttempt)
amaranth_main | at Npgsql.Internal.NpgsqlConnector.Open(NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
amaranth_main | at Npgsql.UnpooledConnectorSource.Get(NpgsqlConnection conn, NpgsqlTimeout timeout, Boolean async, CancellationToken cancellationToken)
amaranth_main | at Npgsql.NpgsqlConnection.<Open>g__OpenAsync|45_0(Boolean async, CancellationToken cancellationToken)
amaranth_main | at Npgsql.NpgsqlConnection.Open()
amaranth_main | at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenDbConnection(Boolean errorsExpected)
amaranth_main | at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.OpenInternal(Boolean errorsExpected)
amaranth_main | at Microsoft.EntityFrameworkCore.Storage.RelationalConnection.Open(Boolean errorsExpected)
amaranth_main | at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlDatabaseCreator.Exists(Boolean async, CancellationToken cancellationToken)
amaranth_main | at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlDatabaseCreator.Exists(Boolean async, CancellationToken cancellationToken)
amaranth_main | at Npgsql.EntityFrameworkCore.PostgreSQL.Storage.Internal.NpgsqlDatabaseCreator.Exists()
amaranth_main | at Microsoft.EntityFrameworkCore.Migrations.HistoryRepository.Exists()
amaranth_main | at Microsoft.EntityFrameworkCore.Migrations.Internal.Migrator.Migrate(String targetMigration)
amaranth_main | at Microsoft.EntityFrameworkCore.RelationalDatabaseFacadeExtensions.Migrate(DatabaseFacade databaseFacade)
amaranth_main | at amaranth.Program.Main(String[] args) in /app/Program.cs:line 25
^CGracefully stopping... (press Ctrl C again to force)
Stopping amaranth_main ... done
Stopping postgresql_vlt_bg ... done
<MYUSERNAME>@<MYCOMPUTERNAME> amaranth %
Line 25 in Program.cs is db.Database.Migrate();.
So why isn't it working?
CodePudding user response:
I added the following to appsetting.json:
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://0.0.0.0:5000"
},
"Https": {
"Url": "https://0.0.0.0:5001"
}
},
"EndpointDefaults": {
"Url": "https://0.0.0.0:5001",
"Protocols": "Http1"
}
},
And I added the following to the amaranth_main: section of docker-compose.yml
ports:
- 8000:5000
- 8001:5001
environment:
- ASPNETCORE_ENVIRONMENT=Release
- ASPNETCORE_Kestrel__Certificates__Default__Password=${Kestrel_Cert_Password}
- ASPNETCORE_Kestrel__Certificates__Default__Path=${Kestrel_Cert_Rel_Path}
volumes:
- ${Kestrel_Cert_Abs_Path}:/https:ro
And I replaced the env-file section of the postgresql_MENTIONvlt_bg: section of the docker-compose.yml with:
environment:
- POSTGRES_USER=${POSTGRES_USER}
- POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
- POSTGRES_DB=${POSTGRES_DB}
And I launched the app with docker-compose --env-file .env up, making sure that POSTGRES_USER, POSTGRES_PASSWORD, POSTGRES_DB, Kestrel_Cert_Password, Kestrel_Cert_Rel_Path, and Kestrel_Cert_Abs_Path are referenced in the .env file.
After this it worked when I visited https://localhost:8001 in my browser.