Last active
November 4, 2022 15:39
-
-
Save kjkasi/f1ac3578b6bbba003835c3da6bbac627 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| 1. выпускаем свой SSL сертификат | |
| openssl req -x509 -out host.docker.internal.crt -keyout host.docker.internal.key \ | |
| -newkey rsa:2048 -nodes -sha256 \ | |
| -subj '/CN=host.docker.internal' -extensions EXT -config <( \ | |
| printf "[dn]\nCN=host.docker.internal\n[req]\ndistinguished_name = dn\n[EXT]\nsubjectAltName=DNS:host.docker.internal\nkeyUsage=digitalSignature\nextendedKeyUsage=serverAuth") | |
| 2. Чтобы конвертировать в PFX-файл, используйте следующую команду | |
| openssl pkcs12 -export -out host.docker.internal.pfx -inkey host.docker.internal.key -in host.docker.internal.crt | |
| 3. Копируем сертификат по адресу | |
| %userprofile%/.aspnet/https | |
| 4. редактируем docker-compose.override.yml | |
| api: | |
| environment: | |
| - ASPNETCORE_ENVIRONMENT=Development | |
| - ASPNETCORE_URLS=https://+:443;http://+:80 | |
| - ASPNETCORE_Kestrel__Certificates__Default__Password=<enterpassword> | |
| - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/host.docker.internal.pfx | |
| ports: | |
| - "6000:80" | |
| - "6001:443" | |
| volumes: | |
| - ${APPDATA}/Microsoft/UserSecrets:/root/.microsoft/usersecrets:ro | |
| - ${USERPROFILE}/.aspnet/https:/https:ro | |
| 5. еще один вариант, нужно запустить терминал от админа | |
| #create a SAN cert for both host.docker.internal and localhost | |
| $cert = New-SelfSignedCertificate -DnsName "host.docker.internal", "localhost", "*" -CertStoreLocation cert:\localmachine\my | |
| #export it for docker container to pick up later | |
| $password = ConvertTo-SecureString -String "identity" -Force -AsPlainText | |
| Export-PfxCertificate -Cert $cert -FilePath ~\.aspnet\https\identity.pfx -Password $password | |
| # trust it on your host machine | |
| $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine" | |
| $store.Open("ReadWrite") | |
| $store.Add($cert) | |
| $store.Close() | |
| 5.1 | |
| #create a SAN cert for both host.docker.internal and localhost | |
| $cert = New-SelfSignedCertificate -DnsName "host.docker.internal", "localhost", "*" -CertStoreLocation cert:\localmachine\my | |
| #export it for docker container to pick up later | |
| $password = ConvertTo-SecureString -String "api" -Force -AsPlainText | |
| Export-PfxCertificate -Cert $cert -FilePath ~\.aspnet\https\api.pfx -Password $password | |
| # trust it on your host machine | |
| $store = New-Object System.Security.Cryptography.X509Certificates.X509Store "TrustedPublisher","LocalMachine" | |
| $store.Open("ReadWrite") | |
| $store.Add($cert) | |
| $store.Close() | |
| 6. mkcert is a simple tool for making locally-trusted development certificates https://github.com/FiloSottile/mkcert | |
| # Created a new local CA | |
| mkcert -install | |
| # Crete cert.pfx with default password 'changeit' | |
| mkcert -p12-file cert.pfx -pkcs12 host.docker.internal localhost 127.0.0.1 ::1 | |
| # Change docker-compose.override.yml | |
| # in environment: section | |
| - ASPNETCORE_Kestrel__Certificates__Default__Password=changeit | |
| - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/cert.pfx | |
| - ASPNETCORE_Kestrel__Certificates__Default__AllowInvalid=true | |
| # in volumes: section | |
| - ~/.aspnet/https:/https:ro | |
| # File cert.pfx rename in cert.crt | |
| # in Dockerfile add | |
| ADD Client/rootCA.crt /usr/local/share/ca-certificates/rootCA.crt | |
| RUN chmod 644 /usr/local/share/ca-certificates/rootCA.crt && update-ca-certificates |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment