david/net-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
35 Commits 1 Branch 2 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
David Claeys f74812727c
All checks were successful
Build docker container / build (release) Successful in 10m58s
Details
updates to newer version
2025-04-09 13:06:56 +02:00
.gitea/workflows
update dockerfile and action
2025-04-01 16:06:12 +02:00
Dockerfile
updates to newer version
2025-04-09 13:06:56 +02:00
LICENSE
initial setup
2025-04-01 12:37:47 +02:00
README.md
updates to newer version
2025-04-09 13:06:56 +02:00

README.md

net-base

Base docker image that allows you to deploy .NET APIs with ease.
Microsoft makes some images available to deploy .NET applications in Docker.
However in order to use them succesfully, some additional work is needed.
This image intends to make this task much easier.

This image is based on the mcr.microsoft.com/dotnet/aspnet image, but includes these tweaks. Among other things these tweaks are included :

  • automatic certificate generation for the web server
  • disable telemetry
  • inclusion of tzdata for time setup

Docker image

Usage

Since this is just a base image, some additional setup is needed. The following is just an example of how your Dockerfile could look like.

# Password for the certificate
# this image contains the entire .NET SDK and is ideal for creation the build
FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine-amd64 AS build-env
WORKDIR /App
COPY . ./
# Restore dependencies for your application
RUN dotnet restore
# Build your application
RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false 

FROM git.claeyscloud.com/david/net-base:latest
WORKDIR /App
# copy build files from build-stage
COPY --from=build-env /App/out .
# change ownership of files to the app user
RUN chown -R app:app /App/
# entrypoint for image
ENTRYPOINT ["dotnet", "test.dll"]

Environment Variables

Variable Description Default
ASPNETCORE_Kestrel__Certificates__Default__Path The path containing the server certificate /usr/local/share/ca-certificates/aspnetapp.crt
ASPNETCORE_Kestrel__Certificates__Default__KeyPath The path containing the key for the server certificate /usr/local/share/ca-certificates/aspnetapp.key
ASPNETCORE_Kestrel__Certificates__Default__Password The password for required for the server key N/A (generated at build time)
CERTIFICATES_DIRECTORY The directory where the certificate files are stored for the web server /usr/local/share/ca-certificates
ASPNETCORE_URLS Specifies at which urls and ports the Kestrel server should listen http://+:80;https://+:443
DOTNET_CLI_TELEMETRY_OPTOUT Disables telemetry 1
TZ Time zone (list) Europe/Brussels

Build arguments

These are the most important build arguments. Most of them are optional, meaning you can tweak them if you so desire. However the CERT_PASSWORD argument is required, as it's necesarry in order to build a working image.

You can build the image yourself like this

docker build --build-arg CERT_PASSWORD=supersecretpassword . -t net-base
Argument Description Default
CERT_PASSWORD The password for the generated certificate N/A (required)
DOTNET_SDK_VERSION The SDK version used to generate the development certificate 9.0.203
DOTNET_RUNTIME_VERSION The runtime version used as a base 9.0.4
ALPINE_VERSION The version of alpine linux used as a base
Currently you can choose between 3.20 or 3.21		 3.21

Security implications

Webserver and certificates

This images uses the system provided by Microsoft to generate a development certificate and uses the Kestrel webserver.
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.

However you never should use the included development certificate included in this image when doing so.
The certificate included by default (generated through the dotnet dev-certs command) is not really suited for production environments.

If you want to directly expose the Kestrel webserver use the following environment variables to properly setup a certificate :

  • ASPNETCORE_Kestrel__Certificates__Default__Path (the path to the certificate key)
  • ASPNETCORE_Kestrel__Certificates__Default__KeyPath (the path to the certificate)
  • ASPNETCORE_Kestrel__Certificates__Default__Password (the password for the key file)

In practice it's much easier to expose the server through a proxy to the public (hence the recommended method). Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.

Included certificate

The included certificate is generated through the dotnet dev-certs command. This is a very convenient and suitable way to generate development certificates through the dotnet SDK.

The password used to generate the certificate is randomly generated through the openssl rand -base64 12 at build time. The build agent used for the build is hosted on my own infrastructure but I don't have any access to it (neither do I intend to do so).
However if you feel uncomfortable with this fact, feel free to build the image yourself.

FAQ

What holds the future this project?

This is a project I maintain in my spare time. I don't want to make any empty promises about how much work I'll spend working on it. As some tweaks might be needed for other projects, they might triple down to this one. Although to be completely honest I don't think this project will require much work apart from keeping up with runtime updates.

When will be version xx.xx be available ?

I don't plan to make images available for older versions of the .NET framework. You might be lucky and be able to just tweak the related environment variables and make a build of your own. Regarding the future, I only plan to keep up with stable releases (so no preview versions).

Description
Base docker file for .Net applications
Readme MIT 108 KiB
Releases 2
9.0.4 Latest
2025-04-09 13:08:33 +02:00
Languages
Dockerfile 100%