david/net-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

update readme

Browse Source
This commit is contained in:
David Claeys 2025-04-03 16:15:14 +02:00
parent 60d8c32f20
commit 23088bd84f
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -72,7 +72,7 @@ ENTRYPOINT ["dotnet", "test.dll"]
### Security implications
This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.<br/>
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.,<br/>
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.<br/>
However you never should use the included development certificate included in this image when doing so.
If you want to expose the Kestrel server you should use the **ASPNETCORE_Kestrel__Certificates__Default__Path**, **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** and **ASPNETCORE_Kestrel__Certificates__Default__Password** variables to correclty setup a certificate. The certificate resulting from the _dotnet dev-certs_ command is not really suited for production environments.