david/net-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

update readme

Browse Source
This commit is contained in:
David Claeys 2025-04-01 12:51:35 +02:00
parent 9f61dd9e72
commit 8bbddbedcc
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -52,8 +52,8 @@ ENTRYPOINT ["dotnet", "test.dll"]
### Security implications ### Security implications
This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver. This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.
In previous .NET versions it was not recommended to expose Kestrel directly to the internet. Now Microsoft claims you can do that. In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.
However you never should use the included development certificate if you want to do that. However you never should use the included development certificate included in this image when doing so.
If you want to expose the Kestrel server you should use the **ASPNETCORE_Kestrel__Certificates__Default__Path**, **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** and **ASPNETCORE_Kestrel__Certificates__Default__Password** variables to correclty setup a certificate. The _dotnet dev-certs_ command is not really suited for production environments. If you want to expose the Kestrel server you should use the **ASPNETCORE_Kestrel__Certificates__Default__Path**, **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** and **ASPNETCORE_Kestrel__Certificates__Default__Password** variables to correclty setup a certificate. The _dotnet dev-certs_ command is not really suited for production environments.