david/net-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 3 Wiki Activity

update readme

Browse Source
This commit is contained in:
David Claeys
2025-04-03 16:23:41 +02:00
parent 23088bd84f
commit 9695404087
1 changed files with 6 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@@ -75,7 +75,12 @@ This images uses the system provided by Microsoft to generate a development cert
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.<br/>
However you never should use the included development certificate included in this image when doing so.
If you want to expose the Kestrel server you should use the **ASPNETCORE_Kestrel__Certificates__Default__Path**, **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** and **ASPNETCORE_Kestrel__Certificates__Default__Password** variables to correclty setup a certificate. The certificate resulting from the _dotnet dev-certs_ command is not really suited for production environments.
If you want to directly expose the Kestrel webserver use the following environment variables to properly setup a certificate :
- **ASPNETCORE_Kestrel__Certificates__Default__Path** (the path to the certificate key)
- **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** (the path to the certificate)
- **ASPNETCORE_Kestrel__Certificates__Default__Password** (the password for the key file)
The certificate included by default (generated trhough the _dotnet dev-certs_ command) is not really suited for production environments.
In practice it's much easier to expose the server through a proxy to the public (hence the recommended method).
Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.