From 96954040871d33b776fc7d7de39261b012a368e6 Mon Sep 17 00:00:00 2001 From: David Claeys Date: Thu, 3 Apr 2025 16:23:41 +0200 Subject: [PATCH] update readme --- README.md | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5e21ab8..451742c 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,12 @@ This images uses the system provided by Microsoft to generate a development cert In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.
However you never should use the included development certificate included in this image when doing so. -If you want to expose the Kestrel server you should use the **ASPNETCORE_Kestrel__Certificates__Default__Path**, **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** and **ASPNETCORE_Kestrel__Certificates__Default__Password** variables to correclty setup a certificate. The certificate resulting from the _dotnet dev-certs_ command is not really suited for production environments. +If you want to directly expose the Kestrel webserver use the following environment variables to properly setup a certificate : + - **ASPNETCORE_Kestrel__Certificates__Default__Path** (the path to the certificate key) + - **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** (the path to the certificate) + - **ASPNETCORE_Kestrel__Certificates__Default__Password** (the password for the key file) + +The certificate included by default (generated trhough the _dotnet dev-certs_ command) is not really suited for production environments. In practice it's much easier to expose the server through a proxy to the public (hence the recommended method). Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation. \ No newline at end of file