update readme

README.md

@@ -11,7 +11,33 @@ Among other things these tweaks are included :
  - inclusion of tzdata for time setup
 
 
- ## Docker image
+## Docker image
+
+### Usage
+
+Since this is just a base image, some additional setup is needed.
+The following is just an example of how your Dockerfile could look like.
+
+```sh
+# Password for the certificate
+# this image contains the entire .NET SDK and is ideal for creation the build
+FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env
+WORKDIR /App
+COPY . ./
+# Restore dependencies for your application
+RUN dotnet restore
+# Build your application
+RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false 
+
+FROM git.claeyscloud.com/david/net-base:latest
+WORKDIR /App
+# copy build files from build-stage
+COPY --from=build-env /App/out .
+# change ownership of files to the app user
+RUN chown -R app:app /App/
+# entrypoint for image
+ENTRYPOINT ["dotnet", "test.dll"]
+```
 
 ### Environment Variables
 
@@ -43,35 +69,9 @@ docker build --build-arg CERT_PASSWORD=supersecretpassword . -t net-base
 | DOTNET_RUNTIME_VERSION                              | The [runtime](https://mcr.microsoft.com/en-us/artifact/mar/dotnet/aspnet/tags) version used as a base | 9.0.3                                                          |
 | ALPINE_VERSION                                      | The version of [alpine linux](https://www.alpinelinux.org/) used as a base <br/> Currently you can choose between `3.20` or `3.21`  | 3.21                             |
 
-### Usage
+## Security implications
 
-Since this is just a base image, some additional setup is needed.
-The following is just an example of how your Dockerfile could look like.
-
-```sh
-# Password for the certificate
-# this image contains the entire .NET SDK and is ideal for creation the build
-FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env
-WORKDIR /App
-COPY . ./
-# Restore dependencies for your application
-RUN dotnet restore
-# Build your application
-RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false 
-
-FROM git.claeyscloud.com/david/net-base:latest
-WORKDIR /App
-# copy build files from build-stage
-COPY --from=build-env /App/out .
-# change ownership of files to the app user
-RUN chown -R app:app /App/
-# entrypoint for image
-ENTRYPOINT ["dotnet", "test.dll"]
-```
-
-### Security implications
-
-#### Webserver and certificates
+### Webserver and certificates
 
 This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.<br/>
 In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.<br/>
@@ -87,3 +87,9 @@ The certificate included by default (generated through the _dotnet dev-certs_ co
 In practice it's much easier to expose the server through a proxy to the public (hence the recommended method). 
 Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.
 
+### Included certificate
+
+The included certificate is generated through the _dotnet dev-certs_ command. This is very convenient and suitable way to generated development certificates through the dotnet SDK.
+The password used to generate the certificate is randomly generated through the `openssl rand -base64 12` at build time.
+The build agent used for the build is hosted on my own infrastructure but I don't have any access to it (neither do I intend to do so).
+However if you feel uncomfortable with this fact, feel free to build the image yourself.