From cc60c994019fe7cf94069328c637f2b0e5e1fc91 Mon Sep 17 00:00:00 2001 From: David Claeys Date: Thu, 3 Apr 2025 16:35:06 +0200 Subject: [PATCH] update readme --- README.md | 64 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 35 insertions(+), 29 deletions(-) diff --git a/README.md b/README.md index 3ecbce2..744b4dd 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,33 @@ Among other things these tweaks are included : - inclusion of tzdata for time setup - ## Docker image +## Docker image + +### Usage + +Since this is just a base image, some additional setup is needed. +The following is just an example of how your Dockerfile could look like. + +```sh +# Password for the certificate +# this image contains the entire .NET SDK and is ideal for creation the build +FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env +WORKDIR /App +COPY . ./ +# Restore dependencies for your application +RUN dotnet restore +# Build your application +RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false + +FROM git.claeyscloud.com/david/net-base:latest +WORKDIR /App +# copy build files from build-stage +COPY --from=build-env /App/out . +# change ownership of files to the app user +RUN chown -R app:app /App/ +# entrypoint for image +ENTRYPOINT ["dotnet", "test.dll"] +``` ### Environment Variables @@ -43,35 +69,9 @@ docker build --build-arg CERT_PASSWORD=supersecretpassword . -t net-base | DOTNET_RUNTIME_VERSION | The [runtime](https://mcr.microsoft.com/en-us/artifact/mar/dotnet/aspnet/tags) version used as a base | 9.0.3 | | ALPINE_VERSION | The version of [alpine linux](https://www.alpinelinux.org/) used as a base
Currently you can choose between `3.20` or `3.21` | 3.21 | -### Usage +## Security implications -Since this is just a base image, some additional setup is needed. -The following is just an example of how your Dockerfile could look like. - -```sh -# Password for the certificate -# this image contains the entire .NET SDK and is ideal for creation the build -FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env -WORKDIR /App -COPY . ./ -# Restore dependencies for your application -RUN dotnet restore -# Build your application -RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false - -FROM git.claeyscloud.com/david/net-base:latest -WORKDIR /App -# copy build files from build-stage -COPY --from=build-env /App/out . -# change ownership of files to the app user -RUN chown -R app:app /App/ -# entrypoint for image -ENTRYPOINT ["dotnet", "test.dll"] -``` - -### Security implications - -#### Webserver and certificates +### Webserver and certificates This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.
@@ -87,3 +87,9 @@ The certificate included by default (generated through the _dotnet dev-certs_ co In practice it's much easier to expose the server through a proxy to the public (hence the recommended method). Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation. +### Included certificate + +The included certificate is generated through the _dotnet dev-certs_ command. This is very convenient and suitable way to generated development certificates through the dotnet SDK. +The password used to generate the certificate is randomly generated through the `openssl rand -base64 12` at build time. +The build agent used for the build is hosted on my own infrastructure but I don't have any access to it (neither do I intend to do so). +However if you feel uncomfortable with this fact, feel free to build the image yourself.