update readme

2025-04-03 16:35:06 +02:00 · 2025-04-03 16:35:06 +02:00 · cc60c99401
commit cc60c99401
parent 1dca3bdb49
1 changed files with 35 additions and 29 deletions
--- a/README.md
+++ b/README.md
@ -11,7 +11,33 @@ Among other things these tweaks are included :
 - inclusion of tzdata for time setup
- ## Docker image
+## Docker image
 ### Usage
 Since this is just a base image, some additional setup is needed.
 The following is just an example of how your Dockerfile could look like.
 ```sh
 # Password for the certificate
 # this image contains the entire .NET SDK and is ideal for creation the build
 FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env
 WORKDIR /App
 COPY . ./
 # Restore dependencies for your application
 RUN dotnet restore
 # Build your application
 RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false 
 FROM git.claeyscloud.com/david/net-base:latest
 WORKDIR /App
 # copy build files from build-stage
 COPY --from=build-env /App/out .
 # change ownership of files to the app user
 RUN chown -R app:app /App/
 # entrypoint for image
 ENTRYPOINT ["dotnet", "test.dll"]
 ```
 ### Environment Variables
@ -43,35 +69,9 @@ docker build --build-arg CERT_PASSWORD=supersecretpassword . -t net-base
 | DOTNET_RUNTIME_VERSION                              | The [runtime](https://mcr.microsoft.com/en-us/artifact/mar/dotnet/aspnet/tags) version used as a base | 9.0.3                                                          |
 | ALPINE_VERSION                                      | The version of [alpine linux](https://www.alpinelinux.org/) used as a base <br/> Currently you can choose between `3.20` or `3.21`  | 3.21                             |
-### Usage
+## Security implications
-Since this is just a base image, some additional setup is needed.
+### Webserver and certificates
 The following is just an example of how your Dockerfile could look like.
 ```sh
 # Password for the certificate
 # this image contains the entire .NET SDK and is ideal for creation the build
 FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env
 WORKDIR /App
 COPY . ./
 # Restore dependencies for your application
 RUN dotnet restore
 # Build your application
 RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false 
 FROM git.claeyscloud.com/david/net-base:latest
 WORKDIR /App
 # copy build files from build-stage
 COPY --from=build-env /App/out .
 # change ownership of files to the app user
 RUN chown -R app:app /App/
 # entrypoint for image
 ENTRYPOINT ["dotnet", "test.dll"]
 ```
 ### Security implications
 #### Webserver and certificates
 This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.<br/>
 In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.<br/>
@ -87,3 +87,9 @@ The certificate included by default (generated through the _dotnet dev-certs_ co
 In practice it's much easier to expose the server through a proxy to the public (hence the recommended method). 
 Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.
 ### Included certificate
 The included certificate is generated through the _dotnet dev-certs_ command. This is very convenient and suitable way to generated development certificates through the dotnet SDK.
 The password used to generate the certificate is randomly generated through the `openssl rand -base64 12` at build time.
 The build agent used for the build is hosted on my own infrastructure but I don't have any access to it (neither do I intend to do so).
 However if you feel uncomfortable with this fact, feel free to build the image yourself.