update readme
This commit is contained in:
David Claeys
@ -74,16 +74,16 @@ docker build --build-arg CERT_PASSWORD=supersecretpassword . -t net-base
|
||||
### Webserver and certificates
|
||||
|
||||
This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.<br/>
|
||||
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.<br/>
|
||||
However you never should use the included development certificate included in this image when doing so.
|
||||
In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.
|
||||
|
||||
However you never should use the included development certificate included in this image when doing so.<br/>
|
||||
The certificate included by default (generated through the _dotnet dev-certs_ command) is not really suited for production environments.
|
||||
|
||||
If you want to directly expose the Kestrel webserver use the following environment variables to properly setup a certificate :
|
||||
- **ASPNETCORE_Kestrel__Certificates__Default__Path** (the path to the certificate key)
|
||||
- **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** (the path to the certificate)
|
||||
- **ASPNETCORE_Kestrel__Certificates__Default__Password** (the password for the key file)
|
||||
|
||||
The certificate included by default (generated through the _dotnet dev-certs_ command) is not really suited for production environments.
|
||||
|
||||
In practice it's much easier to expose the server through a proxy to the public (hence the recommended method).
|
||||
Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user