updates to newer version

Dockerfile

@@ -1,6 +1,6 @@
 ARG CERT_PASSWORD
-ARG DOTNET_SDK_VERSION=9.0.202
-ARG DOTNET_RUNTIME_VERSION=9.0.3
+ARG DOTNET_SDK_VERSION=9.0.203
+ARG DOTNET_RUNTIME_VERSION=9.0.4
 ARG ALPINE_VERSION=3.21
 ARG CONFIG_DIRECTORY_ARG=/config
 FROM mcr.microsoft.com/dotnet/sdk:${DOTNET_SDK_VERSION}-alpine${ALPINE_VERSION}-amd64 AS build-env
@@ -32,8 +32,7 @@ RUN apk update \
   && mkdir -p $CERTIFICATES_DIRECTORY \
   && mkdir -p $CONFIG_DIRECTORY
 COPY --from=build-env $CONFIG_DIRECTORY $CONFIG_DIRECTORY
-RUN CERT_PASSWORD=$(cat $CERT_PASSWORD_FILE) \
-  && cp $CONFIG_DIRECTORY/aspnetapp.pem $ASPNETCORE_Kestrel__Certificates__Default__Path \
+RUN cp $CONFIG_DIRECTORY/aspnetapp.pem $ASPNETCORE_Kestrel__Certificates__Default__Path \
   && cp $CONFIG_DIRECTORY/aspnetapp.key $ASPNETCORE_Kestrel__Certificates__Default__KeyPath \
   && rm -rf $CONFIG_DIRECTORY \
   && chmod 755 $ASPNETCORE_Kestrel__Certificates__Default__Path \

README.md

@@ -1,17 +1,44 @@
 # net-base
 
-Base  docker file that allows you to deploy .NET wit ease.
-Microsoft makes some images available to deploy .NET applications in Docker.
-However in order to use them, there is need for some tweaking.
+Base docker image that allows you to deploy .NET APIs with ease.<br/>
+Microsoft makes some images available to deploy .NET applications in Docker.<br/>
+However in order to use them succesfully, some additional work is needed.<br/>
+This image intends to make this task much easier.
 
 This image is based on the *mcr.microsoft.com/dotnet/aspnet* image, but includes these tweaks.
 Among other things these tweaks are included :
- - automatic generation of certificate for the web server
+ - automatic certificate generation for the web server
  - disable telemetry
  - inclusion of tzdata for time setup
 
 
- ## Docker image
+## Docker image
+
+### Usage
+
+Since this is just a base image, some additional setup is needed.
+The following is just an example of how your Dockerfile could look like.
+
+```sh
+# Password for the certificate
+# this image contains the entire .NET SDK and is ideal for creation the build
+FROM mcr.microsoft.com/dotnet/sdk:9.0-alpine-amd64 AS build-env
+WORKDIR /App
+COPY . ./
+# Restore dependencies for your application
+RUN dotnet restore
+# Build your application
+RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false 
+
+FROM git.claeyscloud.com/david/net-base:latest
+WORKDIR /App
+# copy build files from build-stage
+COPY --from=build-env /App/out .
+# change ownership of files to the app user
+RUN chown -R app:app /App/
+# entrypoint for image
+ENTRYPOINT ["dotnet", "test.dll"]
+```
 
 ### Environment Variables
 
@@ -25,37 +52,60 @@ Among other things these tweaks are included :
 | DOTNET_CLI_TELEMETRY_OPTOUT                         | Disables telemetry                                                      | 1                                                                                            |
 | TZ                                                  | Time zone ([list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List)) | Europe/Brussels |                                                                               |
 
-### Usage
+### Build arguments
 
-Since this is just a base image, some additional setup is needed.
-The following is just an example of how your Dockerfile could look like.
+These are the most important build arguments. Most of them are optional, meaning you can tweak them if you so desire.
+However the *CERT_PASSWORD* argument is required, as it's necesarry in order to build a working image.
+
+You can build the image yourself like this
 
 ```sh
-# Password for the certificate
-# this image contains the entire .NET SDK and is ideal for creation the build
-FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env
-WORKDIR /App
-COPY . ./
-# Restore dependencies for your application
-RUN dotnet restore
-# Build your application
-RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false 
-
-FROM git.claeyscloud.com/david/net-base:latest
-WORKDIR /App
-# copy build files from build-stage
-COPY --from=build-env /App/out .
-# entrypoint for image
-ENTRYPOINT ["dotnet", "test.dll"]
+docker build --build-arg CERT_PASSWORD=supersecretpassword . -t net-base
 ```
 
-### Security implications
+| Argument                                            | Description                                                             | Default                                                                                      |
+|-----------------------------------------------------|-------------------------------------------------------------------------|----------------------------------------------------------------------------------------------|
+| CERT_PASSWORD                                       | The password for the generated certificate                              | N/A **(required)**                                                                           |
+| DOTNET_SDK_VERSION                                  | The [SDK](https://mcr.microsoft.com/en-us/artifact/mar/dotnet/sdk/tags) version used to generate the development certificate | 9.0.203                                 |
+| DOTNET_RUNTIME_VERSION                              | The [runtime](https://mcr.microsoft.com/en-us/artifact/mar/dotnet/aspnet/tags) version used as a base | 9.0.4                                                          |
+| ALPINE_VERSION                                      | The version of [alpine linux](https://www.alpinelinux.org/) used as a base <br/> Currently you can choose between `3.20` or `3.21`  | 3.21                             |
 
-This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.
+## Security implications
+
+### Webserver and certificates
+
+This images uses the system provided by Microsoft to generate a development certificate and uses the [Kestrel](https://learn.microsoft.com/en-us/aspnet/core/fundamentals/servers/?view=aspnetcore-9.0&tabs=windows) webserver.<br/>
 In previous .NET versions it was not recommended to expose Kestrel directly to the internet, now Microsoft claims you can do that if you want so.
-However you never should use the included development certificate included in this image when doing so.
 
-If you want to expose the Kestrel server you should use the **ASPNETCORE_Kestrel__Certificates__Default__Path**, **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** and **ASPNETCORE_Kestrel__Certificates__Default__Password** variables to correclty setup a certificate. The _dotnet dev-certs_ command is not really suited for production environments.
+However you never should use the included development certificate included in this image when doing so.<br/>
+The certificate included by default (generated through the _dotnet dev-certs_ command) is not really suited for production environments.
+
+If you want to directly expose the Kestrel webserver use the following environment variables to properly setup a certificate :
+  - **ASPNETCORE_Kestrel__Certificates__Default__Path** (the path to the certificate key)
+  - **ASPNETCORE_Kestrel__Certificates__Default__KeyPath** (the path to the certificate)
+  - **ASPNETCORE_Kestrel__Certificates__Default__Password** (the password for the key file)
 
 In practice it's much easier to expose the server through a proxy to the public (hence the recommended method). 
-Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.
+Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.
+
+### Included certificate
+
+The included certificate is generated through the _dotnet dev-certs_ command. This is a very convenient and suitable way to generate development certificates through the dotnet SDK.
+
+The password used to generate the certificate is randomly generated through the `openssl rand -base64 12` at build time.
+The build agent used for the build is hosted on my own infrastructure but I don't have any access to it (neither do I intend to do so).<br/>
+However if you feel uncomfortable with this fact, feel free to build the image yourself.
+
+## FAQ
+
+### What holds the future this project?
+
+This is a project I maintain in my spare time. I don't want to make any empty promises about how much work I'll spend working on it.
+As some tweaks might be needed for other projects, they might triple down to this one.
+Although to be completely honest I don't think this project will require much work apart from keeping up with runtime updates.
+
+### When will be version xx.xx be available ?
+
+I don't plan to make images available for older versions of the .NET framework.
+You might be lucky and be able to just tweak the related environment variables and make a build of your own.
+Regarding the future, I only plan to keep up with stable releases (so no preview versions).