david/net-base
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity
net-base/README.md
David Claeys 23099bd7e6 update readme
2025-04-01 12:48:02 +02:00

4.3 KiB
Raw Blame History

net-base

Base docker file that allows you to deploy .NET wit ease. Microsoft makes some images available to deploy .NET applications in Docker. However in order to use them, there is need for some tweaking.

This image is based on the mcr.microsoft.com/dotnet/aspnet image, but includes these tweaks. Among other things these tweaks are included :

  • automatic generation of certificate for the web server
  • disable telemetry
  • inclusion of tzdata for time setup

Docker image

Environment Variables

Variable Description Default
ASPNETCORE_Kestrel__Certificates__Default__Path The path containing the server certificate /usr/local/share/ca-certificates/aspnetapp.crt
ASPNETCORE_Kestrel__Certificates__Default__KeyPath The path containing the key for the server certificate /usr/local/share/ca-certificates/aspnetapp.key
ASPNETCORE_Kestrel__Certificates__Default__Password The password for required for the server key N/A (generated at build time)
CERTIFICATES_DIRECTORY The directory where the certificate files are stored for the web server /usr/local/share/ca-certificates
ASPNETCORE_URLS Specifies at which urls and ports the Kestrel server should listen http://+:80;https://+:443
DOTNET_CLI_TELEMETRY_OPTOUT Disables telemetry 1
TZ Time zone (list) Europe/Brussels

Usage

Since this is just a base image, some additional setup is needed. The following is just an example of how your Dockerfile could look like.

``

Password for the certificate

this image contains the entire .NET SDK and is ideal for creation the build

FROM mcr.microsoft.com/dotnet/sdk:8.0-alpine-amd64 AS build-env WORKDIR /App COPY . ./

Restore dependencies for your application

RUN dotnet restore

Build your application

RUN dotnet publish test.csproj --no-restore --self-contained false -c Release -o out /p:UseAppHost=false

FROM git.claeyscloud.com/david/net-base:latest WORKDIR /App

copy build files from build-stage

COPY --from=build-env /App/out .

entrypoint for image

ENTRYPOINT ["dotnet", "test.dll"] ``

Security implications

This images uses the system provided by Microsoft to generate a development certificate and uses the Kestrel webserver. In previous .NET versions it was not recommended to expose Kestrel directly to the internet. Now Microsoft claims you can do that. However you never should use the included development certificate if you want to do that.

If you want to expose the Kestrel server you should use the ASPNETCORE_Kestrel__Certificates__Default__Path, ASPNETCORE_Kestrel__Certificates__Default__KeyPath and ASPNETCORE_Kestrel__Certificates__Default__Password variables to correclty setup a certificate. The dotnet dev-certs command is not really suited for production environments.

In practice it's much easier to expose the server through a proxy to the public (hence the recommended method). Depending on your use-case you event might consider to use docker networking in order to accomplish proper isolation.