Nginx hosted. Net Core Applications

Nginx hosted. Net Core Applications

First, install. Net Core

Reference Official Document: Https://www.microsoft.com/net/core#linuxcentos

1. Add Dotnet Product Feed

Before you install. NET Core, you need to register for a Microsoft product feed. This only needs to be done once. first, sign up for the Microsoft signing key, and then add the Microsoft product feed

sudo rpm--import https://packages.microsoft.com/keys/microsoft.ascsudo sh-c ' Echo-e "[packages-microsoft-com-prod]\ Nname=packages-microsoft-com-prod \nbaseurl=https://packages.microsoft.com/yumrepos/microsoft-rhel7.3-prod\ Nenabled=1\ngpgcheck=1\ngpgkey=https://packages.microsoft.com/keys/microsoft.asc ">/etc/yum.repos.d/ Dotnetdev.repo '

2. Install the. NET Core SDK

sudo yum updatesudo yum install libunwind libicusudo yum install dotnet-sdk-2.0.0

Run command after

Dotnet--info

To see if the installation was successful. At this point, the. Net core installation is complete.

Of course, you can also use the decompression installation. Download the SDK package for Centos7 to Https://www.microsoft.com/net/download/linux, then unzip to the custom installation path.

sudo mkdir-p/opt/dotnet && sudo tar zxf dotnet.tar.gz-c/opt/dotnet
# You can set the environment variable, or you can create a soft link in the following way, because/usr/local/bin is included in the $path by default
sudo ln-s/opt/dotnet/dotnet/usr/local/bin
# Run to view installation results later
Dotnet--info

Second, compile and run the project

1. Create a new MVC project

dotnet New Mvc-o Ntmvc

As shown in the following:

Looking at the Ntmvc folder, you can see that a template for an MVC project has been built, as follows:

2. Modify the Startup.cs file

You can use Vscode to directly modify files in a remote computer or a virtual machine, for reference http://www.cnblogs.com/learn21cn/p/6189023.html

Since the back of the use of nginx to build a reverse proxy, here to modify the code in the Startup.cs file, add Reference using the Microsoft.AspNetCore.HttpOverrides;

Then add a piece of code in the Configure method of the Startup.cs file (see the complete Startup.cs file below):

Using system;using system.collections.generic;using system.linq;using system.threading.tasks;using Microsoft.aspnetcore.builder;using microsoft.aspnetcore.hosting;using microsoft.extensions.configuration;using Microsoft.Extensions.DependencyInjection;//Add reference using Microsoft.AspNetCore.HttpOverrides;Namespace ntmvc{public class startup {public Startup (IConfiguration configuration) {Conf        iguration = Configuration;        } public iconfiguration Configuration {get;} This method gets called by the runtime.        Use this method to add services to the container. public void Configureservices (Iservicecollection services) {services.        Addmvc (); }//This method gets called by the runtime.        Use this method to configure the HTTP request pipeline. public void Configure (Iapplicationbuilder app, ihostingenvironment env) {if (env. Isdevelopment ()) {app.            Usedeveloperexceptionpage (); } else {app.            Useexceptionhandler ("/home/error"); } app.            Usestaticfiles (); App. USEMVC (routes = {routes. MapRoute (name: "Default", TemplatE: "{controller=home}/{action=index}/{id}");                         });//Add the following code app. Useforwardedheaders (new forwardedheadersoptions {forwardedheaders = forwardedheaders.xforwarded for |Forwardedheaders.xforwardedproto}); App. Useauthentication ();}    }}

3. Build the Project

First switch to the project directory Ntmvc, and then run the following command

dotnet Publish-c Release

As shown below:

After you run the command, a bin folder is found in the project directory

The Bin folder contains the Release folder, which in the netcoreapp2.0 folder in the Release folder contains content that can be published, that is, the publish folder.

Note: The content outside of the publish folder is the same as the file that we generated when we ran the dotnet Run command, except that the Debug folder was replaced by its own named Release folder. In other words, running dotnet publish-c release is a more publish folder than running Dotnet run, and this folder is exactly what you want to publish

4. Running the project

Switch to the Publish folder, run the command

Dotnet Nmvc.dll

As shown in the following:

5. Automatic operation of the project start-up

Next, set up the project to start automatically, create a new service file in /etc/systemd/system/

The contents are as follows:

[Unit] Description=example. NET Web MVC application running on centos7[service]workingdirectory=/root/ntmvcexecstart=/usr/ bin/dotnet/root/ntmvc/bin/release/netcoreapp2.0/publish/ntmvc.dllrestart=alwaysrestartsec=10  # Restart Service after seconds if dotnet service crashessyslogidentifier=dotnet-exampleuser=rootenvironment=aspnetcore_ environment=production [Install]wantedby=multi-user.target

After saving, run the following command:

Note: If you check for errors, you need to modify the Kestrel-ntmvc.service file, and after you modify it correctly, you need to run the following command to restart:

The following are the results after normal operation

At this end, a simple project can be accessed normally. Next, the project is reformed, and the use of Nginx is introduced.

Third, compile and install Nginx

1. Installation dependencies

Yum-y install gcc gcc-c++ pcre pcre-devel OpenSSL openssl-devel zlib zlib-devel

2. Download the installation package

Please go to the official website to get the latest.

wget http://nginx.org/download/nginx-1.13.5.tar.gz

3. Decompression

mkdir NGINXFILESTAR-ZXVF nginx-1.13.5.tar.gz-c Nginxfiles

4. Switch directories

CD NGINXFILES/CD nginx-1.13.5/

Such as:

5. Compile and install

Execute the following command

# Configuration: Additional modules need to be installed here
./configure--prefix=/usr/local/nginx--with-http_ssl_module--with-stream--with-mail=dynamic

# compilation
Make
# installation
Make install

The following are the results of the installation

6. Create a soft link

As described above, you can no longer set environment variables.

Iv. Certificate-related

To enhance the security of your project, you sometimes need to switch HTTP access to HTTPS access. This can be achieved by setting the SSL module in Nginx.

Typically, this requires requesting a security certificate from the CA (Common Free Certificate: https://letsencrypt.org/).

Since this is for testing purposes only, use the certificate that you generated.

1, the certificate generation

In the root directory, create the Certs folder, switch to the folder, and run the following command:

# Establish the Server private key (the procedure needs to enter a password, please remember this password) generate RSA key OpenSSL genrsa-des3-out Testcert.key 1024  
# to generate a certificate request you  need to enter the country, region, organization, Email,common name, etc., common name can write your name or domain name. If you are applying for HTTPS, you must match the domain name, otherwise the browser alert will be raised. OpenSSL Req-new-key testcert.key-out TESTCERT.CSR
# Generate Keyopenssl rsa-in testcert.key-out testcert_nopwd.key that do not require a password  
# Generating CRT files OpenSSL x509-req-days 365-in testcert.csr-signkey testcert_nopwd.key-out testcert.crt

As shown in the following two graphs:

2, the location of the certificate

Copy the certificate to the/etc/ssl/certs/directory

CP TESTCERT.CRT/ETC/SSL/CERTS/CP Testcert_nopwd.key/etc/ssl/certs/testcert.key

Such as:

3. Deffee-Herman Key Exchange

In general, you can then modify the nginx.conf configuration file. To further enhance security, Deffee-Herman key Exchange can be performed in the/etc/ssl/certs/directory

OpenSSL dhparam-out Dhparam.pem 4096

The following is the generated file

Five, nginx configuration file related

1. Custom proxy.conf Files

Create a new proxy.conf file under the/usr/local/nginx/cong/directory, which is referenced later in nginx.conf.

Proxy_redirect             off;proxy_set_header         Host             $host;p roxy_set_header        x-real-ip         $remote _addr; Proxy_set_header        x-forwarded-for    $proxy _add_x_forwarded_for;proxy_set_header    X-forwarded-proto $ Scheme;client_max_body_size     10m;client_body_buffer_size 128k;proxy_connect_timeout     90;proxy_send_ Timeout         90;proxy_read_timeout         90;proxy_buffers            4k;

2. Modify the nginx.conf file

Modify the nginx.conf file in the/usr/local/nginx/cong/directory, emphasizing that the points have been annotated with different colors.

Worker_processes 1;events {worker_connections 1024;} HTTP {include proxy.conf;Include Mime.types; Default_type Application/octet-stream;limit_req_zone $binary _remote_addr zone=one:10m rate=5r/s;Server_tokens off;    Sendfile on; #tcp_nopush on;Keepalive_timeout;Client_body_timeout 10;     Client_header_timeout 10;       Send_timeout 10; Upstream ntmvc{server localhost: the;} server {Listen 80; Add_header strict-transport-security max-age=15768000; Return 301 https://$host $request_uri;} # HTTPS Server # server {listen *:443 SSL; server_name localhost;ssl_certificate/ETC/SSL/CERTS/TESTCERT.CRT; ssl_certificate_key/etc/ssl/certs/Testcert.key;Ssl_protocols TLSv1.1 TLSv1.2; Ssl_prefer_server_ciphers on;Ssl_dhparam/etc/ssl/certs/Dhparam.pem;Ssl_ciphers "Eecdh+aesgcm:edh+aesgcm:aes256+eecdh:aes256+edh";        Ssl_ecdh_curve secp384r1;        Ssl_session_cache shared:ssl:10m;        Ssl_session_tickets off; Ssl_stapling on; #ensure your cert is capable ssl_stapling_verify on; #ensure your cert is capableAdd_header Strict-transport-security "max-age=63072000; Includesubdomains; Preload "; Add_header x-frame-options Sameorigin; Add_header x-content-type-Options Nosniff;#Redirects all traffic location/{Proxy_pass http://ntmvc; Limit_req Zone=one burst=10Nodelay;Limit_req_status 503; }    }}

six, Nginx boot automatically start

# set Nginx self-boot, create a service file under the/lib/systemd/system/directory Vim/lib/systemd/system/nginx.service

Note that the path here is/lib/systemd/system/, not the/etc/systemd/system/of the above NTMVC project since the start of the service file is worth noting.

The contents are as follows:

[Unit] Description=nginx-high Performance Web Serverafter=network.target remote-fs.target nss-lookup.target[Service]Type= Forkingexecstart=/usr/local/nginx/sbin/nginx-c/usr/local/nginx/conf/nginx.confexecreload=/usr/local/nginx/sbin /nginx-s reloadexecstop=/usr/local/nginx/sbin/nginx-s Stop[install]wantedby=multi-user.target

After the file editing is complete, run the following command to start the service:

Systemctl enable nginx.service# to start the Nginx service systemctl start nginx.service# view state systemctl status Nginx.service

The results are as follows:

There is a caveat here because the certificate we use is generated by ourselves, not by a formal certificate.

Typically, you need to restart the service after modifying the configuration file to execute the following command:

# If the file is modified, this is a must systemctl daemon-reload
# Restart Service Systemctl Restart Nginx.service

Vii. Firewall-related

The following three ports are required to be open, depending on the situation.

#端口firewall-cmd--zone=public--add-port=80/tcp--permanentfirewall-cmd--zone=public--add-port=5000/tcp-- Permanentfirewall-cmd--zone=public--add-port=443/tcp--permanent# start port must be reloaded firewall-cmd--reload# View all open ports: Firewall-cmd  --list-ports

The specific operation:

Reload and display port

Viii. access to relevant

When the above configuration is complete, if the environment is using a real physical machine, or a bridged virtual machine, direct access to the IP address is possible.

If it is a NAT-connected virtual machine, port mapping is required. This experiment uses the VirtualBox to build the virtual machine, take this as an example, according to set up can.

If you are browsing directly in a virtual machine, browse 127.0.0.1 or localhost.

If you are accessing from a host, you can enter https://192.168.56.1:1518 in the host's browser to map to port 443 of the virtual machine, so that the NTMVC project in the virtual machine can be accessed over HTTPS.

Because Add_header strict-transport-security max-age=15768000 is configured in nginx.conf ; that is, HTTPS access is allowed only, so entering http://192.168.56.1:1518 will prompt an error.

As shown in the normal access results (Google Chrome), the reason for this is that the certificate used is generated by itself.

Continue to access the pages in Ntmvc, such as:

Official Reference documents:

Https://docs.microsoft.com/zh-cn/aspnet/core/publishing/linuxproduction?tabs=aspnetcore2x

Category:. Net Core,nginx,linux,centos

Nginx hosted. Net Core Applications