【asp.net core】Publish to a Linux-Ubuntu 14.04 Server Production Environment

標籤：左右   single   例子   eal   tab   war   about   ssl   require   

Submary

又升級了，目錄結構有變化了 。

project.json and Visual Studio 2015 with .NET Core

On March 7, 2017, the .NET Core and ASP.NET Core documentation was updated for the release of Visual Studio 2017. The previous version of the documentation used Visual Studio 2015 and pre-release tooling based on the project.json file.

project.json 和 csproj 屬性之間的映射2017-3-13 4 分鐘閱讀時間長度 作者 

 
• 作者 Nate McMaster

.NET Core 工具的開發過程中實施了一項重要的設計更改，即不再支援 project.json 檔案，而是將 .NET Core 項目轉移到 MSBuild/csproj 格式

來自微軟官方的文檔：https://docs.microsoft.com/zh-cn/dotnet/core/tools/project-json-to-csproj

看來確實沒了.........

這個 project.json  是對以前1.0版本的。到1.1 消失了..........NET Core計劃棄用project.json

Microsoft最終宣布project.json實驗失敗，將轉回使用.csproj檔案。但是轉變不會馬上發生，最近發布的.NET Core RC2（又稱tooling preview 1）將繼續使用.xproj 以及project.json。

從.NET Core RTM/tooling preview 2開始，Visual Studio將自動重新命名.xproj檔案為.csproj。但是project.json的功能暫時還不會改變。

從preview 2之後，Microsoft將持續移動project.json的功能到.csproj中去。只需要升級Visual Studio就可以完成部分更新。比如說，儘管Visual Studio堅持一個一個添加源檔案，.csproj現在已經支援萬用字元。project.json的其他功能整合到.csproj中去可能需要完成更多的工作。

在完成遷移之後，project.json可能只作為Nuget包的替代方案存在，那時project.json將被重新命名為nuget.json。

MSBuild

你們可能不知道，.csproj檔案確實只是.msbuild指令碼的專業版本。這就意味著，當.NET Core啟動並執行時候，MSBuild 必須可用。

長期以來，Microsoft 一直在想辦法將NuGet的功能直接添加到MSBuild中。（現在MSBuild依靠擴充訪問NuGet。）

 

Asp.NetCore1.1版本去掉了project.json後如何打包產生跨平台包， 為了更好跟進AspNetCore的發展，把之前用來做netcore開發的vs2015卸載後並安裝了vs2017，這給我帶來的直接好處是把我報紅的C盤騰出10GB左右的空間，從這裡直接能感受到vs2017體積如此之小；之前有寫過一篇開源netcore服務的文章 開源一個跨平台啟動並執行服務外掛程式 - TaskCore.MainForm，裡面有講述netcore項目組建和部署在 win7和ubuntu16.04系統上的例子，感興趣的朋友可以去看看；下面開始本文的內容，希望大家能夠喜歡，也希望各位多多" 掃碼支援"和" 推薦"謝謝！

 

Publish to a Linux Production Environment

By Sourabh Shirhatti

In this guide, we will cover setting up a production-ready ASP.NET environment on an Ubuntu 14.04 Server.

We will take an existing ASP.NET Core application and place it behind a reverse-proxy server. We will then setup the reverse-proxy server to forward requests to our Kestrel web server.

Additionally we will ensure our web application runs on startup as a daemon and configure a process management tool to help restart our web application in the event of a crash to guarantee high availability.

Prerequisites

1. Access to an Ubuntu 14.04 Server with a standard user account with sudo privilege.

2. An existing ASP.NET Core application.

Copy over your app

Run dotnet publish from your dev environment to package your application into a self-contained directory that can run on your server.

Before we proceed, copy your ASP.NET Core application to your server using whatever tool (SCP, FTP, etc) integrates into your workflow. Try and run the app and navigate to http://<serveraddress>:<port> in your browser to see if the application runs fine on Linux. I recommend you have a working app before proceeding.

[!NOTE] You can use Yeoman to create a new ASP.NET Core application for a new project.

Configure a reverse proxy server

A reverse proxy is a common setup for serving dynamic web applications. The reverse proxy terminates the HTTP request and forwards it to the ASP.NET application.

Why use a reverse-proxy server?

Kestrel is great for serving dynamic content from ASP.NET, however the web serving parts aren’t as feature rich as full-featured servers like IIS, Apache or Nginx. A reverse proxy-server can allow you to offload work like serving static content, caching requests, compressing requests, and SSL termination from the HTTP server. The reverse proxy server may reside on a dedicated machine or may be deployed alongside an HTTP server.

For the purposes of this guide, we are going to use a single instance of Nginx that runs on the same server alongside your HTTP server. However, based on your requirements you may choose a different setup.

Install Nginx

sudo apt-get install nginx

[!NOTE] If you plan to install optional Nginx modules you may be required to build Nginx from source.

We are going to apt-get to install Nginx. The installer also creates a System V init script that runs Nginx as daemon on system startup. Since we just installed Nginx for the first time, we can explicitly start it by running

sudo service nginx start

At this point you should be able to navigate to your browser and see the default landing page for Nginx.

Configure Nginx

We will now configure Nginx as a reverse proxy to forward requests to our ASP.NET application

We will be modifying the /etc/nginx/sites-available/default, so open it up in your favorite text editor and replace the contents with the following.

server {    listen 80;    location / {        proxy_pass http://localhost:5000;        proxy_http_version 1.1;        proxy_set_header Upgrade $http_upgrade;        proxy_set_header Connection keep-alive;        proxy_set_header Host $host;        proxy_cache_bypass $http_upgrade;    }}

This is one of the simplest configuration files for Nginx that forwards incoming public traffic on your port 80 to a port 5000that your web application will listen on.

Once you have completed making changes to your nginx configuration you can run sudo nginx -t to verify the syntax of your configuration files. If the configuration file test is successful you can ask nginx to pick up the changes by running sudo nginx -s reload.

Monitoring our Web Application

Nginx will forward requests to your Kestrel server, however unlike IIS on Windows, it does not mangage your Kestrel process. In this tutorial, we will use supervisor to start our application on system boot and restart our process in the event of a failure.

Installing supervisor

sudo apt-get install supervisor

[!NOTE] supervisor is a python based tool and you can acquire it through pip or easy_install instead.

Configuring supervisor

Supervisor works by creating child processes based on data in its configuration file. When a child process dies, supervisor is notified via the SIGCHILD signal and supervisor can react accordingly and restart your web application.

To have supervisor monitor our application, we will add a file to the /etc/supervisor/conf.d/ directory.

/etc/supervisor/conf.d/hellomvc.conf

[program:hellomvc]command=/usr/bin/dotnet /var/aspnetcore/HelloMVC/HelloMVC.dlldirectory=/var/aspnetcore/HelloMVC/autostart=trueautorestart=truestderr_logfile=/var/log/hellomvc.err.logstdout_logfile=/var/log/hellomvc.out.logenvironment=HOME=/var/www/,ASPNETCORE_ENVIRONMENT=Productionuser=www-datastopsignal=INTstopasgroup=truekillasgroup=true

Once you are done editing the configuration file, restart the supervisord process to change the set of programs controlled by supervisord.

sudo service supervisor stopsudo service supervisor start

Start our web application on startup

In our case, since we are using supervisor to manage our application, the application will be automatically started by supervisor. Supervisor uses a System V Init script to run as a daemon on system boot and will susbsequently launch your application. If you chose not to use supervisor or an equivalent tool, you will need to write a systemd or upstart or SysVinit script to start your application on startup.

Viewing logs

Supervisord logs messages about its own health and its subprocess‘ state changes to the activity log. The path to the activity log is configured via the logfile parameter in the configuration file.

sudo tail -f /var/log/supervisor/supervisord.log

You can redirect application logs (STDOUT and STERR) in the program section of your configuration file.

tail -f /var/log/hellomvc.out.log

Securing our applicationEnable  AppArmor

Linux Security Modules (LSM) is a framework that is part of the Linux kernel since Linux 2.6 that supports different implementations of security modules. AppArmor is a LSM that implements a Mandatory Access Control system which allows you to confine the program to a limited set of resources. Ensure AppArmor is enabled and properly configured.

Configuring our firewall

Close off all external ports that are not in use. Uncomplicated firewall (ufw) provides a frontend for iptables by providing a command-line interface for configuring the firewall. Verify that ufw is configured to allow traffic on any ports you need.

sudo apt-get install ufwsudo ufw enablesudo ufw allow 80/tcpsudo ufw allow 443/tcp

Securing Nginx

The default distribution of Nginx doesn‘t enable SSL. To enable all the security features we require, we will build from source.

Download the source and install the build dependencies

# Install the build dependenciessudo apt-get updatesudo apt-get install build-essential zlib1g-dev libpcre3-dev libssl-dev libxslt1-dev libxml2-dev libgd2-xpm-dev libgeoip-dev libgoogle-perftools-dev libperl-dev# Download nginx 1.10.0 or latestwget http://www.nginx.org/download/nginx-1.10.0.tar.gztar zxf nginx-1.10.0.tar.gz

Change the Nginx response name

Edit src/http/ngx_http_header_filter_module.c

static char ngx_http_server_string[] = "Server: Your Web Server" CRLF;static char ngx_http_server_full_string[] = "Server: Your Web Server" CRLF;

Configure the options and build

The PCRE library is required for regular expressions. Regular expressions are used in the location directive for the ngx_http_rewrite_module. The http_ssl_module adds HTTPS protocol support.

Consider using a web application firewall like ModSecurity to harden your application.

./configure--with-pcre=../pcre-8.38--with-zlib=../zlib-1.2.8--with-http_ssl_module--with-stream--with-mail=dynamic

Configure SSL

• Configure your server to listen to HTTPS traffic on port 443 by specifying a valid certificate issued by a trusted Certificate Authority (CA).

• Harden your security by employing some of the practices suggested below like choosing a stronger cipher and redirecting all traffic over HTTP to HTTPS.

• Adding an HTTP Strict-Transport-Security (HSTS) header ensures all subsequent requests made by the client are over HTTPS only.

• Do not add the Strict-Transport-Security header or chose an appropriate max-age if you plan to disable SSL in the future.

Add /etc/nginx/proxy.conf configuration file.

[!code-nginxMain]

Edit /etc/nginx/nginx.conf configuration file. The example contains both http and server sections in one configuration file.

[!code-nginxMain]

【asp.net core】Publish to a Linux-Ubuntu 14.04 Server Production Environment