-
Notifications
You must be signed in to change notification settings - Fork 10k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[.NET 8] ASP.NET Core Web API Server is Not Accessible in Docker #52059
Comments
Seems possibly related to https://learn.microsoft.com/en-us/dotnet/core/compatibility/containers/8.0/aspnet-port |
@amcasey Hi, it is not related to the port change, but a bug might be introduced while developing this change. I started the docker with the correct parameters, however, it resulted in giving protocol error message. Again, to do a sanity check, I tried the commands on the webpage that you referred to. The result is the same! |
Visual Studio does some extra work to pass in cert information when it runs your docker container. Let me see if I can find a sample command line. |
If you look in the
Notably, it's mounting a number of volumes containing secrets so that the server in the container will use a certificate that windows already trusts. |
I'd say your best options are to either always launch with VS or load your cert from a file (rather than the cert store) and include that file in your docker image. |
I guess I'm a little skeptical this could have worked with 7.0 because it also needs to mount a folder containing the dev cert(s). |
If you change your sample project to target 7.0, does it behave differently? Edit: Hmm, I guess you have to make a new project because a different dockerfile was generated in 7.0. |
@amcasey thank you very much for the effort to figure this out. This issue not only happens in Windows but also in Ubuntu. It was not happening in .NET 7 (when both project was .net7 as well as the docker image). However, I am not sure about how to mount volumes for secrets in ubuntu. Probably, I would manually move the necessary files from Windows to Ubuntu right? Also, do you have any idea if this can cause any outdoor in the server? I happen to think that it can be solved easily by .NET team. It is really sad to see the errors with .NET 8. |
Exactly, the docker image is different. I guess that might be the main reason behind this. |
I don't see interesting differences. Just a different user and a different port. |
Yes, but what I wanted to say the base docker image from Microsoft might be the issue "FROM mcr.microsoft.com/dotnet/aspnet:8.0". .NET 7 uses "FROM mcr.microsoft.com/dotnet/aspnet:7.0 AS base" command in the dockerfile. |
Sorry, I'm not sure what difference you're pointing out. They definitely use different base images - that's expected. |
I'd like to help with this, but I'm not sure what you're asking. Do you mean that the container image is Ubuntu or that you have another container host that is Ubuntu? |
So, if we don't need to bind volumes when using aspnet:7.0 base image, it might indicate that there are already necessary files for the certificates in that image. However, for aspnet:8.0 it might lack those files? (I am not an expert, just thinking) For the second question: I develop and test the docker images on Windows. Then, I deploy the docker image to the ubuntu server where I run the docker image. |
@amcasey I saw that you are from Microsoft. I want to sincerely share my thoughts on the situation of .NET. Lately, I see many comments that Microsoft lacks speed in fixing the errors in .NET, especially in .NET MAUI which in every release goes two steps forward and one step back. As for our company ( cropy.ai ), we have used C# .NET for a very long time in our backend. We love all the features and the stability on asp.net side. However, for .NET MAUI, it seems like developers can't use the technology because of the bugs. We have an app for Android as well. However, we think that we cannot go with .NET for IOS, Android anymore, but we want to. So, if you can channel the feedback to the appropriate channels, I would be really glad. Other than that, there is nothing much to say. We all see the improvements on the performance side. Thank you again! I hope I didn't sound very bad . If you are not the correct person to write this, I am sorry to bother. |
No, those files are specific to your installation and wouldn't be included in a published image. They're generated when you run
In that case, you're going to need to manage your certificates manually - the development certificates won't be available on other machines, particularly on linux. |
Do you think this issue happening in .NET 8 is still a bug? It was not happening in .NET 7. For now, I am not thinking of updating to .NET 8 from .NET 7. |
I don't work on MAUI myself, but I'll see if I can put you in touch with someone. Thanks for the feedback! Edit: the right people have been notified but there may be a delay because of multiple conferences this week and a major US holiday next week. |
I'm going to need more details about your setup to understand how things could have worked in 7.0. From an aspnetcore perspective, https isn't going to work unless those certs are available to the server running in the container. I'm not aware of a change to the way the container tools plumb them through, but I may have missed something. Let me see whether there's a log statement that lists where a cert was pulled from. Edit: No, it only logs on failure. |
How are you setting your certificate(s) now? The two most common ways are in appsettings.json and in code by calling |
Since you're working with toy applications (e.g. WebApplication4), are you able to share a 7.0 example that does work and an 8.0 example that doesn't? Creating a repo and linking to that might be easiest. |
I don't use any certificate for the asp.net server since I provide the SSL certificate from AWS for the backend domain. AWS takes all requests and redirects them to the backend server machine. |
Now, I tried it and it doesn't work with .NET 7 aspnet image as well. I think the recent docker image update might be the reason. https://hub.docker.com/_/microsoft-dotnet-aspnet?tab=description I will try with older docker images for .NET 7 asap. EDIT: I am looking for ways to access the older version of the docker image from Microsoft. However, I am not sure if it can be found. I'll keep looking. |
You may also want to try with an older version of VS if you recently updated. I can't recall whether the docker tools version with .net or with VS, but I would have guessed VS. |
Wait, I didn't read this carefully enough. The issue is actually that the server shouldn't be using HTTPS at all for this connection? That would certainly explain why there's no cert. In that case, though, shouldn't you be navigating to http://localhost:8080/swagger, rather than https://localhost:8080/swagger? Edit: I had to (a) comment out |
Yeah, actually it works. I thought I tried that before by closing https redirection. I guess I didn't. Accessing the HTTP URL worked well. Let me check the actual server side quickly. |
@cropyai I can answer your questions about .NET MAUI and get you assistance with the issues impacting your development. So we don't jam of this issue with the conversation, send me an email and we can connect once the conferences are done next week. david.ortinau@microsoft.com |
@davidortinau Hi David, thank you very much for contacting us. Until this time, we encountered many issues for which we managed to find workarounds later on. After upgrading to .NET 8, we got two new issues. We would be glad of the support provided. I will send you an email with the confirmed company mail that ends with @cropy.ai . Have a nice day / evening! |
@amcasey I was able to successfully run my backend server in a docker container on my local computer without any problem. For the ubuntu machine that we have, I tried to run the same image on that machine. However, it didn't work at the beginning. I tried with a different machine and "somehow" it worked on the new machine even though both machines had the same security groups and settings. Now, we changed the machine to the new one on which the docker image worked well. Now, it seems there is no issue on my side. I don't know why it didn't work in the previous machine, but anyways. Thanks for the effort and helping me! I guess this was a change from .NET 7 to .NET 8 or new docker images of aspnet, either way, we weren't aware of the new behavior. Thank you again! |
@davidortinau Our emails sometimes go to the spam folder. I have sent you an email from info@cropy.ai . Thank you for the support offer! |
Is there an existing issue for this?
Describe the bug
Hi,
I created a clean, default ASP.NET Core Web API project. The project name is "WebApplication4". I didn't change a thing in the project. So, everything is intact. I ran this project in release mode & docker. No problem until this point. I closed the docker container and tried to rerun the docker image using command line. My command was
docker run -it -p 8080:8080 webapplication4:latest
. I tried to accesshttps://localhost:8080/swagger
andhttps://localhost:8080/swagger/index.html
. However, none of them is opening and I got an error like thisERR_SSL_PROTOCOL_ERROR
.To fix this, I cleaned all SSL protocols defined before and redefined it by trusting. It did not help. No change in the behaviour.
->
dotnet dev-certs https --clean
->
dotnet dev-certs https
This behavior did not happen before until I updated my visual studio for .net 8.
The docker file is:
The launchSettings.json file is:
Expected Behavior
https://localhost:8080/swagger
url should have been accessed successfully after running the docker from command line.Steps To Reproduce
-> Open Visual Studio 17.8.0.
-> Create a ASP.NET Core Web API with default settings.
-> Run once in release mode in docker.
-> Close the container.
-> Rerun the docker image via command line terminal using
docker run -it -p 8080:8080 webapplication4:latest
.-> The server is not accessible via
https://localhost:8080/swagger
.Exceptions (if any)
No response
.NET Version
8.0.100
Anything else?
Visual Studio 17.8.0
.NET 8.0.100
The text was updated successfully, but these errors were encountered: