Aspnet website in docker in windows, IIS and self-signed certificate
The application is hosted in a docker container. The actual folder with the app publish, is mapped into the container, so when the code changes it’s inmediatly reflected in the running container.
Dockerfile
FROM mcr.microsoft.com/dotnet/framework/aspnet:4.8
SHELL [ "powershell" ]
COPY src/Bustroker.LocalEnv.WebUI/bin/app.publish c:/webapp
ADD configureIIS.ps1 /windows/temp/configureIIS.ps1
RUN powershell.exe -executionpolicy bypass c:\windows\temp\configureIIS.ps1
Configure IIS script
configureIIS.ps1 script, copied into the image on build.
# Configure SSL certificate for default website
Import-Module WebAdministration
Set-Location IIS:\SslBindings
New-WebBinding -Name "Default Web Site" -IP "*" -Port 443 -Protocol https
$c = New-SelfSignedCertificate -DnsName "localhost" -CertStoreLocation cert:\LocalMachine\My
$c | New-Item 0.0.0.0!443
New-WebApplication -Site 'Default Web Site' -Name 'webapp' -PhysicalPath 'C:\webapp'
# Set full access to app folder for default app pool. This is required if the app folder is being mapped to the host rather than copying the content to the container.
$path = "C:\webapp"
$user = "IIS AppPool\DefaultAppPool"
$acl = Get-Acl $path
$accessRule = New-Object system.security.accesscontrol.filesystemaccessrule($User,"FullControl", "ContainerInherit,ObjectInherit", "None", "Allow")
$acl.SetAccessRule($accessRule)
Set-Acl $path $acl
Docker compose
Instead of copying the app, the folder is being mapped to host’s folder. Better approach for development.
version: '3.8'
services:
webapp:
build: .
ports:
- "80:80"
- "443:443"
volumes:
- ./src/Bustroker.WebUI/bin/app.publish:C:/webapp
Run
Compile and publish the site file system, e.g., to default folder bin/app.publish.
Then run
docker-compose up -d --build
Browse to http://localhost/webapp, or to https://localhost/webapp. There is of course the warning This CA Root certificate is not trusted because it is not in the Trusted Root Certification Authorities store.