1. The premise
first need to apply for SSL validation, I use Ali
Ali has a free security token apply for a one year period, of course, can choose other charges or free agency
2.
some of the key configuration, here is nginx centos system
server { listen 443; ssl on; server_name admin.mu-booking.com; ssl_certificate /www/wwwroot/Cf.WebApp/wwwroot/cert/fullchain.pem; ssl_certificate_key /www/wwwroot/Cf.WebApp/wwwroot/cert/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { try_files $uri @gunicorn_proxy; } location @gunicorn_proxy { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_pass https://127.0.0.1:5443; proxy_connect_timeout 500s; proxy_read_timeout 500s; proxy_send_timeout 500s; } location ~/Hub { proxy_pass https://127.0.0.1:5443; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } }
ssl_certificate, ssl_certificate_key path to correspond well, of course, you can set the path to another location, easy to update,
this SSL authentication token file, to choose a good time to download the corresponding service, nginx, there iis, Apache, etc., would anyway compatible with mainstream services.
Here it is seen that we must have a web-accessible network addresses. For example https://127.0.0.1:5443
then nginx will delegate to 443 ssl port, the external network can be directly accessed using https.
3.
Some .net core under ssl settings
public class Program { public static void Main(string[] args) { // NLog: setup the logger first to catch all errors var logger = NLogBuilder.ConfigureNLog("nlog.config").GetCurrentClassLogger(); try { logger.Debug("init main"); CreateWebHostBuilder(args).Build().Run(); } catch (Exception ex) { //NLog: catch setup errors logger.Error(ex, "Stopped program because of exception"); throw; } finally { // Ensure to flush and stop internal timers/threads before application-exit (Avoid segmentation fault on Linux) NLog.LogManager.Shutdown(); } } public static IWebHostBuilder CreateWebHostBuilder(string[] args) => WebHost.CreateDefaultBuilder(args) .UseStartup<Startup>() .UseKestrel().UseUrls("http://*:5004", "https://*:5443") .ConfigureLogging(logging => { logging.ClearProviders(); logging.SetMinimumLevel(LogLevel.Trace); }) .UseNLog(); }
The simplest, UseKestrel (after) plus UseUrls, so two addresses can be started.
If you do not UseKestrel, direct UseUrls can only use http