Prerequisites
- DNS resolution configured for your hostname
- The certificate installed or available
Configuration on IIS
To configure HTTPS on your IIS site you can follow these steps:
- Open the IIS Manager and edit your site bindings
- Add a new binding
- Set the new binding protocol to https
- Fill in the hostname for the site
- Select the certificate corresponding to the hostname
To configure http to https redirection for the site you can edit the web.config directly.
Navigate to the site installation folder and open the web.config file and the follwing section inside the toplevel <system.webserver> section.
<rewrite> <rules> <rule name="HTTPS Redirect" stopProcessing="true"> <match url="(.*)" /> <conditions> <add input="{HTTPS}" pattern="^OFF$" /> </conditions> <action type="Redirect" url="https://{HTTP_HOST}{REQUEST_URI}" appendQueryString="false" /> </rule> </rules> </rewrite>
Configuration on docker
To enable HTTPS on your docker installation you first need to define the HTTPS port by providing the following environment variables to the container:
ASPNETCORE_URLS = https://+:<HTTPS PORT>;http://+:<HTTP PORT> ASPNETCORE_HTTPS_PORTS = <HTTPS PORT>
You need to substitute:
- HTTP PORT with the HTTP port you want to expose
- HTTPS PORT with the HTTPS port you want to expose
Then you need to configure the certificate to use with HTTPS. To accomplish that on Kestrel (the server used inside the container) you need to define different environment variables based on the type of certificate you are using:
For .pfx certificates:
ASPNETCORE_Kestrel__Certificates__Default__Path = <PATH TO THE .pfx CERTIFICATE> ASPNETCORE_Kestrel__Certificates__Default__Password = <CERTIFICATE PASSWORD>
For .pem/.crt certificates:
ASPNETCORE_Kestrel__Certificates__Default__Path = <PATH TO THE .pem/.crt CERTIFICATE> ASPNETCORE_Kestrel__Certificates__Default__KeyPath = <PATH TO THE KEY FILE> ASPNETCORE_Kestrel__Certificates__Default__Password = <CERTIFICATE PASSWORD>
You need to substitute:
- CERTIFICATE PASSWORD with the password of the HTTPS certificate
- PATH TO CERTIFICATE with the path (relative to the container) where the certificate will be found
- PATH TO KEY FILE with the path (relative to the container) where the certificate key will be found
To make your certificate available in the container you can mount a volume from your local drive, use the docker compose secrets or using your cloud provider specific service.
Here's and example of compose file with the specific HTTPS configuration added (.pfx certificate):
services: ... mongo service definition indyco: image: 'iconsulting/indyco/server:latest' restart: always depends_on: - mongo ports: - 5000:5000 - 5001:5001 #added binding for the HTTPS port volumes: - ./https:/https:ro #added volume mapping to inject the certificate environment: <OTHER CONFIGURATIONS> - ASPNETCORE_URLS=https://+:5001;http://+:5000 #url binding - ASPNETCORE_HTTPS_PORTS=5001 #HTTPS port definition for HTTP to HTTPS redirect - ASPNETCORE_Kestrel__Certificates__Default__Password=password #Certificate password - ASPNETCORE_Kestrel__Certificates__Default__Path=/https/cert.pfx #Certificate path inside the mounted volume volumes: data: external: true
For more information: