Difference between revisions of "Deploy .NET to AWS"
From MgmtWiki
(→Debugging) |
(→Debugging) |
||
| Line 31: | Line 31: | ||
** Navigate to cert store "cd Cert:\LocalMachine\my" and list certificates to be sure the SSL cert is loaded and has a key "(dir)[0] | fl *" where the index "[0]" matches the https cert. | ** Navigate to cert store "cd Cert:\LocalMachine\my" and list certificates to be sure the SSL cert is loaded and has a key "(dir)[0] | fl *" where the index "[0]" matches the https cert. | ||
** Examine firewall WebServerRole rules: Show-NetFirewallRule -PolicyStore ActiveStore | % {If($_.Name -match "WebServerRole") {$_}} | ** Examine firewall WebServerRole rules: Show-NetFirewallRule -PolicyStore ActiveStore | % {If($_.Name -match "WebServerRole") {$_}} | ||
| − | + | ** Try to restore an existing key and certificate: | |
| − | + | PS Cert:\LocalMachine\my> certutil –repairstore my "EF96A6EDFE748ADA67CEFEEE6CF49DE46707EEF4" | |
my "Personal" | my "Personal" | ||
================ Certificate 0 ================ | ================ Certificate 0 ================ | ||
Revision as of 14:07, 14 May 2019
Full Title
Deploying a ASP.NET core website to Amazon Web Services
Context
- Bring up a secure web site deployment with a minimum of fuss.
- At first the challenge is getting the Web Site working well.
- The assumption here is that the design is not fully fleshed out as the User Experience needs to be functional before it can be fully evaluated.
- Later the problem is to get the performance to be good while the deployment expands to multiple instances.
Problems
- The largest part of the problem is not getting the web site to run, but rather to ensure that it is secure using SSL certificates and HTTPS.
Solutions
- Elastic Compute Cloud (EC2) was selected as the resource for its ease of deployment and expansion to handle volume.
- Elastic Beanstalk (EB) automates some of the deployment and expansion services for EC2. Creating and Deploying Elastic Beanstalk Applications in .NET Using AWS Toolkit for Visual Studio.
- Terminating HTTPS on Amazon EC2 Instances Running .NET on single instances (not behind a load balancer.)
Debugging
- It is possible to install and run AWS PowerShell tools on your local computer to see what EC2 instances look like. (An instance is one server running the site.)
- Setting up the AWS Tools for PowerShell on a Windows-based Computer
- PS C:\> Import-Module AWSPowerShell
- PS C:\> Get-AWSPowerShellVersion
- It is also possible to look at EB, but that requires the local computer to enable Python and PIP.
- Windows Remote Desktop can be enabled to see what the EC2 instance really looks like. Clink here for information on Connecting to Your Windows Instance.
- You will need to have the RDP client installed on Windows, which is common, or on other operating systems, which is uncommon.
- You need a key pair - using AWS PowerShell these are the instructions for the EC2Key pair cmdlet if you have not already created a pem file for this purpose. You can only retrieve the private key when you create the key pair, so be sure to save the key to a file.
- You will need to open the port on EC2 for RDP inbound traffic Adding a Rule for Inbound RDP Traffic to a Windows Instance
- One easy way to start the RDP client is to navigate to the EC2 console, select the instance to be view and click on the "Connect" button at the top. A RDP connection string will be downloaded that you can put in a convenient place, like your desktop.
- Easiest good access is via System Manager / Session Manager, which provides a remote PowerShell console on the targeted EC2 instance.
- If http:// works and https:// gives "Server not found" error, then the following steps should help:
- Run "netstat -ano" in session manager. Check that server is listening on port 443.
- Navigate to cert store "cd Cert:\LocalMachine\my" and list certificates to be sure the SSL cert is loaded and has a key "(dir)[0] | fl *" where the index "[0]" matches the https cert.
- Examine firewall WebServerRole rules: Show-NetFirewallRule -PolicyStore ActiveStore | % {If($_.Name -match "WebServerRole") {$_}}
- Try to restore an existing key and certificate:
PS Cert:\LocalMachine\my> certutil –repairstore my "EF96A6EDFE748ADA67CEFEEE6CF49DE46707EEF4"
my "Personal"
================ Certificate 0 ================
Serial Number: 8f68e93d4e66871c887b0746e69f68bb
Issuer: CN=Network Solutions DV Server CA 2, O=Network Solutions L.L.C., L=Herndon, S=VA, C=US
NotBefore: 9/26/2018 12:00 AM
NotAfter: 9/17/2019 11:59 PM
Subject: CN=trustregistry.us, OU=nsProtect Secure Xpress, OU=Domain Control Validated
Non-root Certificate
Cert Hash(sha1): ef96a6edfe748ada67cefeee6cf49de46707eef4
Key Container = {7E9AF5F5-A40F-42C7-A5D0-ED58AB3A1F0B}
Unique container name: bdbc4122a6c91f3c7d76e0f0a30150a2_c99fc568-d037-4591-84ac-a83617d2c480
Provider = Microsoft Software Key Storage Provider
Private key is NOT exportable
Encryption test passed
CertUtil: -repairstore command completed successfully.
PS Cert:\LocalMachine\my>
