Deploy .NET to AWS

From MgmtWiki
Revision as of 18:49, 14 May 2019 by Tom (talk | contribs) (Solutions)

Jump to: navigation, search

Full Title

Deploying a ASP.NET core website to Amazon Web Services

Context

  • Bring up a secure web site deployment with a minimum of fuss.
  • At first the challenge is getting the Web Site working well.
  • The assumption here is that the design is not fully fleshed out as the User Experience needs to be functional before it can be fully evaluated.
  • Later the problem is to get the performance to be good while the deployment expands to multiple instances.

Problems

  • The largest part of the problem is not getting the web site to run, but rather to ensure that it is secure using SSL certificates and HTTPS.

Solutions

Debugging

  • It is possible to install and run AWS PowerShell tools on your local computer to see what EC2 instances look like. (An instance is one server running the site.)
  • It is also possible to look at EB, but that requires the local computer to enable Python and PIP.
  • Windows Remote Desktop can be enabled to see what the EC2 instance really looks like. Clink here for information on Connecting to Your Windows Instance.
    • You will need to have the RDP client installed on Windows, which is common, or on other operating systems, which is uncommon.
    • You need a key pair - using AWS PowerShell these are the instructions for the EC2Key pair cmdlet if you have not already created a pem file for this purpose. You can only retrieve the private key when you create the key pair, so be sure to save the key to a file.
    • You will need to open the port on EC2 for RDP inbound traffic Adding a Rule for Inbound RDP Traffic to a Windows Instance
    • One easy way to start the RDP client is to navigate to the EC2 console, select the instance to be view and click on the "Connect" button at the top. A RDP connection string will be downloaded that you can put in a convenient place, like your desktop.
  • Easiest good access is via System Manager / Session Manager, which provides a remote PowerShell console on the targeted EC2 instance.
  • If http:// works and https:// gives "Server not found" error, then the following steps should help:
    • Run "netstat -ano" in session manager. Check that server is listening on port 443.
    • Navigate to cert store "cd Cert:\LocalMachine\my" and list certificates to be sure the SSL cert is loaded and has a key "(dir)[0] | fl *" where the index "[0]" matches the https cert.
    • Examine firewall WebServerRole rules: Show-NetFirewallRule -PolicyStore ActiveStore | % {If($_.Name -match "WebServerRole") {$_}}
    • See if there are any errors from HTTPS (Schannel): Get-EventLog -LogName "system" -Source "Schannel"
    • Try to restore an existing key and certificate:
PS Cert:\LocalMachine\my> certutil –repairstore my "EF96A6EDFE748ADA67CEFEEE6CF49DE46707EEF4"
my "Personal"
================ Certificate 0 ================
Serial Number: 8f68e93d4e66871c887b0746e69f68bb
Issuer: CN=Network Solutions DV Server CA 2, O=Network Solutions L.L.C., L=Herndon, S=VA, C=US
 NotBefore: 9/26/2018 12:00 AM
 NotAfter: 9/17/2019 11:59 PM
Subject: CN=trustregistry.us, OU=nsProtect Secure Xpress, OU=Domain Control Validated
Non-root Certificate
Cert Hash(sha1): ef96a6edfe748ada67cefeee6cf49de46707eef4
  Key Container = {7E9AF5F5-A40F-42C7-A5D0-ED58AB3A1F0B}
  Unique container name: bdbc4122a6c91f3c7d76e0f0a30150a2_c99fc568-d037-4591-84ac-a83617d2c480
  Provider = Microsoft Software Key Storage Provider
Private key is NOT exportable
Encryption test passed
CertUtil: -repairstore command completed successfully.
PS Cert:\LocalMachine\my>

References