Difference between revisions of "Develop .NET 6.0"
From MgmtWiki
(→Full Title) |
(→Full Title) |
||
| Line 1: | Line 1: | ||
==Full Title== | ==Full Title== | ||
| − | Developing and | + | Developing and deploying a ASP.NET core website to cross platform. |
==Context== | ==Context== | ||
Revision as of 14:32, 3 April 2021
Full Title
Developing and deploying a ASP.NET core website to cross platform.
Context
- Bring up a secure web site deployment with a minimum of fuss.
- At first the challenge is getting the Web Site working well.
- The assumption here is that the design is not fully fleshed out as the User Experience needs to be functional before it can be fully evaluated.
- Later the problem is to get the performance to be good while the deployment expands to multiple instances.
Problems
- The largest part of the problem is not getting the web site to run, but rather to ensure that it is secure using SSL certificates and HTTPS.
Solutions
- Elastic Compute Cloud (EC2) was selected as the resource for its ease of deployment and expansion to handle volume.
- Elastic Beanstalk (EB) automates some of the deployment and expansion services for EC2. Creating and Deploying Elastic Beanstalk Applications in .NET Using AWS Toolkit for Visual Studio.
- Terminating HTTPS on Amazon EC2 Instances Running .NET on single instances (not behind a load balancer for this use case.)
- On the EC2 instance you need to open HTTPS port (443). To do that, you go to https://console.aws.amazon.com/ec2/ and click on the Security Groups link on the left, then change the existing or create a new security group to include HTTPS availability. It is best to select the HTTPS type in the drop-down menu to add to a security group as it will create entries for both IPV4 and IPV6 address ranges. After accepting the change, be sure that 0.0.0.0/0 is enabled for port 443.
- pushing the private key to an S3 bucket.
Debugging
- "The site cannot be reached" is typically caused by the fact that Amazon does not enable HTTPS (port 443) by default. To fix go to EC2 console and check security groups to be sure 0.0.0.0/0 is enabled for port 443.
- It is possible to install and run AWS PowerShell tools on your local computer to see what EC2 instances look like. (An instance is one server running the site.)
- Setting up the AWS Tools for PowerShell on a Windows-based Computer
- PS C:\> Import-Module AWSPowerShell
- PS C:\> Get-AWSPowerShellVersion
- It is also possible to look at EB, but that requires the local computer to enable Python and PIP.
- Windows Remote Desktop can be enabled to see what the EC2 instance really looks like. Clink here for information on Connecting to Your Windows Instance.
- You will need to have the RDP client installed on Windows, which is common, or on other operating systems, which is uncommon.
- You need a key pair - using AWS PowerShell these are the instructions for the EC2Key pair cmdlet if you have not already created a pem file for this purpose. You can only retrieve the private key when you create the key pair, so be sure to save the key to a file.
- You will need to open the port on EC2 for RDP inbound traffic Adding a Rule for Inbound RDP Traffic to a Windows Instance
- One easy way to start the RDP client is to navigate to the EC2 console, select the instance to be view and click on the "Connect" button at the top. A RDP connection string will be downloaded that you can put in a convenient place, like your desktop.
- Easiest good access is via System Manager / Session Manager, which provides a remote PowerShell console on the targeted EC2 instance.
- If http:// works and https:// gives "Server not found" error, then the following steps should help:
- Run "netstat -ano" in session manager. Check that server is listening on port 443.
- Navigate to cert store "cd Cert:\LocalMachine\my" and list certificates to be sure the SSL cert is loaded and has a key "(dir)[0] | fl *" where the index "[0]" matches the https cert.
- Examine firewall WebServerRole rules: Show-NetFirewallRule -PolicyStore ActiveStore | % {If($_.Name -match "WebServerRole") {$_}}
- See if there are any errors from HTTPS (Schannel): Get-EventLog -LogName "system" -Source "Schannel"
- Try to restore an existing key and certificate:
PS Cert:\LocalMachine\my> certutil –repairstore my "EF96A6EDFE748ADA67CEFEEE6CF49DE46707EEF4"
my "Personal"
================ Certificate 0 ================
Serial Number: 8f68e93d4e66871c887b0746e69f68bb
Issuer: CN=Network Solutions DV Server CA 2, O=Network Solutions L.L.C., L=Herndon, S=VA, C=US
NotBefore: 9/26/2018 12:00 AM
NotAfter: 9/17/2019 11:59 PM
Subject: CN=trustregistry.us, OU=nsProtect Secure Xpress, OU=Domain Control Validated
Non-root Certificate
Cert Hash(sha1): ef96a6edfe748ada67cefeee6cf49de46707eef4
Key Container = {7E9AF5F5-A40F-42C7-A5D0-ED58AB3A1F0B}
Unique container name: bdbc4122a6c91f3c7d76e0f0a30150a2_c99fc568-d037-4591-84ac-a83617d2c480
Provider = Microsoft Software Key Storage Provider
Private key is NOT exportable
Encryption test passed
CertUtil: -repairstore command completed successfully.
PS Cert:\LocalMachine\my>
