dockerasp.net-coreamazon-ecsaws-fargate

Aspnet:8.0 Docker Image does not listen on port 8081 when deployed to Amazon ECS


We have a simple web project built using .Net 8.0 and using Docker. We have made no changes to the default Dockerfile that Visual Studio created

FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS base
USER app
WORKDIR /app
EXPOSE 8080
EXPOSE 8081

When we run this in Docker Desktop we can see it logs two entries

Now listening on: http://[::]:8080
Now listening on: https://[::]:8081

When deployed to ECS (Fargate) it only ever listens on http://[::]8080 and not https.

Does anyone know why?


Solution

  • Wanted to post an update as I have managed to solve it and it may help others.

    When running the project from Visual Studio, the magic behind the scenes creates the developer self signed certificates and injects them into the kestrel web server.

    When running in production this does not happen so you need to manually add the certificates. Ideally you should use production SSL certificates that are fully valid but in my case for AWS I could not as these were bound to the load balancers and not exportable.

    What I did was:

    1. Create a self signed certificate from a private key using openssl.
    2. Converted this into a pfx file using openssl.
    3. Created a folder in the project called Certificates and added the pfx file setting the copy attribute to "Copy Always". This ensures that on every build the certificate is available locally on the image.
    4. Set the following environment variables in AWS (you can add this to dockerfile though this will expose your password)

    ASPNETCORE_HTTPS_PORTS=8081 ASPNETCORE_Kestrel__Certificates__Default__Password=mycertificatepassword ASPNETCORE_Kestrel__Certificates__Default__Path=/app/Certificates/ProductionCertificate.pfx