Closed FritzTheCat9 closed 5 months ago
Blazor wasm working on http (docker + nginix) Check Blazor wasm https later if any good configs on the internet
Blazor WASM HTTPS was working with this settings:
Install OpenSSL: https://slproweb.com/products/Win32OpenSSL.html Win64 OpenSSL v3.3.0 exe
Add environment variable to Path: C:\Windows\System32\OpenSSH\
Check if OpenSSL is working: openssl version
Generate a Private Key and Certificate Signing Request (CSR): openssl req -newkey rsa:2048 -nodes -keyout private.key -out certificate.csr
Generate a Self-Signed Certificate: openssl x509 -req -days 365 -in certificate.csr -signkey private.key -out certificate.crt
You will have 3 files generated:
docker-compose (add blazor service volumes - key, certificate):
volumes:
nginx.conf:
events { }
http {
include mime.types;
server {
listen 80;
index index.html;
# Redirect HTTP to HTTPS
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
index index.html;
# SSL configuration
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/private.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
location / {
root /usr/share/nginx/html;
try_files $uri $uri/ /index.html;
}
}
}
To refresh blazor wasm website clear this cache:
HTTPS Blazor WASM works - OK HTTP -> HTTPS redirection works - OK HTTPS site shows that certificate is untrusted - WRONG
events { }
http {
include mime.types;
server {
listen 80;
return 301 https://localhost:7001$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/certificate.crt;
ssl_certificate_key /etc/nginx/private.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
location / {
root /usr/share/nginx/html;
index index.html;
try_files $uri $uri/ /index.html;
}
}
}
Blazor https works just need to have secure certificate passed, to do when doing deploy on raspberry pi