• P1_384875
  • 72.8KB
  • zip
  • 0
  • VIP专享
  • 0
  • 2022-06-15 00:01
首先为我的其他项目提供一些无耻的晋升。 我目前正在构建GitHub应用程序 ,该应用程序为您打开的每个请求创建一个基于Docker的测试环境,并在请求本身中发送指向该环境的链接作为注释。 这是什么? ASP .NET Core的最简单的LetsEncrypt设置。 几乎不需要服务器配置。 Install-Package FluffySpoon.AspNet.EncryptWeMust 该项目以前称为FluffySpoon.AspNet.LetsEncrypt ,但是由于FluffySpoon.AspNet.LetsEncrypt提出了商标主张,我们不得不对其进行重命名。 现在,该名称沿用Yoda Speak。 要求 红est(默认) ASP .NET Core 2.1及更高版本 永远在线的应用程序池 获取永远在线的应用程序池 这是必需的,因为续签作业在后台线程上运行,并且每小时轮询
First some shameless promotion for my other project. **I'm currently building the GitHub app [Pull Dog](https://dogger.io)**, which creates a Docker-based test environment for every pull request you open, and send a link to the environment right in the pull request itself, as a comment. # What is this? The simplest LetsEncrypt setup for ASP .NET Core. Almost no server configuration needed. `Install-Package FluffySpoon.AspNet.EncryptWeMust` **This project used to be called `FluffySpoon.AspNet.LetsEncrypt`, but due to a trademark claim from LetsEncrypt, we had to rename it. The name now follows Yoda Speak.** # Requirements - Kestrel (which is default) - ASP .NET Core 2.1+ - An always-on app-pool ## Getting an always-on app pool This is required because the renewal job runs on a background thread and polls once every hour to see if the certificate needs renewal (this is a very cheap operation). It can be enabled using __just one__ the following techniques: - Enabling Always On if using Azure App Service. - Setting `StartMode` of the app pool to `AlwaysRunning` if using IIS. - Hosting your ASP .NET Core application as a Windows Service. # Usage example If you want to try it yourself, you can also browse the sample project code here: https://github.com/ffMathy/FluffySpoon.AspNet.EncryptWeMust/tree/master/src/FluffySpoon.AspNet.EncryptWeMust.Sample ## Configure the services Add the following code to your `Startup` class' `ConfigureServices` method with real values instead of the sample values: _Note that you can set either `TimeUntilExpiryBeforeRenewal`, `TimeAfterIssueDateBeforeRenewal` or both, but at least one of them has to be specified._ ```csharp //the following line adds the automatic renewal service. services.AddFluffySpoonLetsEncrypt(new LetsEncryptOptions() { Email = "some-email@github.com", //LetsEncrypt will send you an e-mail here when the certificate is about to expire UseStaging = false, //switch to true for testing Domains = new[] { DomainToUse }, TimeUntilExpiryBeforeRenewal = TimeSpan.FromDays(30), //renew automatically 30 days before expiry TimeAfterIssueDateBeforeRenewal = TimeSpan.FromDays(7), //renew automatically 7 days after the last certificate was issued CertificateSigningRequest = new CsrInfo() //these are your certificate details { CountryName = "Denmark", Locality = "DK", Organization = "Fluffy Spoon", OrganizationUnit = "Hat department", State = "DK" } }); //the following line tells the library to persist the certificate to a file, so that if the server restarts, the certificate can be re-used without generating a new one. services.AddFluffySpoonLetsEncryptFileCertificatePersistence(); //the following line tells the library to persist challenges in-memory. challenges are the "/.well-known" URL codes that LetsEncrypt will call. services.AddFluffySpoonLetsEncryptMemoryChallengePersistence(); ``` ## Inject the middleware Inject the middleware in the `Startup` class' `Configure` method as such: ```csharp public void Configure() { app.UseFluffySpoonLetsEncrypt(); } ``` ## Set default bindings Call UseUrls with http://* and https://* in Program.cs ```csharp public static IHostBuilder CreateHostBuilder(string[] args) => Host.CreateDefaultBuilder(args) .ConfigureWebHostDefaults(webBuilder => { webBuilder.UseUrls(new string[] { "http://*", "https://*" }); webBuilder.UseStartup<Startup>(); }); ``` Tada! Your application now supports SSL via LetsEncrypt, even from the first HTTPS request. It will even renew your certificate automatically in the background. # Optional: Configuring persistence Persistence tells the middleware how to persist and retrieve the certificate, so that if the server restarts, the certificate can be re-used without generating a new one. A certificate has a _key_ to distinguish between certificates, since there is both an account certificate and a site certificate that needs to be stored. ## File persistence ```csharp services.AddFluffySpoonLetsEncryptFileCertificatePersistence(); services.AddFluffySpoonLetsEncryptFileChallengePersistence(); ``` ## Custom persistence ```csharp services.AddFluffySpoonLetsEncryptCertificatePersistence(/* your own ILetsEncryptPersistence implementation */); services.AddFluffySpoonLetsEncryptChallengePersistence(/* your own ILetsEncryptPersistence implementation */); //you can also customize persistence via delegates. services.AddFluffySpoonLetsEncryptCertificatePersistence( async (key, bytes) => File.WriteAllBytes("certificate_" + key, bytes), async (key) => File.ReadAllBytes("certificate_" + key, bytes)); //the same can be done for challenges, with different arguments. services.AddFluffySpoonLetsEncryptChallengePersistence( async (challenges) => ... /* Do something to serialize the collection of challenges and store it */, async () => ... /* Retrieve the stored collection of challenges */, async (challenges) => ... /* Delete the specified challenges */); ``` ## Entity Framework persistence Requires the NuGet package `FluffySpoon.AspNet.EncryptWeMust.EntityFramework`. ```csharp // Certificate and Challenge in this example are database model classes that have been configured with the database context. class Certificate { [Key] public string Key { get; set; } public byte[] Bytes { get; set; } } public class Challenge { [Key] public string Token { get; set; } public string Response { get; set; } public int Type { get; set; } public string Domains { get; set; } } //we only have to instruct how to add the certificate - `databaseContext.SaveChangesAsync()` is automatically called. services.AddFluffySpoonLetsEncryptEntityFrameworkCertificatePersistence<DatabaseContext>( async (databaseContext, key, bytes) => { var existingCertificate = databaseContext.Certificates.SingleOrDefault(x => x.Key == key); if (existingCertificate != null) { existingCertificate.Bytes = bytes; } else { databaseContext.Certificates.Add(new Certificate() { Key = key, Bytes = bytes }); } }, async (databaseContext, key) => databaseContext .Certificates .SingleOrDefault(x => x.Key == key) ?.Bytes); //the same can be done for challenges services.AddFluffySpoonLetsEncryptEntityFrameworkChallengePersistence<DatabaseContext>( async (databaseContext, challenges) => databaseContext .Challenges .AddRange( challenges.Select(x => new Challenge() { Token = x.Token, Response = x.Response, Type = (int)x.Type, Domains = String.Join(",", x.Domains) })), async (databaseContext) => databaseContext .Challenges .Select(x => new ChallengeDto() { Token = x.Token, Response = x.Response, Type = (ChallengeType)x.Type, Domains = x.Domains.Split(',', StringSplitOptions.RemoveEmptyEntries) }), async (databaseContext, challenges) => databaseContext .Challenges .RemoveRange( databaseContext .Challenges .Where(x => challenges.Any(y => y.Token == x.Token)) )); ``` ## Distributed cache (Redis etc) persistence Requires: - The NuGet package `FluffySpoon.AspNet.EncryptWeMust.DistributedCache`. - A configured distributed cache in ASP .NET Core using the `services.AddDistributedRedisCache()` or similar. ```csharp services.AddFluffySpoonLetsEncryptDistributedCertificatePersistence(expiry: TimeSpan.FromDays(30)); services.AddFluffySpoonLetsEncryptDistributedChallengePersistence(expiry: TimeSpan.FromHours(1)); ``` # Azure App Service Using this project when running as an Azure App Service requires a few things. Firstly the App Service Plan needs to have the "Custom domains / SSL" feature (currently B1 for testing, S1 for production are the lowest supported). Secondly you should use the `AzureAppServiceSslBindingCertificatePersistenceStrategy` strategy: ```csharp services.AddFluffySpoonLetsEncryptAzureAppServiceSslBindingCertificatePersistence( new AzureOptions
    • github-cdn::satellite:Github CDN服务器
      :satellite: Github CDN 是的 Github上用于回购资产的非官方内容交付网络。 :white_medium_star: 产品特点 获取回购元数据:分支机构,标签和PR 服务回购和Gist文件 即时访问被推送到Github的新更改* 非常适合...
    • serve:通过github页面的文件服务器
      服务 通过github页面的文件服务器
    • github-city-rankings-automated:西班牙的自动化服务器 GitHub 排名。 github-city
      Github 城市排名自动化 该项目是 的一个分支(witch 是的的一个分支) 用法 首先,创建要放置数据的目录。 您必须在项目文件夹中创建它(请参阅 config.json) +top-github-users-data |-- data |--formatted ...
    • PRLint-serverless:无服务器github webhook,用于检查PR标题的格式,以支持standard-ver
      公关皮棉 无服务器github webhook,用于检查PR标题的格式,以支持standard-version。
    • github状态
      由于该项目在GitHub Actions上运行,因此不需要服务器就可以定期使用更新的统计信息重新生成图像。 同样,由于用户自己通过GitHub Actions运行分析代码,因此他们可以使用GitHub访问令牌收集外部服务将无法访问的...
    • serverless-actions:无服务器GitHub动作
    • mcmatthevan.github.io:Palgania服务器网站
      mcmatthevan.github.io Palgania服务器网站
    • github状态
      由于该项目在GitHub Actions上运行,因此不需要服务器就可以定期使用更新的统计信息重新生成图像。 同样,由于用户通过GitHub Actions自己运行分析代码,因此他们可以使用GitHub访问令牌收集外部服务无法访问的私有...
    • 入门:使用无服务器功能扩展GitHub Enterprise
      当前,将GitHub Enterprise集成到SDLC中需要假设每个SDLC工作流程都始于GitHub Enterprise。 我们的业务合作伙伴将GitHub Enterprise视为客户购买整体工具链中的众多产品之一。 随着GitHub Enterprise演变为...
    • github状态
      由于该项目在GitHub Actions上运行,因此不需要服务器就可以定期使用更新的统计信息重新生成图像。 同样,由于用户自己通过GitHub Actions运行分析代码,因此他们可以使用GitHub访问令牌收集外部服务将无法访问的...