Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

My experience configuring this resource #3

Open
marinasundstrom opened this issue Apr 28, 2024 · 3 comments
Open

My experience configuring this resource #3

marinasundstrom opened this issue Apr 28, 2024 · 3 comments

Comments

@marinasundstrom
Copy link

Here are some of my experiences configuring this resource.

I copied the code and modified it to work with SSL/HTTPS.

The first problem was that the SlimBuilder didn't configure SSL. So had to add that:

I tried this but it didn't work:

var builder = WebApplication.CreateSlimBuilder();
builder.WebHost.UseKestrelHttpsConfiguration(); //Added

I guess that I missed something here.

Instead:

var builder = WebApplication.CreateBuilder();

I also had to change the scheme for the routes since my apps use https (which might not be necessary to run as):

builder.Resource.ClusterConfigs[target.Resource.Name] = new()
{
    ClusterId = target.Resource.Name,
    Destinations = new Dictionary<string, DestinationConfig>
    {
        [target.Resource.Name] = new() { Address = $"http://{target.Resource.Name}" }
    }
};

Change part of the string literal to ```https``:

[target.Resource.Name] = new() { Address = $"https://{target.Resource.Name}" }

For the dev certificate to work you need to set the environment variable:

.WithEnvironment("ASPNETCORE_ENVIRONMENT", "Development")

In some cases perhaps UseHttpsRedirection would be necessary too.

Full config:

builder.AddYarp("ingress")
       .WithEndpoint(port: 5174, scheme: "https")
       .WithEnvironment("ASPNETCORE_ENVIRONMENT", "Development")
       .Route("portal", path: "/", target: portal)
       .Route("appservice", path: "/api", target: appservice)
       .Route("identityservice", path: "/api/identityservice", target: identityManagement)
       .Route("notifications", path: "/api/notifications", target: notifications);
@bjornstensberg
Copy link

Thanks, this saved me some time.

I had an issue where the certificates alt name has to be the hostname of the app(?).
For instance:
builder.AddProject<Projects.Api>("api");

Yarp tries to resolve https://api/endpoint, and when your dev cert is only signed for localhost you will get a RemoteCertificateNameMismatch error.

Guessing the best way is to buypass ssl check on local development?

@marinasundstrom
Copy link
Author

marinasundstrom commented May 2, 2024
edited
Loading

@bjornstensberg I've had that problem too, I would like to get those ServiceDiscovery URLs with SSL to work too.

I have to bypass it by specifying the localhost address with the actual port, in the YARP config.

But then, I guess that non-SSL is acceptable within a cloud. It is just that the public endpoint is protected.

@StevenTCramer
Copy link

@davidfowl Is there a working example of YARP in Aspire using SSL? I end up on this issue but I can't figure out a solution.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@StevenTCramer @marinasundstrom @bjornstensberg