Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Creating A .NET Windows Docker Container With Internal IIS SSL (From PFX File) and HTTPS Support
# The following won't work as-is, I use '<>' to denote variables you need to replace, including a name so you can keep them straight!
# A list of all of them, for searching follows.
# app_directory
# app_name
# ssl_password
# ssl_name
#base machine is meant to contain IIS as well as asp/.net requirements
FROM microsoft/aspnet
#Expose port 443 to allow incoming traffic over the default HTTPS port
EXPOSE 443
#create a folder on the container to hold the code
RUN New-Item C:\<app_directory> -type directory
#Set the newly created folder in docker as the working directory for subsequent commands
WORKDIR 'C:\<app_directory>'
#Copy everything from where you are on host to the working directory in docker (this folder should contain your SSL cert)
COPY ./ .
#delete "basic" website so port 80 is open, and to prevent running it alongside the real app
RUN Remove-WebSite -Name 'Default Web Site'
#create new website based on the code. You need to pass port as 443, and the Ssl parameters in order to correctly setup SSL/HTTPS.
RUN New-Website -Name '<app_name>' -IPAddress '*' -Port 443 -PhysicalPath C:\<app_directory> -ApplicationPool '.NET v4.5' -Ssl -SslFlags 0
RUN powershell.exe -Command "\
# The following 2 imports are necessary to do the below SslBindings ; \
Import-Module IISAdministration; \
Import-Module WebAdministration; \
# If you have a password on your SSL Cert, put it here as it needs "secured". If not, remove this line and the argument below it; \
$pwd = ConvertTo-SecureString -String '<ssl_password>' -Force -AsPlainText; \
# Import the certificate and store it in a variable to bind to later; \
$cert = Import-PfxCertificate -Exportable -FilePath 'C:\<app_directory>\<ssl_name>.pfx' -CertStoreLocation cert:\localMachine\My -Password $pwd; \
# Take the imported certificate and bind it to all traffic toward port 443 (you need to specify IP if you want multiple apps on 1 docker which I believe is ill-advised); \
new-item -Path IIS:\SslBindings\0.0.0.0!443 -value $cert;"
@khofesh

This comment has been minimized.

Copy link

@khofesh khofesh commented Sep 3, 2021

thank you.
I've been looking for this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment