Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Creating A .NET Windows Docker Container With Internal IIS SSL (From PFX File) and HTTPS Support
# The following won't work as-is, I use '<>' to denote variables you need to replace, including a name so you can keep them straight!
# A list of all of them, for searching follows.
# app_directory
# app_name
# ssl_password
# ssl_name
#base machine is meant to contain IIS as well as asp/.net requirements
FROM microsoft/aspnet
#Expose port 443 to allow incoming traffic over the default HTTPS port
EXPOSE 443
#create a folder on the container to hold the code
RUN New-Item C:\<app_directory> -type directory
#Set the newly created folder in docker as the working directory for subsequent commands
WORKDIR 'C:\<app_directory>'
#Copy everything from where you are on host to the working directory in docker (this folder should contain your SSL cert)
COPY ./ .
#delete "basic" website so port 80 is open, and to prevent running it alongside the real app
RUN Remove-WebSite -Name 'Default Web Site'
#create new website based on the code. You need to pass port as 443, and the Ssl parameters in order to correctly setup SSL/HTTPS.
RUN New-Website -Name '<app_name>' -IPAddress '*' -Port 443 -PhysicalPath C:\<app_directory> -ApplicationPool '.NET v4.5' -Ssl -SslFlags 0
RUN powershell.exe -Command "\
# The following 2 imports are necessary to do the below SslBindings ; \
Import-Module IISAdministration; \
Import-Module WebAdministration; \
# If you have a password on your SSL Cert, put it here as it needs "secured". If not, remove this line and the argument below it; \
$pwd = ConvertTo-SecureString -String '<ssl_password>' -Force -AsPlainText; \
# Import the certificate and store it in a variable to bind to later; \
$cert = Import-PfxCertificate -Exportable -FilePath 'C:\<app_directory>\<ssl_name>.pfx' -CertStoreLocation cert:\localMachine\My -Password $pwd; \
# Take the imported certificate and bind it to all traffic toward port 443 (you need to specify IP if you want multiple apps on 1 docker which I believe is ill-advised); \
new-item -Path IIS:\SslBindings\0.0.0.0!443 -value $cert;"
@khofesh
Copy link

khofesh commented Sep 3, 2021

thank you.
I've been looking for this

@tito433
Copy link

tito433 commented Jun 11, 2022

Thank you very much.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment