Hosting ASP.NET Core 2.0 Web Api on Azure Ubuntu Server with Nginx and Mutual SSL Authentication (PART 3)

PART 3: Configuring Azure Network Security Group, Publishing .Net Core Web Api

In this post series, I will step by step show you how to host a ASP.NET Core 2.0 Web Api which is using mutual SSL authentication on a Azure Ubuntu Server using Nginx as the reverse proxy server and Kestrel as the default application server.

In this part we will see how to configure Azure Network Security Group and publishing Asp.Net Core Web Api to Ubuntu Linux server.

For information about how to deploy an Ubuntu Server in Azure check part-1 of this series.

For information about how to setup .Net Core SDK 2.0 and Nginx on Ubuntu Linux check part-2 of this series.

For information about how to setup a service to manage kestrel process, creating self-signed SSL certificate and configuring Nginx as a reverse proxy server check part-4 of this series.

For information about how to setup mutual SSL for client authentication and passing client certificate data to Asp.Net Core Web Api using HTTP headers check part-5 of this series.

Configure Azure Network Security Group for Inbound Port Rules

To manage inbound and outbound ports click on the “Networking” category in your Azure instance management page.

We will add 2 inbound port rules for web access ports (http port 80 and https port 443). Click on the “Add inbound port rule” button.

In the opened view select “HTTP” from the “Service” select box. Leave other fields as default and click “Ok”. Do the same thing for “HTTPS”.

We will add 2 inbound port rules for FTP functionality. (I will transfer the published content from my development machine to Ubuntu server by using ftp. It is not secure to transfer files via ftp but to keep it simple in this tutorial I’m using ftp. If you don’t want to use ftp do not open these ports!)

Click on the “Add inbound port rule” button. In the opened view select “FTP” from the “Service” select box. Leave other fields as default and click “Ok”.

Click on the “Add inbound port rule” button. In the opened view select “Custom” from the “Service” select box. Enter “40000–50000” to the “Port range” field. Write “FtpPassivePorts” to the “Name” field and click “Ok”.

Configure Ubuntu for FTP Access

I will use vsftpd as my FTP server in Ubuntu Linux. To set up vsftpd on Ubuntu 17.04do the following:

sudo apt-get update

sudo apt-get install vsftpd

Before changing the vsftpd configuration take a backup of the config file as a precaution:

sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.orig

Add a user for ftp usage:

sudo adduser mcftp

Add the created user to vsftpd.userlist:

echo "mcftp" | sudo tee -a /etc/vsftpd.userlist

Create an ftp directory to serve as the chroot and a writable files directory to hold the actual files:

sudo mkdir /home/mcftp/ftp

sudo chown nobody:nogroup /home/mcftp/ftp

sudo chmod a-w /home/mcftp/ftp

sudo mkdir /home/mcftp/ftp/files

sudo chown mcftp:mcftp /home/mcftp/ftp/files

Open the vsftp.config file for ftp configuration:

sudo nano /etc/vsftpd.conf

Uncomment the following statements:

write_enable=YES

chroot_local_user=YES

Add the following statements to the end of file:

user_sub_token=$USER
local_root=/home/$USER/ftp
pasv_min_port=40000
pasv_max_port=50000
userlist_enable=YES
userlist_file=/etc/vsftpd.userlist
userlist_deny=NO

Restart the daemon to load the configuration changes:

sudo systemctl restart vsftpd

Install unzip

We need unzip tool to unzip the publish output that we will transfer.

sudo apt-get update

sudo apt-get install unzip

Publish ASP.Net Core 2.0 Web Api to a Folder

Open the ASP.Net Core 2.0 Web Api project with Visual Studio and select “Publish”

Choose “Folder” for “Target”.

Select the desired output folder and click “Ok”.

When you click on “Publish” button all necessary files to host the web api will be moved to the target folder.

Zip the contents of this folder (PublishOutput.zip)

Sending Documents from Development Machine via Ftp (It’s not secure!)

As I mentioned earlier this is just for the demonstration purposes. Sending files via ftp is not secure and should not be done in production environments!

Run the Windows command prompt and execute the following command (with your Azure instance DNS name):

ftp [ubuntu_server_dns_name]

Login with the newly created ftp user. And execute these:

cd files

put PublishOutput.zip

The PublishOutput.zip will be transferred to your Ubuntu Server.

Create a directory for .Net Core application on Ubuntu and copy the zip file:

mkdir webapi

sudo cp /home/mcftp/ftp/files/PublishOutput.zip /home/mc/webapi

Unzip the files to current directory:

cd webapi

sudo unzip PublishOutput.zip

Note: If the unzipped files are in a folder you can move the contents up one level by:

sudo mv PublishOutput/* .

Note: If you want to remove a directory with contents:

sudo rm -r PublishOutput

Now, our Asp.Net Core 2.0 web api files are transferred to Ubuntu server and ready for hosting.

Our series will continue with creating a service to manage Kestrel process, creating a self-signed SSL certificate and configuring Nginx as a reverse proxy web server.

Hope it helps!

Originally published at https://www.weboideas.com on November 24, 2017.