Hosting ASP.NET Core 2.0 Web Api on Azure Ubuntu Server with Nginx and Mutual SSL Authentication (PART 3)
PART 3: Configuring Azure Network Security Group, Publishing .Net Core Web Api
In this post series, I will step by step show you how to host a ASP.NET Core 2.0 Web Api which is using mutual SSL authentication on a Azure Ubuntu Server using Nginx as the reverse proxy server and Kestrel as the default application server.
In this part we will see how to configure Azure Network Security Group and publishing Asp.Net Core Web Api to Ubuntu Linux server.
For information about how to deploy an Ubuntu Server in Azure check part-1 of this series.
For information about how to setup .Net Core SDK 2.0 and Nginx on Ubuntu Linux check part-2 of this series.
For information about how to setup a service to manage kestrel process, creating self-signed SSL certificate and configuring Nginx as a reverse proxy server check part-4 of this series.
For information about how to setup mutual SSL for client authentication and passing client certificate data to Asp.Net Core Web Api using HTTP headers check part-5 of this series.
Configure Azure Network Security Group for Inbound Port Rules
To manage inbound and outbound ports click on the “Networking” category in your Azure instance management page.
We will add 2 inbound port rules for web access ports (http port 80 and https port 443). Click on the “Add inbound port rule” button.
In the opened view select “HTTP” from the “Service” select box. Leave other fields as default and click “Ok”. Do the same thing for “HTTPS”.
We will add 2 inbound port rules for FTP functionality. (I will transfer the published content from my development machine to Ubuntu server by using ftp. It is not secure to transfer files via ftp but to keep it simple in this tutorial I’m using ftp. If you don’t want to use ftp do not open these ports!)
Click on the “Add inbound port rule” button. In the opened view select “FTP” from the “Service” select box. Leave other fields as default and click “Ok”.
Click on the “Add inbound port rule” button. In the opened view select “Custom” from the “Service” select box. Enter “40000–50000” to the “Port range” field. Write “FtpPassivePorts” to the “Name” field and click “Ok”.
Configure Ubuntu for FTP Access
I will use vsftpd as my FTP server in Ubuntu Linux. To set up vsftpd on Ubuntu 17.04do the following:
sudo apt-get update
sudo apt-get install vsftpd
Before changing the vsftpd configuration take a backup of the config file as a precaution:
sudo cp /etc/vsftpd.conf /etc/vsftpd.conf.origAdd a user for ftp usage:
sudo adduser mcftpAdd the created user to vsftpd.userlist:
echo "mcftp" | sudo tee -a /etc/vsftpd.userlistCreate an ftp directory to serve as the chroot and a writable files directory to hold the actual files:
sudo mkdir /home/mcftp/ftp
sudo chown nobody:nogroup /home/mcftp/ftp
sudo chmod a-w /home/mcftp/ftp
sudo mkdir /home/mcftp/ftp/files
sudo chown mcftp:mcftp /home/mcftp/ftp/files
Open the vsftp.config file for ftp configuration:
sudo nano /etc/vsftpd.confUncomment the following statements:
write_enable=YES
chroot_local_user=YES
Add the following statements to the end of file:
user_sub_token=$USERlocal_root=/home/$USER/ftppasv_min_port=40000pasv_max_port=50000userlist_enable=YESuserlist_file=/etc/vsftpd.userlistuserlist_deny=NO
Restart the daemon to load the configuration changes:
sudo systemctl restart vsftpdInstall unzip
We need unzip tool to unzip the publish output that we will transfer.
sudo apt-get update
sudo apt-get install unzip
Publish ASP.Net Core 2.0 Web Api to a Folder
Open the ASP.Net Core 2.0 Web Api project with Visual Studio and select “Publish”
Choose “Folder” for “Target”.
Select the desired output folder and click “Ok”.
When you click on “Publish” button all necessary files to host the web api will be moved to the target folder.
Zip the contents of this folder (PublishOutput.zip)
Sending Documents from Development Machine via Ftp (It’s not secure!)
As I mentioned earlier this is just for the demonstration purposes. Sending files via ftp is not secure and should not be done in production environments!
Run the Windows command prompt and execute the following command (with your Azure instance DNS name):
ftp [ubuntu_server_dns_name]Login with the newly created ftp user. And execute these:
cd files
put PublishOutput.zip
The PublishOutput.zip will be transferred to your Ubuntu Server.
Create a directory for .Net Core application on Ubuntu and copy the zip file:
mkdir webapi
sudo cp /home/mcftp/ftp/files/PublishOutput.zip /home/mc/webapi
Unzip the files to current directory:
cd webapi
sudo unzip PublishOutput.zip
Note: If the unzipped files are in a folder you can move the contents up one level by:
sudo mv PublishOutput/* .Note: If you want to remove a directory with contents:
sudo rm -r PublishOutputNow, our Asp.Net Core 2.0 web api files are transferred to Ubuntu server and ready for hosting.
Our series will continue with creating a service to manage Kestrel process, creating a self-signed SSL certificate and configuring Nginx as a reverse proxy web server.
Hope it helps!
Originally published at https://www.weboideas.com on November 24, 2017.
