Running .NET Core app on AWS Lightsail Linux instance. Part 2
Previous part is here.
Configuring Web Server
I chose nginx as web server because after research it looks like it is gaining a lot of popularity while second contender Apache2 is losing popularity.
First step is to ensure that your web server is working correctly. Because http port is opened in Amazon router and in your virtual PC you should be able to access it from outside from your browser. Just type http://<you static IP address> in your browser and press Enter. You should see standard nginx web page.
Next step is to make sure that nginx will not serve anything that is not specifically added. Edit file /etc/nginx/sites-available/default and replace it content with following:
server {
listen 80 default_server;
listen [::]:80 default_server;
return 444;
}
Execute these commands to check nginx syntax and reload nginx configuration:
sudo nginx -t
sudo nginx -s reload
After that, if you reload your web page from browser, you should see error 444 (Connection reset) message in your browser. This is important step and good security practice. Remember it is easy to do at the beginning but quite stressful to do after you got hacked.
Creating your website
Now create file /etc/nginx/sites-available/www.example.com with following content:
server {
listen 80;
listen [::]:80;
server_name example.com *.example.com;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
And then execute following command to create link from your file to sites-available directory:
sudo ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/
After that execute commands above for checking nginx syntax and reload. If you refresh your browser now, you will still get error 444 (Connection reset) because nginx did not match you static IP address to www.example.com. You have to edit hosts file on your computer and add new record. For example, on windows this file located at C:\Windows\System32\drivers\etc. You need to add this line to this file:
1.2.3.4 www.example.com
Instead of 1.2.3.4 you have to use your static IP. Now if you refresh browser you should get error 502 (Bad Gateway) because there is nothing running at localhost:5000. Please remember to remove it after you start using it for real.
Deploying .NET Core application
For next step I suggest creating simple ASP.NET Core Web Application. Then select Web Application (Model-View-Controller). Then go to directory with application and execute this command:
dotnet publish -c Release -f netcoreapp3.1 -o ..\Publish\Current
Again, it is possible to deploy source code on server and run it from there, but it is not secure approach. Remember, you have to put as many walls as possible between hackers and their goal. Remember it is quite rare that hacker would like to hack specifically your site/server. Usually, they are looking for easy prey. And every wall you add on their way, will increase time to hack considerably and reduce attractiveness of your site. Remember hackers work for profit too :)
Copy content of ..\Publish\Current to your virtual PC. Let’s assume you copy it to /home/user/Current directory on your Linux machine. Enter that directory and run following command:
dotnet Project.dll
Project is name of your project. If your project named ABC, then name of your file will be ABC.dll. After that you go to your browser and refresh page you should be able to see standard MVC web page.
After that you can try to deploy your own project and see if it works correctly.
Just in case, we are not finished. You will not the way to run your application this way normally. We did it for test to make sure that all bits work correctly together.
Next part is here.