Running .NET Core app on AWS Lightsail Linux instance. Part 2

Previous part is here.

Configuring Web Server

I chose nginx as web server because after research it looks like it is gaining a lot of popularity while second contender Apache2 is losing popularity.

First step is to ensure that your web server is working correctly. Because http port is opened in Amazon router and in your virtual PC you should be able to access it from outside from your browser. Just type https://<you static IP address> in your browser and press Enter. You should see standard nginx web page.

Next step is to make sure that nginx will not serve anything that is not specifically added. Edit file /etc/nginx/sites-available/default and replace it content with following:

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	return   444;
}

Execute these commands to check nginx syntax and reload nginx configuration:

sudo nginx -t
sudo nginx -s reload

After that, if you reload your web page from browser, you should see error 444 (Connection reset) message in your browser. This is important step and good security practice. Remember it is easy to do at the beginning but quite stressful to do after you got hacked.

Creating your website

Now create file /etc/nginx/sites-enabled/www.example.com with following content:

server {
    listen        80;
    server_name   example.com *.example.com;
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

And then execute following command to create link from your file to sites-available directory:

sudo ln -s /etc/nginx/sites-available/www.example.com /etc/nginx/sites-enabled/

After that execute commands above for checking nginx syntax and reload. If you refresh your browser now, you will still get error 444 (Connection reset) because nginx did not match you static IP address to www.example.com. You have to edit hosts file on your computer and add new record. For example, on windows this file located at C:\Windows\System32\drivers\etc. You need to add this line to this file:

1.2.3.4 www.example.com

Instead of 1.2.3.4 you have to use your static IP. Now if you refresh browser you should get error 502 (Bad Gateway) because there is nothing running at localhost:5000.

Deploying .NET Core application

For next step I suggest creating simple ASP.NET Core Web Application. Then select Web Application (Model-View-Controller). Then go to directory with application and execute this command:

dotnet publish -c Release -f netcoreapp3.1 -o ..\Publish\Current

Again, it is possible to deploy source code on server and run it from there, but it is not secure approach. Remember, you have to put as many walls as possible between hackers and their goal. Remember it is quite rare that hacker would like to hack specifically your site/server. Usually, they are looking for easy prey. And every wall you add on their way, will increase time to hack considerably and reduce attractiveness of your site. Remember hackers work for profit too :)

Copy content of ..\Publish\Current to your virtual PC. Let’s assume you copy it to /home/user/Current directory on your Linux machine. Enter that directory and run following command:

dotnet Project.dll

Project is name of your project. If your project named ABC, then name of your file will be ABC.dll. After that you go to your browser and refresh page you should be able to see standard MVC web page.

After that you can try to deploy your own project and see if it works correctly.

Just in case, we are not finished. You will not the way to run your application this way normally. We did it for test to make sure that all bits work correctly together.

Next part is here.

Comments

Post comment