Running .NET Core app on AWS Lightsail Linux instance. Part 4

April 1. 2021 0 Comments

Posted in:
.NET
Linux

Previous part is here.

DNS

Firstly, you need domain name. “You can purchase a domain name from Namecheap, get one for free with Freenom, or use the domain registrar of your choice”. Then follow instructions on how to setup A record. Because you have static IP it will be really easy to do. For example from Namecheap instructions are here.

Keep in mind that it could take up to 24 hours to propagate changes. But if you never accessed your domain before, then it should work in few minutes. Remove your changes from hosts file on your computer and when changes are propagated, you should be able to refresh your browser and see your site with proper DNS name.

Enabling Https

At this point we have properly set website that works over http protocol. But as we all know http is not secure and all sites should work over https. Otherwise, browsers will display “Not secure” work and many search engines will rank you site lower. And almost all sites require https anyway.

You can buy SSL certificate but there is also good free option that works really well and really easy to setup.

For this you need to install certbot using this command:

sudo apt install certbot python3-certbot-nginx

Then run this bot to setup SSL certeficates using this command:

sudo certbot --nginx -d example.com -d www.example.com

It will ask you for email to notify when certificate is expired and ask if you want to redirect all traffic from http to https. Answer yes.

After that certbot will get certificate, update your nginx web site file and setup automatic renewal for your certificate.

The best part that there is nothing to do with .NET Core app because nginx will pass decrypted request to .NET Core app and then will encrypt response from .NET Core app. At least it is what I found. Double check just in case.

Go to browser and refresh page. And nginx will redirect from http to https and everything should work.

Next step is to validate that everything is working correctly from tech point of view. If you see output of certbot you will see that it recommended to validate Https of your site by opening these two urls:

https://www.ssllabs.com/ssltest/analyze.html?d=example.com
https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com

I recommend doing this to validate that everything is in fact correctly set.

Redirect to www

From all configuration work you probably see you can enter to your site by typing example.com or www.example.com. While it looks like exactly the same web site to you and your customers, to browser these are two different sites. Most authentication mechanisms used in modern sites are using cookies. Cookie is connected to host name and example.com and www.example.com are two different host names. There are some tricks to fix that, but then you may have complications from search engines etc. It is much simpler to just redirect from one host name to another. And it is quite simple to do. Open file /etc/nginx/sites-available/www.example.com and add these lines after line with server_name:

# Existing line
    server_name   example.com *.example.com;

# New lines
    if ($host = example.com) {
        return 301 https://www.$host$request_uri;
    }

After that when you try to open example.com, it will be properly redirected www.example.com.

At this point you have modern site that follows all current best practices.

As conclusion in my case everything works just great with cloudscribe under Linux and gain a lot of quite useful experience.

Next part is here.