Running .NET Core app on AWS Lightsail Linux instance. Part 5

Previous part is here.

I found that I was missed one critical part that I did in my application but forgot to explain here. Let me explain little bit. Effectively secure communication via HTTPS protocol happens between browser and nginx that is web server. Nginx communicates with .NET application via HTTP protocol. And effectively .NET application believes that it is communicating via HTTP. It called SSL termination.

And as result .NET application can return something that is not compatible with HTTPS protocol. In my case it returns link to profile from Gravatar service via HTTP. This in turn leads to complain from web browser that there is mixed content: HTTP and HTTPS. And that one only minor problem but there are bunch more of much more serial problems related to this, but they are much more complex to explain.

But how to fix this? It looks like we should introduce some flag that states that original connection is actually happens via HTTPS and not HTTP. Then everywhere in our code that returns link we should check protocol we are using or that special flag. Obviously, it is not easy task, especially if you are using 3rd party libraries or if it is ASP.NET library.

And turns out that Microsoft already solved this problem. There is special field in request that should be added in our web site nginx configuration and we already did that part:

proxy_set_header   Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Proto $scheme;

But what I forgot to mention that there also should be change in your application to process these flags. Firstly, you add this code as first line of ConfigureServices method of Startup.cs file:

services.Configure<ForwardedHeadersOptions>(options =>
    options.ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;

And then you add this code in Configure method of Startup.cs file:


Usually, it should be first line. You can read more on this in Microsoft help, but basically it is what do all magic and your application believes that it is running over HTTPS protocol and everything start to work correctly.

I hope it helps someone. In next posts I will tell about app_offline.htm to put your website under maintenance, how to automate deployment and do backups.


Post comment