I am currently trying to build an API for a client interface-server interaction. I have decided to use ASP.NET Core for the API with Nginx as the hosting platform (On Ubuntu 18.04). Since ASP.NET uses Kestrel, we have set up a reverse proxy to forward requests from Nginx to Kestrel-- what is hosting the API. We have SSL set up on the NGINX server, however it is not set up on the Kestrel Server.
Simply put, I do not know how to set up SSL on the Kestrel Server with another layer of SSL on the NGINX side. How can I do this?
Model: Client --> GET Request over HTTPS --> NGINX with SSL --> HTTP Kestrel Server and vice versa
Output: SSL_PROTOCOL_ERROR
Temporary Solution: Use HTTP with port 5000 in the link.-- No error, however, data is not secure.
Optimal Solution: Use HTTPS without port 5000 in the link. Data is secure.
NGINX Config:
if ($host = api.OURSITENAME.co) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name api.OURSITENAME.co;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl http2;
include /etc/nginx/proxy_params;
server_name api.OURSITENAME.co;
access_log /var/log/nginx/api.access.log;
error_log /var/log/nginx/api.error.log error;
# SSL Configuration
ssl_certificate /etc/letsencrypt/live/api.OURSITENAME.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.OURSITENAME.co/privkey.pem; # managed by Certbot
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header Upgrade $http_upgrade;
location / {
proxy_pass http://172.18.0.2:5000; <-- Docker Container. Can easily be switched out with localhost if we want to run on dotnet directly.
}
}