How to deploy a .NET app on a RONIN Windows Server with HTTPS

How to Deploy an ASP.NET Core App with HTTPS on Windows Server 2022 (Directly on Server)
Deploying web applications to a server can seem daunting, but it doesn't have to be. In this guide, we'll walk through the process of deploying a simple "Hello, World!" ASP.NET Core application on Windows Server 2022 directly on the server, with HTTPS.
Prerequisites:
- A Windows Server 2022 machine within RONIN.
- For public access, ensure your RONIN security group has port 443 open. You may need to request this from your RONIN administrator.
- Basic understanding of Windows Server and IIS.
Explore alternatives like restricting access to your VPN, utilising port forwarding techniques, and adhering to strict IIS security practices to minimise exposure before commiting to this approach.
1. Setting Up the Development Environment on Windows Server 2022
Since we're developing directly on the server, we'll install all necessary tools there.
- Install the .NET SDK:
- Head to the official Microsoft .NET download page:https://dotnet.microsoft.com/download
- Download and install the latest .NET SDK for Windows Server 2022.
- Install Visual Studio Code (VS Code) with the C# Dev Kit:
- Download VS Code from: https://code.visualstudio.com/
- Install the "C# Dev Kit" extension from the VS Code Extensions marketplace.
- Installing IIS on Windows Server 2022:
- Open Server Manager.
- Click "Add roles and features."
- Click "Next" until you reach "Server Roles."
- Select "Web Server (IIS)."
- Click "Next" to "Features," and ensure ".NET Extensibility" and "ASP.NET" features are selected.
- Click "Next" and then "Install."
- .NET Core Hosting Bundle:
- Go to the Microsoft .NET download page: https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/iis/hosting-bundle?view=aspnetcore-9.0
- Download the latest version of the ".NET Hosting Bundle"
- Run the downloaded installer.
- Install Chocolatey and OpenSSL:
- Open PowerShell as an administrator.
Install Chocolatey by running:
Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))
Close the powershell window and reopen it so the choco
command works
Then install OpenSSL by running:
choco install openssl
2. Creating and Publishing the ASP.NET Core App
- Open VS Code and open a new terminal.
- The "publish" folder now contains the application files.
Run the following commands:
dotnet new webapp -n SimpleWebApp
cd SimpleWebApp
mkdir publish
dotnet publish -c Release -o publish
3. Obtaining an SSL Certificate and Generating a PFX
- Navigate to ssls.com and obtain a Positive SSL certificate.
- Download the certificate and the private key files (typically PEM and KEY files).
- Open a Command Prompt or PowerShell and navigate to the directory containing your PEM and KEY files.
Run the following command, replacing the privatekey and certificate with your files from ssls.com:
openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
- Replace "certificate.pfx," "privateKey.key," and "certificate.crt" with your actual file names.
- You'll be prompted to set a password for the PFX file. Store this password securely.
4. Configuring SSL in IIS
- Open IIS Manager.
- Right-click "Sites" and select "Add Website."
- Website name: "SimpleWebApp."
- Physical path: Browse to the "publish" folder.
- Application Pool: Set the .NET CLR version to "No Managed Code."
- Binding:
- Type: "https."
- Port: "443."
- Domain: your machine DNS in RONIN (i.e. hello-world.ronin.cloud)
- SSL certificate: Select the PFX certificate you created.
- Click "OK."
5. Allowing Windows Firewall Traffic
- Open "Windows Firewall with Advanced Security."
- Click "Inbound Rules" and then "New Rule."
- Select "Port" and click "Next."
- Select "TCP" and enter "443" in "Specific local ports."
- Click "Next" through the remaining steps and give the rule a name (e.g., "HTTPS Inbound").
- Click "Finish."
6. Additional Considerations
- Security: Always use strong passwords and keep your server and software updated.
- Logging: Enable IIS logging to track application activity and errors.
- HTTPS Redirection: Redirect HTTP traffic to HTTPS. This can be done within IIS or in your .NET Core application using the HttpsRedirection middleware.
- HSTS (HTTP Strict Transport Security): Enable HSTS in your application to force browsers to use HTTPS.
By following these steps, you'll have a simple ASP.NET Core application running on Windows Server 2022 with HTTPS.