How to deploy a .NET app on a RONIN Windows Server with HTTPS

How to deploy a .NET app on a RONIN Windows Server with HTTPS

How to Deploy an ASP.NET Core App with HTTPS on Windows Server 2022 (Directly on Server)

Deploying web applications to a server can seem daunting, but it doesn't have to be. In this guide, we'll walk through the process of deploying a simple "Hello, World!" ASP.NET Core application on Windows Server 2022 directly on the server, with HTTPS.

Prerequisites:

  • A Windows Server 2022 machine within RONIN.
    • For public access, ensure your RONIN security group has port 443 open. You may need to request this from your RONIN administrator.
  • Basic understanding of Windows Server and IIS.
⚠️
Opening ports to a server should be carefully considered as it greatly increases your security risk.

Explore alternatives like restricting access to your VPN, utilising port forwarding techniques, and adhering to strict IIS security practices to minimise exposure before commiting to this approach.

1. Setting Up the Development Environment on Windows Server 2022

Since we're developing directly on the server, we'll install all necessary tools there.

  • Install the .NET SDK:
  • Install Visual Studio Code (VS Code) with the C# Dev Kit:
  • Installing IIS on Windows Server 2022:
    • Open Server Manager.
    • Click "Add roles and features."
    • Click "Next" until you reach "Server Roles."
    • Select "Web Server (IIS)."
    • Click "Next" to "Features," and ensure ".NET Extensibility" and "ASP.NET" features are selected.  
    • Click "Next" and then "Install."
  • .NET Core Hosting Bundle:
  • Install Chocolatey and OpenSSL:
    • Open PowerShell as an administrator.

Install Chocolatey by running:

Set-ExecutionPolicy Bypass -Scope Process -Force; [System.Net.ServicePointManager]::SecurityProtocol = [System.Net.ServicePointManager]::SecurityProtocol -bor 3072; iex ((New-Object System.Net.WebClient).DownloadString('https://community.chocolatey.org/install.ps1'))

Close the powershell window and reopen it so the choco command works

Then install OpenSSL by running:

choco install openssl

2. Creating and Publishing the ASP.NET Core App

  • Open VS Code and open a new terminal.
  • The "publish" folder now contains the application files.

Run the following commands:

dotnet new webapp -n SimpleWebApp
cd SimpleWebApp
mkdir publish
dotnet publish -c Release -o publish

3. Obtaining an SSL Certificate and Generating a PFX

Run the following command, replacing the privatekey and certificate with your files from ssls.com:

openssl pkcs12 -export -out certificate.pfx -inkey privateKey.key -in certificate.crt
  • Replace "certificate.pfx," "privateKey.key," and "certificate.crt" with your actual file names.
  • You'll be prompted to set a password for the PFX file. Store this password securely.

4. Configuring SSL in IIS

  • Open IIS Manager.
  • Right-click "Sites" and select "Add Website."
  • Website name: "SimpleWebApp."
  • Physical path: Browse to the "publish" folder.
  • Application Pool: Set the .NET CLR version to "No Managed Code."
  • Binding:
    • Type: "https."
    • Port: "443."
    • Domain: your machine DNS in RONIN (i.e. hello-world.ronin.cloud)
    • SSL certificate: Select the PFX certificate you created.
  • Click "OK."

5. Allowing Windows Firewall Traffic

  • Open "Windows Firewall with Advanced Security."
  • Click "Inbound Rules" and then "New Rule."
  • Select "Port" and click "Next."
  • Select "TCP" and enter "443" in "Specific local ports."
  • Click "Next" through the remaining steps and give the rule a name (e.g., "HTTPS Inbound").
  • Click "Finish."

6. Additional Considerations

  • Security: Always use strong passwords and keep your server and software updated.
  • Logging: Enable IIS logging to track application activity and errors.
  • HTTPS Redirection: Redirect HTTP traffic to HTTPS. This can be done within IIS or in your .NET Core application using the HttpsRedirection middleware.
  • HSTS (HTTP Strict Transport Security): Enable HSTS in your application to force browsers to use HTTPS.

By following these steps, you'll have a simple ASP.NET Core application running on Windows Server 2022 with HTTPS.