HttpListener doesn't work with https on windows dockers

[PeshkoBeshko]

.Net Core version: 3.1
OS: Windows 10 (1903)
Docker version: 19.03.5

Hi

I'm doing my first proof of concept on dockers and .Net Core in order to research possibility to move all of our infrastructure into dockers with .Net Core. I was trying to build a simple http listener that would return a hello world page.
I've found issue
dotnet/core#3072
very helpful.

In short I'm trying to open two http listeners:
http://+:1234
https://+:12345

For this to work there are two URL ACL reservations on the host OS:

Reserved URL            : http://+:1234/
    User: \Everyone
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;WD)

Reserved URL            : https://+:12345/
    User: \Everyone
        Listen: Yes
        Delegate: No
        SDDL: D:(A;;GX;;;WD)

Also there is valid Certificate applied to the https port :

SSL Certificate bindings:

IP:port                      : 0.0.0.0:12345
Certificate Hash             : a05077849c0835b0db2b16656cd42651122f283d
Application ID               : {00000000-0000-0000-0000-000000000000}

...

Further both ports are forwarded to the container:

docker run --user ContainerAdministrator -p 1234:1234 -p 12345:12345 --name=https_container https_server_image

And container is running under ContainerAdministrator.

The HttpListener is working pretty fine on the http port.
For example trying to load "http://localhost:1234/" works fine (sample code just returns "Hello word" html page).
Trying to access SSL connection on "https://localhost:12345/" fails in the browser with "ERR_CONNECTION_RESET" in Chrome/Edge, "PR_CONNECT_RESET_ERROR" in Mozilla.

Interesting part is that both HttpListener instances start without problem in the container and there is no any exception.
Of course the same test application works like a charm when started directly on the host machine without a docker containerization.

So I wonder do I miss something here ?
Is this intended behavior ?
Thanks in advance for your help !

[davidsh]

.Net Core version: 3.1
OS: Windows 10 (1903)
Docker version: 19.03.5

What is the specific Windows OS docker image that you are using? Is it Windows Server Core or Windows Nano Server docker image?

If the docker image is actually Linux, then HTTPS support is not implemented for Linux based HttpListener class.

[PeshkoBeshko]

I'm not sure I completely understand the question.
Most probably because I'm a novice into docker/.NETCore.

It is just an image based on .Net Core 3.1.
Here is the docker file for the image build:

FROM mcr.microsoft.com/dotnet/core/runtime:3.1
COPY bin/Debug/netcoreapp3.1/ app/
ENTRYPOINT ["dotnet", "app/HttpServer.dll"]

I'm not sure if in this case it will be Linux or Windows one.
I assumed it will be cross-platform somehow.
And I assumed HTTPS will work only on Windows host.

[davidsh]

The docker image you are using is a Linux based one:

C:\Users\davidsh>docker run -it --rm mcr.microsoft.com/dotnet/core/runtime:3.1 bash
Status: Downloaded newer image for mcr.microsoft.com/dotnet/core/runtime:3.1
root@558458023c16:/# more /etc/os*
PRETTY_NAME="Debian GNU/Linux 10 (buster)"
NAME="Debian GNU/Linux"
VERSION_ID="10"
VERSION="10 (buster)"
VERSION_CODENAME=buster
ID=debian
HOME_URL="https://www.debian.org/"
SUPPORT_URL="https://www.debian.org/support"
BUG_REPORT_URL="https://bugs.debian.org/"
root@558458023c16:/#

In general the HttpListener class is a legacy component we ported from .NET Framework (which is Windows only) to .NET Core. But HTTPS functionality is not supported on Linux. See: #19752

If you need a cross-platform HTTP/HTTPS server, we recommend you use ASP.NET Core. The 'Kestrel' component supports HTTPS fully and is available cross platform (Windows/Linux/Mac).
See: https://docs.microsoft.com/en-us/aspnet/core/fundamentals/servers/kestrel?view=aspnetcore-3.1

If you have further questions on Kestrel, please open an issue at dotnet/aspnetcore. Thanks.

[davidsh]

Duplicate of #19752

[PeshkoBeshko]

Thanks davidsh !
I'll look in what you proposed.