New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add support for HTTPS #227
Comments
BaGet is working fine with https - depending on the hosting area. Appsettings.json is only the development default, you can/should define your requirements on runtime! Yes, there are options to implement https inside Kestrel, but in my experience typically this the "part of the job" that should be implemented by the hosting environment and not inside BaGet. If you provide more information what you try to do, we may be able to help you in some way... Werner |
In most of the cases, I agree with you, Werner. However, for internal purposes, I don't need a full-fledged web server. I want a simple 'download and run' NuGet server without the need to setup all the other stuff. That's what I love about BaGet! |
I personally use the same approach that @WernerMairl describes and this works well for production workloads. That being said I completely agree with @mu88, BaGet should work well as a standalone app. I'll go ahead and a config for this, thanks for the suggestion! :) |
Allows to use Kestrel with HTTPS even without a Reverse Proxy (e. g. for development or internal purposes). Addresses loic-sharma#227 See NuGet/NuGetGallery#227
@WernerMairl Can you explain how to make SSL work, since you mention that it already works? My environment is a Linux server with BaGet running in a docker container. In order to get SSL I have to use a reverse proxy that handles the SSL itself. However, BaGet builds absolute URLS based solely on the request URL (which means it becomes |
@cabal95 As far as I can see the Urls generated by BaGet take there information from the Forward headers. Did you set them correctly. Also there is the PathBase setting if you are running in subdirectory. |
Yes, it is. I just verified with a tcpdump trace that Apache is sending along the
However, it is partially working now. Yesterday I found and added the The When I looked at the BaGet source code, it seems to be building the URLs solely based on the Request Scheme & Hostname and not looking for any |
Probably relevant lines are:
and Line 58 in 7b4a3be
They may or may not be relevant - I am not yet that familiar with the codes structure/architecture. |
Aha. Okay, based on this I was able to determine that it is honoring the |
Hi @cabal95, I am having similar issue where |
This is what I ended up using to get it to pass through everything I needed. Obviously this isn't the entire config file, but this is the relevant section.
|
Thank you. This worked. |
Hi Guys, Sorry for reopening this one, But I haven't figured it out yet, Currently I have the same issue, but in my case I'm using nginx as a reverse proxy. As @cabal95 did mention previously, I've added proxy_set_header Host $host; to my nginx configuration, it looks like this :
This is not working for me, I'm missing something ? , I'm currently using the latest docker hub image. Thanks in advance, |
Hi Guys,
Please close again this issue. |
Adding HTTPS support has become more urgent today with the latest VS2020 17.3 edition, the following warning/error comes up: error NU1803: You are running the 'restore' operation with an 'HTTP' source, 'http://nuget.mysite.com:5000/v3/index.json'. Non-HTTPS access will be removed in a future version. Consider migrating to an 'HTTPS' source. |
So I was able to enable HTTPS just by modifying the appsettings.json. I installed my SSL certificate into the Windows Certificate Store, in Local Machine -> Personal. Then I added the following to the Kestrel -> Endpoints block in appsettings.json:
In my case, my certificate is a wildcard so its CN was I also had to make sure that BaGet was running under the SYSTEM account so that it could access the Local Machine certificate store. |
I also previously had it configured to use a See the Microsoft docs on how to configure Kestrel HTTPS for certificate files/stores/etc. |
Would be cool if we had a solution that lets us just use the |
This did not work for me with Apache on Ubuntu 22.04 with .NET 6 based BaGet. I had to do the following change in addition to the Apache configuration posted above:
Source: https://soapfault.com/2020/02/24/asp-net-core-reverse-proxy-and-x-forwarded-headers/ |
I've found a solution to use baget with https. We use baget in docker, so a nginx reverse proxy was implemented. docker-compose.yml:
|
Right now, BaGet is always running under
http://localhost:5000
. It would be great to have a switch inappsettings.json
to run under HTTPS.The text was updated successfully, but these errors were encountered: