} // End Sub ListenAnyIP public static void UseHttps( System.Collections.Concurrent.ConcurrentDictionary <string, System.Security.Cryptography.X509Certificates.X509Certificate2> certs , Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions httpsOptions) { System.Security.Cryptography.X509Certificates.X509Certificate2 localhostCert = Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert( "localhost", "My", System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, allowInvalid: true); System.Security.Cryptography.X509Certificates.X509Certificate2 exampleCert = Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert( "example.com", "My", System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, allowInvalid: true); System.Security.Cryptography.X509Certificates.X509Certificate2 subExampleCert = Microsoft.AspNetCore.Server.Kestrel.Https.CertificateLoader.LoadFromStoreCert( "sub.example.com", "My", System.Security.Cryptography.X509Certificates.StoreLocation.CurrentUser, allowInvalid: true); certs["localhost"] = localhostCert; certs["example.com"] = exampleCert; certs["sub.example.com"] = subExampleCert; httpsOptions.ServerCertificateSelector = delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, string name) { return(ServerCertificateSelector(certs, connectionContext, name)); } ; } // End Sub UseHttps
public static IWebHost InitializeStartup(string[] args) { var defaultlocalStorageLocation = $"{Environment.GetFolderPath(Environment.SpecialFolder.CommonApplicationData)}{Path.DirectorySeparatorChar}boxinterview{Path.DirectorySeparatorChar}{Constants.RootInstallFolder}"; string logFolderLocation = $"{defaultlocalStorageLocation}{Path.DirectorySeparatorChar}{Constants.LogsFolderName}"; var globalData = new GlobalData { Logger = new Logger(logFolderLocation, Constants.LogFileName), LocalStorageLocation = defaultlocalStorageLocation, }; DataStore dataStore = new DataStore(); var webHostBuilder = new WebHostBuilder() .CaptureStartupErrors(true) .UseKestrel(options => { if (Constants.ListenerProtocolIsHttps) { #pragma warning disable CS0162 // Unreachable code detected options.Listen(System.Net.IPAddress.Any, Convert.ToInt32(Constants.ListenerPort), listenOptions => #pragma warning restore CS0162 // Unreachable code detected { var httpsConnectionAdapterOptions = new Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions { SslProtocols = System.Security.Authentication.SslProtocols.Tls | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls12, }; //listenOptions.NoDelay = true; listenOptions.UseHttps(httpsConnectionAdapterOptions); }); } }) .ConfigureServices( services => { services.AddSingleton(globalData); services.AddSingleton(dataStore); }) .UseIISIntegration() .UseStartup <Startup>(); if (!Constants.ListenerProtocolIsHttps) { webHostBuilder.UseUrls($"http://+:{Constants.ListenerPort}"); } globalData.WebHost = webHostBuilder.Build(); return(globalData.WebHost); }
public static void HttpsDefaults(Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions listenOptions) { listenOptions.OnAuthenticate = delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, System.Net.Security.SslServerAuthenticationOptions sslOptions) { sslOptions.CipherSuitesPolicy = new System.Net.Security.CipherSuitesPolicy( new System.Net.Security.TlsCipherSuite[] { System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, System.Net.Security.TlsCipherSuite.TLS_CHACHA20_POLY1305_SHA256, // ... }); } ; // End OnAuthenticate }
public static Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions UseHttps(this Microsoft.AspNetCore.Server.Kestrel.Core.ListenOptions listenOptions, Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions httpsOptions) { throw null; }
} // End Sub ConfigureEndpointDefaults public static void HttpsDefaults( Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions listenOptions , System.IO.FileSystemWatcher watcher ) { bool isNotWindows = !System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(System.Runtime.InteropServices.OSPlatform.Windows); System.Collections.Concurrent.ConcurrentDictionary <string, CertHackStore> certs = new System.Collections.Concurrent.ConcurrentDictionary <string, CertHackStore>( System.StringComparer.OrdinalIgnoreCase ); string cert = SecretManager.GetSecret <string>("ssl_cert"); string key = SecretManager.GetSecret <string>("ssl_key"); certs["localhost"] = CertHackStore.FromPem(cert, key); // watcher.Filters.Add("localhost.yml"); // watcher.Filters.Add("example.com.yaml"); // watcher.Filters.Add("sub.example.com.yaml"); System.IO.FileSystemEventHandler onChange = delegate(object sender, System.IO.FileSystemEventArgs e) { CertificateFileChanged(certs, sender, e); }; watcher.Changed += new System.IO.FileSystemEventHandler(onChange); watcher.Created += new System.IO.FileSystemEventHandler(onChange); watcher.Deleted += new System.IO.FileSystemEventHandler(onChange); // watcher.Renamed += new System.IO.RenamedEventHandler(OnRenamed); if (!System.Runtime.InteropServices.RuntimeInformation.IsOSPlatform(System.Runtime.InteropServices.OSPlatform.Windows)) { watcher.EnableRaisingEvents = true; } listenOptions.ServerCertificateSelector = delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, string name) { return(ServerCertificateSelector(certs, connectionContext, name)); }; #if NO_NGINX_FUCKUP listenOptions.OnAuthenticate = delegate(Microsoft.AspNetCore.Connections.ConnectionContext connectionContext, System.Net.Security.SslServerAuthenticationOptions sslOptions) { // not supported on Windoze if (isNotWindows) { sslOptions.CipherSuitesPolicy = new System.Net.Security.CipherSuitesPolicy( new System.Net.Security.TlsCipherSuite[] { System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, System.Net.Security.TlsCipherSuite.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, System.Net.Security.TlsCipherSuite.TLS_CHACHA20_POLY1305_SHA256, // ... }); } // End if (!isWindows) } // End Delegate ; // End OnAuthenticate #endif } // End Sub HttpsDefaults
public void Configure(ListenOptions lisOption) { lisOption.Protocols = HttpProtocols.Http1AndHttp2; var services = new ServiceCollection(); var log = new Microsoft.Extensions.Logging.Abstractions.NullLoggerFactory(); services.AddSingleton <ILoggerFactory>(log); lisOption.KestrelServerOptions.ApplicationServices = services.BuildServiceProvider(); if (port == 443 || forcessl) { // use https Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions ssloption = new Microsoft.AspNetCore.Server.Kestrel.Https.HttpsConnectionAdapterOptions(); ssloption.ServerCertificateSelector = SelectSsl; ssloption.ClientCertificateMode = Microsoft.AspNetCore.Server.Kestrel.Https.ClientCertificateMode.NoCertificate; ssloption.ClientCertificateValidation = (x, y, z) => { return(true); }; ssloption.HandshakeTimeout = new TimeSpan(0, 0, 30); ssloption.SslProtocols = System.Security.Authentication.SslProtocols.Tls12 | System.Security.Authentication.SslProtocols.Tls11 | System.Security.Authentication.SslProtocols.Tls; lisOption.UseHttps(ssloption); } }