.NET
1 前言
一个问题,一篇文章,一出故事。
笔者最近接收到需要部署dotnet的web程序,于是整理此文。
2 最佳实践
2.1 部署dotnet运行时
安装完成后,你需要使用如下命令确认的版本符合你的需求,
dotnet --info
可见如下输出,
.NET SDK (reflecting any global.json): Version: 5.0.408 Commit: da985e2a23 Runtime Environment: OS Name: ol OS Version: 9.3 OS Platform: Linux RID: linux-x64 Base Path: /usr/dotnet/dotnet-runtime/sdk/5.0.408/ Host (useful for support): Version: 5.0.17 Commit: 6a98414363 .NET SDKs installed: 5.0.408 [/usr/dotnet/dotnet-runtime/sdk] .NET runtimes installed: Microsoft.AspNetCore.App 5.0.17 [/usr/dotnet/dotnet-runtime/shared/Microsoft.AspNetCore.App] Microsoft.NETCore.App 5.0.17 [/usr/dotnet/dotnet-runtime/shared/Microsoft.NETCore.App] To install additional .NET runtimes or SDKs: https://aka.ms/dotnet-download
2.2 部署程序代码
2.2.1 创建运行用户
useradd -d /data/dotnet dotnet su - dotnet
2.2.2 部署项目代码
cd /data/dotnet unzip ai.zip
注:应用代码“ai.zip”请自行准备,本章不提供下载地址。
2.2.3 测试项目代码运行
cd ai /usr/dotnet/dotnet-runtime/dotnet /data/dotnet/ai/AI.Vision.dll
如果遇到如下错误,
No usable version of libssl was found
你可以通过如下命令解决此问题,
dnf install -y compat-openssl11
如果服务能正常运行,你可以使用如下命令查看程序的倾听端口,
ss -antp | grep dotnet
可见如下显示,
LISTEN 0 512 127.0.0.1:5000 0.0.0.0:* users:(("dotnet",pid=1220929,fd=223)) LISTEN 0 512 [::1]:5000 [::]:* users:(("dotnet",pid=1220929,fd=228))
2.2.4 部署服务器控制脚本
vim /etc/systemd/system/ai.service
加入如下配置,
[Unit] Description=AI.Vision [Service] WorkingDirectory=/data/dotnet/ai ExecStart=/usr/dotnet/dotnet-runtime/dotnet /data/dotnet/ai/AI.Vision.dll Restart=always # Restart service after 10 seconds if the dotnet service crashes: RestartSec=10 KillSignal=SIGINT SyslogIdentifier=dotnet-ai User=dotnet Environment=ASPNETCORE_ENVIRONMENT=Production Environment=DOTNET_NOLOGO=true [Install] WantedBy=multi-user.target
然后,你需要运行如下命令使服务生效,
systemctl daemon-reload
然后,我们启动服务并设置服务自启动,
systemctl start ai.service systemctl enable ai.service
2.3 使用Nginx代理
2.3.1 配置Nginx环境
如果你需要部署Nginx环境,请参阅如下章节,
关于Nginx证书,我们使用的是如下方式获取,
2.3.2 创建代理配置
vim /etc/nginx/conf.d/www.cmdschool.org_7080.conf
创建如下配置,
server { listen 7080 ssl; server_name www.cmdschool.org cmdschool.org; server_tokens off; ssl_certificate /etc/letsencrypt/live/www.cmdschool.org/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.cmdschool.org/privkey.pem; ssl_protocols TLSv1.2 TLSv1.3; ssl_prefer_server_ciphers on; ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';"; add_header Referrer-Policy "same-origin" always; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Download-Options "noopen" always; add_header X-Frame-Options "sameorigin" always; add_header X-Permitted-Cross-Domain-Policies "none" always; add_header X-Robots-Tag "none" always; add_header X-XSS-Protection "1; mode=block" always; proxy_hide_header X-Powered-By; fastcgi_hide_header X-Powered-By; location / { proxy_pass http://localhost:5000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } }
然后,你需要使用如下命令确认配置语法正常,
nginx -t
2.3.3 重载服务使配置生效
systemctl reload nginx
2.3.4 测试服务
https://www.cmdschool.org:7080
注:由于是公司内部项目,此处不做展示。
参阅文档
=================
https://learn.microsoft.com/zh-cn/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-8.0&tabs=linux-rhel
没有评论