如何部署dotnet的web应用?

.NET

1 前言

一个问题,一篇文章,一出故事。
笔者最近接收到需要部署dotnet的web程序,于是整理此文。

2 最佳实践

2.1 部署dotnet运行时

如何部署二进制dotnet(.NET)?


安装完成后,你需要使用如下命令确认的版本符合你的需求,

dotnet --info

可见如下输出,

.NET SDK (reflecting any global.json):
 Version:   5.0.408
 Commit:    da985e2a23

Runtime Environment:
 OS Name:     ol
 OS Version:  9.3
 OS Platform: Linux
 RID:         linux-x64
 Base Path:   /usr/dotnet/dotnet-runtime/sdk/5.0.408/

Host (useful for support):
  Version: 5.0.17
  Commit:  6a98414363

.NET SDKs installed:
  5.0.408 [/usr/dotnet/dotnet-runtime/sdk]

.NET runtimes installed:
  Microsoft.AspNetCore.App 5.0.17 [/usr/dotnet/dotnet-runtime/shared/Microsoft.AspNetCore.App]
  Microsoft.NETCore.App 5.0.17 [/usr/dotnet/dotnet-runtime/shared/Microsoft.NETCore.App]

To install additional .NET runtimes or SDKs:
  https://aka.ms/dotnet-download

2.2 部署程序代码

2.2.1 创建运行用户

useradd -d /data/dotnet dotnet
su - dotnet

2.2.2 部署项目代码

cd /data/dotnet
unzip ai.zip

注:应用代码“ai.zip”请自行准备,本章不提供下载地址。

2.2.3 测试项目代码运行

cd ai
/usr/dotnet/dotnet-runtime/dotnet /data/dotnet/ai/AI.Vision.dll

如果遇到如下错误,

No usable version of libssl was found

你可以通过如下命令解决此问题,

dnf install -y compat-openssl11

如果服务能正常运行,你可以使用如下命令查看程序的倾听端口,

ss -antp | grep dotnet

可见如下显示,

LISTEN     0      512          127.0.0.1:5000          0.0.0.0:*     users:(("dotnet",pid=1220929,fd=223))                                                                                                                                                                                                                                                                                                                                                                                                                                         
LISTEN     0      512              [::1]:5000             [::]:*     users:(("dotnet",pid=1220929,fd=228))  

2.2.4 部署服务器控制脚本

vim /etc/systemd/system/ai.service

加入如下配置,

[Unit]
Description=AI.Vision

[Service]
WorkingDirectory=/data/dotnet/ai
ExecStart=/usr/dotnet/dotnet-runtime/dotnet /data/dotnet/ai/AI.Vision.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-ai
User=dotnet
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_NOLOGO=true

[Install]
WantedBy=multi-user.target

然后,你需要运行如下命令使服务生效,

systemctl daemon-reload

然后,我们启动服务并设置服务自启动,

systemctl start ai.service
systemctl enable ai.service

2.3 使用Nginx代理

2.3.1 配置Nginx环境

如果你需要部署Nginx环境,请参阅如下章节,

如何安装部署RHEL 9 Nignx?


关于Nginx证书,我们使用的是如下方式获取,

如何实现Nginx自动更换SSL证书?

2.3.2 创建代理配置

vim /etc/nginx/conf.d/www.cmdschool.org_7080.conf 

创建如下配置,

server {
    listen       7080 ssl;
    server_name  www.cmdschool.org cmdschool.org;
    server_tokens off;

    ssl_certificate /etc/letsencrypt/live/www.cmdschool.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.cmdschool.org/privkey.pem;
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers on;
    ssl_ciphers ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';";
    add_header Referrer-Policy "same-origin" always;
    add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Download-Options "noopen" always;
    add_header X-Frame-Options "sameorigin" always;
    add_header X-Permitted-Cross-Domain-Policies  "none" always;
    add_header X-Robots-Tag "none" always;
    add_header X-XSS-Protection "1; mode=block" always;
    proxy_hide_header  X-Powered-By;
    fastcgi_hide_header X-Powered-By;


    location / {
        proxy_pass http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}

然后,你需要使用如下命令确认配置语法正常,

nginx -t

2.3.3 重载服务使配置生效

systemctl reload nginx

2.3.4 测试服务

https://www.cmdschool.org:7080
注:由于是公司内部项目,此处不做展示。

参阅文档
=================
https://learn.microsoft.com/zh-cn/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-8.0&tabs=linux-rhel

没有评论

发表回复

.NET
如何部署二进制dotnet(.NET)?

1 基础知识 1.1 .NET的基础概念 1.1.1 .NET的概念 – .NET是一个 …

.NET
如何部署Docker .NET Core?

1 基础知识 1.1 基于Docker的.NET简介 – .NET Core可运行于Do …

.NET
如何yum部署dotnet(.NET)?

1 基础知识 1.1 .NET的基础概念 1.1.1 .NET的概念 – .NET是一个 …