Install an ASP.NET Core Web API on Linux (Ubuntu 18.04) and host with Nginx and SSL

Thing’s you’ll need: PuTTY 🧱, Mouse 🐁 (okay this is linux so you wont really need a mouse) and linux is free so you wont need cache 💰

Table of content:
1. Install .net core 3.1
2. Install Nginx
3. Build and copy your application
4. Configure your Nginx server block
5. Create your Asp.Net service
6. Secure your hosted application with SSL

Install .net core 3.1

I built an application with .net core 3.1

To install that run the following:

sudo apt-get update 
sudo apt-get install apt-transport-https sudo apt-get update 
sudo apt-get install dotnet-sdk-3.1

find other sdk versions here https://dotnet.microsoft.com/download/dotnet-core

Install Nginx

Run the following commands to install Nginx

sudo apt update
sudo apt install nginx

You can check the status of your Nginx to make sure it’s got an active running status:

sudo systemctl status nginx

Build and copy your application

I right click in the visual studio solution explorer and click publish and then I publish the code to a folder.

You can also do this with the .NET Core CLI command.

dotnet publish — configuration Release

I use Filezilla copy my built code. Copy and paste your built code folder to the folder on the app.

Configure your Nginx server block

This service block will expose your internally hosted application to the outside work. To edit it run the following (I use vim but you can use your text editor of choice):

sudo vim /etc/nginx/sites-available/default

Your service block should look as follows:

server {
    listen        80;
    server_name   {api.your-domain-name.com};
    root /home/ubuntu/apps/{your-folder-name};
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

After saving your config file you can start or restart your Nginx service

sudo service nginx start
# or restart it if its already started
sudo service nginx restart

Create your Asp.Net service

Create the service file

sudo vim /etc/systemd/system/{your-service-name}.service

Service file example:

[Unit]
Description=This is a sample application for my tutorial
[Service]
WorkingDirectory=/home/ubuntu/apps/sample
ExecStart=/usr/bin/dotnet /home/ubuntu/apps/sample/Harrys.Sample.ddl
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=dotnet-example
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
# If you need to run multiple services on different ports set
# the ports environment variable here:
# Environment=ASPNETCORE_URLS=http://localhost:6000
[Install]
WantedBy=multi-user.target

Save the file and you can enable the service as follows:

sudo systemctl enable {your-service-name}.service

Then you need to start your service:

sudo systemctl start{your-service-name}.service

Check that it is running as follows:

sudo systemctl status {your-service-name}.service

If the application is not running successfully when you check the status you may need to look at verbose logs for debugging. To do this run use the journalctl interface:

sudo journalctl -fu {your-service-name}.service

Secure your hosted application with SSL

In order to encrypt your api you will need to get a domain. I would recommend looking at Godaddy or Namecheap.

We need to create an A record in the DNS settings which points to your server address.
Type: A
Name: api.{your-domain}.com
Value: {Ip address of your server}

____________________________________________________________________
|   Type   |      Name                |      Value                 |
|__________|__________________________|____________________________|
|    A     | api.{your-domain}.com    |{Ip address of your server} |
|__________|__________________________|____________________________|

Install certbot

sudo add-apt-repository ppa:certbot/certbot

Install certbot-nginx

sudo apt install python-certbot-nginx

make sure your nginx service block server_name is set to the domain you want to secure

server_name {api.your-domain.com};

Certbot will read that value from the server block to create your certificate.
Create the certificate:

sudo certbot — nginx -d {api.your-domain.com}

follow the dialog and once its succesfully decide whether you want to redirect all traffic to https by entering 1 or 2 in the dialog.

Finally check that the auto-renewal for your certificate will work with no errors:

sudo certbot renew — dry-run

Once that is set up you might need to open up a new port on your linux box. The default https port is 443.

Thanks for reading, I hope you found it helpful!!! 😊