Cannot serve https endpoint with valid TLS termination
orty opened this issue · comments
Hello,
I cannot find a way to manage the https + TLS configuration. Everything that I tried ends up either with the regular certificate warning, or with an ERR_EMPTY_RESPONSE
error. Here are the steps I followed :
- created a domain on Azure
my-domain.com
- registered the domain in my paid ngrok plan, added the CNAME in Azure
xxxxxxxxx.cname.eu.ngrok.io
- created a certificate in Azure, validated it and downloaded the
.pfx
certificate file - generated a
.crt
and a passwordless.key
files - specified my
ngrok.yml
as follows
authtoken: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
region: eu
update: true
tunnels:
api:
proto: tls
addr: localhost:7071
hostname: my-domain.com
host-header: localhost:7071
key: path/to/certificate.key
crt: path/to/certificate.crt
On my computer, VS is serving the webservice (an Azure function) over https
at https://localhost:7071
My previous configuration was working, I just wanted to get rid of the certificate warnings.
The previous one was
api:
proto: http
addr: https://localhost:7071
hostname: my-domain.com
host-header: localhost:7071
What did I do wrong ?
Hello again,
I have made some progress since my first post. Now, with the following configuration :
proto: tls
addr: localhost:49493
hostname: my-domain.com
host_header: localhost:49493
key: path/to/cert.key
crt: path/to/cert.crt
.. and the fact that I finally understood that it is not possible to create a tls
tunnel pointing to a https
exposed local server, I am now able to connect to some parts of my application (I run multiple project at once).
The ASP.Net Core web app though, I am not able to use it, since I need the host_header
option and it seems to be completely ignored when creating a tls
tunnel.
Is that the case ? If yes, is there any workaround I can rely on ?
Many thanks.
.. and the fact that I finally understood that it is not possible to create a tls tunnel pointing to a https exposed local server, I am now able to connect to some parts of my application (I run multiple project at once).
it is, but you would need to do it in one of two ways:
Let your ASP.NET server terminate TLS by not specifying key
and crt
:
proto: tls
addr: localhost:49493
hostname: my-domain.com
host_header: localhost:49493
OR
Tell ngrok to re-encrypt with tls for the local hop by adding tls://
at the start of your addr
proto: tls
addr: tls://localhost:49493
hostname: my-domain.com
host_header: localhost:49493
key: path/to/cert.key
crt: path/to/cert.crt
Re your second problem with the host_header
:
The ASP.Net Core web app though, I am not able to use it, since I need the host_header option and it seems to be completely ignored when creating a tls tunnel.
This is correct, host_header
is not supported on tls
tunnels. you should use an http
tunnel. you can solve this in one of two ways:
- modify your ASP.NET web app to recognize the ngrok hostname. i'm not sure what code is necessary to do this, but it is definitely possible
- use an https tunnel and let ngrok provision the certificate for you:
proto: http
addr: https://localhost:49493
hostname: my-domain.com
host_header: localhost:49493
then in the ngrok dashboard click on your domain on the domains page: https://dashboard.ngrok.com/endpoints/domains and choose automated certificates (you may need to enter the beta):
hope that helps!