Google Authentication on my Blazor app worked locally but not live – hosted @DigitalOcean in Ubuntu Docker Containers.
Locally I was working https using devcerts and the https on the DigitalOcean droplet was faked using Cloudflare’s (super-nice) security features (where they basically hide your website behind ssl without any certificate installation.
I switched between two problems during my trial-error process
- The google authentication callback came back to http (not https) – which my server is designed not to handle
- If I directed the callback (using Auth parameters) to use https – the server responded with some Cookie not found messages and Exception: Correlation failed. (Probably due to the fact that the cookie was produced by http://
The solution process
So I thought I would document the process in case I have to do this again (which I already have – as I had to do this for the api server as now my domain Cloudflare settings requires all the domain servers to have a valid (self-signed at least) certificate.
- Create the certificate config file
- Create a self-signed certificate on the server
openssl req -config certconfig.config -new -x509 -sha256 -newkey rsa:2048 -nodes -keyout site.key -days 365 -out site.crt
3. Produce the pfx cert file
openssl pkcs12 -export -out site.pfx -inkey site.key -in site.crt
4. Copy the cert into the cert folder (Ubuntu specific)
sudo cp site.crt /usr/local/share/ca-certificates
5. Update the certs reading on the host
6. Move the pfx into a /mnt folder on the host (as that folder will be mapped by the docker container and the certificate read during app startup)
cp site.pfx /mnt
7. Now the host has the certificate and trusts it – but the docker container does not. My strategy here is to do all this through command line when I start the dotnet core container. This might not be the industry standard, but it worked for me
docker run –rm -it -p 80:80 -p 443:443
-e ASPNETCORE_ENVIRONMENT=Staging [DockerImageName]/[App]:[Version]