Fixing google authentication due to my half-ass https setup

by Geir Sigurður, posted in Uncategorized

The problem

Google Authentication on my Blazor app worked locally but not live – hosted @DigitalOcean in Ubuntu Docker Containers.

Locally I was working https using devcerts and the https on the DigitalOcean droplet was faked using Cloudflare’s (super-nice) security features (where they basically hide your website behind ssl without any certificate installation.

I switched between two problems during my trial-error process

  1. The google authentication callback came back to http (not https) – which my server is designed not to handle
  2. If I directed the callback (using Auth parameters) to use https – the server responded with some Cookie not found messages and Exception: Correlation failed. (Probably due to the fact that the cookie was produced by http://

The solution process

So I thought I would document the process in case I have to do this again (which I already have – as I had to do this for the api server as now my domain Cloudflare settings requires all the domain servers to have a valid (self-signed at least) certificate.

  1. Create the certificate config file

nano certconfig.conf

  1. Create a self-signed certificate on the server

openssl req -config certconfig.config -new -x509 -sha256 -newkey rsa:2048 -nodes  -keyout site.key -days 365 -out site.crt

3. Produce the pfx cert file

openssl pkcs12 -export -out site.pfx -inkey site.key -in site.crt

4. Copy the cert into the cert folder (Ubuntu specific)

sudo cp site.crt /usr/local/share/ca-certificates

5. Update the certs reading on the host

sudo update-ca-certificates

6. Move the pfx into a /mnt folder on the host (as that folder will be mapped by the docker container and the certificate read during app startup)

cp site.pfx /mnt

7. Now the host has the certificate and trusts it – but the docker container does not. My strategy here is to do all this through command line when I start the dotnet core container. This might not be the industry standard, but it worked for me

docker run –rm -it -p 80:80 -p 443:443
-v /mnt:/mnt:ro
-e ASPNETCORE_URLS=”https://+;http://+”
-e ASPNETCORE_HTTPS_PORT=443
-e ASPNETCORE_Kestrel__Certificates__Default__Password=”PasswordXX”
-e ASPNETCORE_Kestrel__Certificates__Default__Path=/mnt/site.pfx
-e ASPNETCORE_ENVIRONMENT=Staging [DockerImageName]/[App]:[Version]

One thought on “Fixing google authentication due to my half-ass https setup

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s