Public Domain SSL Certificate signs site and KESTREL backend server (.PEM, now supported in DOTNET 6). Running on Ubuntu 20.04 (Digital Ocean cloud droplet (VM)).
Works from CURL and from Browser same-site. Not from remote browser. Tried all guidance combos.
- https://somedomain.com. //public site;
- ** Ajax;
- *** http://localhost:5000 //headers requested from guidance;
- **** Nginx Reverse Proxy. //followed mapping guidance (mapped to both https://localhost:5001 and http://localhost:5000. Both protocols work from ssh CURL and local site browser.;
- ****** KESTREL. //Signed with site SSL Certificate (Did self-signed earlier. It did not work);
- ******* DOTNET 6;
- ********* Startup //follow all guidance combos;
- ********** Controller //follows all guidance;
I can't find a GITHUB that works. Microsoft's YARP project took app fabric off-line to fix a security issue so can't test one that works. The implication is that CORS localhost lockdown in Fall 2021 may have broken this approach and will need to have reverse proxy backends on another IP.
BEHAVIOUR:
- ssh CURL works;
- browser on site works;
- remote browser does not work;
- Always returns CORS rejection (FireFox, Chrome);
- ** seems to be related to increased lockdown on using [localhost] as Ajax host in domain page from remote browser;
I don't provide code, but can if helpful. There are a lot of layers that have to mesh. They do, but the code will be less clear about the issue than above. If someone can get the above to work with .NET KESTREL, either through Nginx or Apache reverse proxy...in fact (any) reverse proxy, that would be great. If there is a pattern combo I missed, I can't see it. Happy to be wrong. If I need to use a different language, I can do that too, but prefer not.
