0

I'm trying to deploy a Docker Compose project which orchestrates a .NET 8 WEB API and a Blazor 8 UI.

I want to avoid using Cloud Providers such as Azure, AWS, Google Cloud and all other "Azure Container Service" and "Amazon Kubernetes etc." all together and most answers to the same topic online refer to those.

I planned on using a cheap VPS running Ubuntu Server and deploy it from there.

I just can't seem to figure out how to make it "accessible online". At that point I know how to secure the server, the network and the code runs fine, got the domain name too.

My confusion here is that, it seems that it could be running on some sort of Docker hub kind of service but I want my stuff to be private and accessible only by me. I don't know if that's where you use NGINX (never used it) or if there's another way.

For now I need a way to deploy my docker compose online, but in the future I'm going to learn Kubernetes and deploy a cluster but that's for later. I'm looking for ease and speed right now.

Improve this question
5
  • Shouldn't this just be as easy as setting your port in docker, and opening the port in the firewall protecting your vps? I'm not quite seeing why this is a question Commented Jan 1 at 5:43
  • oh you mean the public IP address of the VPS would be the one connected to the domain name and therefore any port open through the firewall would be the one accessible to the container ? Sorry it's my first time deploying containers as apps and so many resource online just point to a Cloud Provider. Commented Jan 1 at 7:45
  • i'm not quite sure what you mean by accessible to the container, but to make a web service accessible on the internet you just need to run your container on port 80/443, open those ports on your firewall, and give your domain an A record pointing to the IP address of the VPS. Opening the port on the firewall may not even be necessary depending on what service you're using Commented Jan 1 at 10:26
  • Thank you Rob, I was mixing up many stuff and forgot it was this simple. Thank you Commented Jan 1 at 19:42
  • „ but I want my stuff to be private and accessible only by me.“ Your images or your services or both? Commented Jun 11 at 7:54

1 Answer 1

Reset to default
0

General overview

  1. Register a domain
  2. Optional, but highly recommended: Use Cloudflare as your DNS (free as in beer for the basic tier). Comes with DDoS and basic attack protection and other nifty features.
  3. Point the hostname under which you want your .NET application be accessible to the IP of the VPS you run your compose project on. In the following example docker-compose.yaml, this would be dotnet.yourdomain.com
  4. Use a reverse proxy in your compose file and bind its ports 443 and 80 to 0.0.0.0 (an alias for "all available IPs"). You really do not want to expose a notoriously insecure framework directly to the internet.
  5. Usually, the container runtime takes care of modifying the iptables (think local firewall) to allow access to exposed ports. If you have an external firewall, obviously you have to allow access to port 80/443 to your VPS there as well.

Compose project

name: reverse-proxy-dotnet
services:
  reverse-proxy:
    image: traefik:v3.4
    container_name: reverse-proxy
    command:
      # Enable autodiscovery of services via Docker
      - "--providers.docker=true"
      # Ensure Traefik only exposes services that have the label `traefik.enable=true`
      - "--providers.docker.exposedbydefault=false"
      # Enable the HTTP entrypoint to listen on the default port 80
      - "--entrypoints.web.address=:80"
      # Enable access log
      - "--accesslog=true"
      # Set the log level to INFO. If you want more verbosity, you can set it to DEBUG
      - "--log.level=INFO"
      # Disable colored logs for better readability in some environments
      - "--log.nocolor=true"
      # Enable the dashboard
      - "--api.dashboard=true"
      - "--api.insecure=true"
    ports:
      # Expose the HTTP entrypoint on port 80 on all interfaces
      - "0.0.0.0:80:80"
      # Expose the dashboard on port 8080 only on localhost
      # This allows you to access the dashboard at http://localhost:8080/dashboard/
      - "127.0.0.1:8080:8080" # Dashboard
    volumes:
      # Mount the Docker socket to allow Traefik to discover services
      - "/var/run/docker.sock:/var/run/docker.sock"
    depends_on:
      dotnet:
        # Ensure the dotnet service is healthy before starting Traefik
        condition: service_healthy
  dotnet:
    # Use the official .NET sample image for ASP.NET Core applications
    image: mcr.microsoft.com/dotnet/samples:aspnetapp
    container_name: dotnet
    healthcheck:
      # Note that YOUR healthcheck command may vary based on your application
      # and the base image you are using.
      test: ["CMD", "wget", "--spider", "http://localhost:8080/"]
      start_period: 25s
      start_interval: 5s
      interval: 30s
      timeout: 10s
      retries: 3
    labels:
      # Enable Traefik for this service
      # This label is required for Traefik to route traffic to this service
      - "traefik.enable=true"
      # Define the HTTP router 'dotnet' for this service.
      # You can change 'dotnet' to any name you prefer.
      - "traefik.http.routers.dotnet.rule=Host(`dotnet.yourdomain.com`)"
      # Specify the entrypoint from which trafffic will be routed to this service.
      - "traefik.http.routers.dotnet.entrypoints=web"

Testing

$ docker compose up -d
[+] Running 3/3
 ✔ Network reverse-proxy-dotnet_default  Created     0.1s 
 ✔ Container dotnet                      Healthy     5.8s 
 ✔ Container reverse-proxy               Started     6.3s
$ curl -ivLH "Host: dotnet.yourdomain.com" http://localhost/

Note

To access the dashboard, you need to open an SSH tunnel to your VPS.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.