[ASP.Net Core] SignalR - issues on Linux container

 ASP.NET Core   SignalR   Linux 

▌Problems

---

We encountered some issues while dockerizing ASP.NET Core with SignalR on Linux containers:

1.  Websocket connection from client to server will be blocked by using self-signed SSL certificate.

2.  Websocket connection fails when using Nginx reverse proxy

▌Environment

---

▋ASP.NET Core 2.2.301

▋Microsoft.AspNetCore.SignalR.Client 1.1.0

▌Solutions

---

▋(Client) Ignore validating insecure SSL cert

To solve the issue:

「Websocket connection from client to server will be blocked by using self-signed SSL certificate」, we have to bypass validating the certificate of server by always set validation to success in client side:

HubConnection connection = new HubConnectionBuilder()

                .WithUrl(new Uri(this.hubHost), options =>

                {

                    var httpClientHandler = new HttpClientHandler

                    {

                        ClientCertificateOptions = ClientCertificateOption.Manual,

                        ServerCertificateCustomValidationCallback = (httpRequestMessage, cert, cetChain, policyErrors) =>

                        {

                            // If this is a development app, you could just return true always

                            // In production you should ALWAYS either use a trusted cert or check the thumbprint of the cert matches one you expect.

                            return true;

                        }

                    };

                    options.HttpMessageHandlerFactory = _ => httpClientHandler;

                })

                .Build();

await connection.StartAsync();

▋(Server) Prevent from buffering asynchronous responses on Nginx

We have to disable buffering asynchronous response(s) for ONLY SignarlR events in Nginx.

To do so, just set proxy_buffering to off.

Here is a configuration sample,

▋nginx.conf

http {

    sendfile on;

    access_log ./nginx_access.log;

    error_log ./nginx_error.log;

    

    server{

        listen 9999 ssl;

        

        ssl on;

        ssl_certificate           /etc/certs/docker.crt;

        ssl_certificate_key       /etc/certs/docker.key;

        location / {

            proxy_set_header    Host                $http_host;

            proxy_set_header    X-Real-IP           \$remote_addr;

            proxy_set_header    X-Forwarded-For     \$proxy_add_x_forwarded_for;

            proxy_set_header    X-Forwarded-Proto   \$scheme;

            proxy_read_timeout                      600s;

            proxy_pass                              https://xxx:9999/;

        }

        location /keyEventHub {

            proxy_set_header    Host                $http_host;

            proxy_set_header    X-Real-IP           \$remote_addr;

            proxy_set_header    X-Forwarded-For     \$proxy_add_x_forwarded_for;

            proxy_set_header    X-Forwarded-Proto   \$scheme;

            proxy_read_timeout                      2m;

            proxy_connect_timeout                   1m;

            proxy_send_timeout                      1m;

            keepalive_requests                      1000;

            keepalive_timeout                       2m;

            send_timeout                            1m;

            proxy_buffering                         off;

            proxy_pass                              https://xxx:9999/MyEventHub;

        }

    }

}

▌Reference

---

▋SignalR behind nginx reverse proxy

▋[SignalR] Transport is not switched after handshake failure