Skip to content

Containerize application with Docker #215

New issue
New issue
Closed
#230
Closed
Containerize application with Docker#215
#230
Assignees
nanotaboada
Labels
.NETPull requests that update .NET codecontainersPull requests that update containers codeenhancementNew feature or request
@nanotaboada

Description

@nanotaboada
nanotaboada
opened on Apr 17, 2025

Description

We need to containerize the Dotnet.Samples.AspNetCore.WebApi application to support development and deployment scenarios with Docker. The container should run as a non-root user.

Suggested Approach

  • Create a Dockerfile using a multi-stage build:
    • Build stage: use mcr.microsoft.com/dotnet/sdk:8.0 to restore, build, and publish the app.
    • Runtime stage: use mcr.microsoft.com/dotnet/aspnet:8.0 to run the published app in a minimal environment.- Expose port 9000.
  • Use environment variables to configure the app (e.g. ASPNETCORE_URLS=http://+:9000).
  • Use a non-root user (aspnetcore) in the final image for hardening.

Proposed Implemenation

Dockerfile

# - Stage 1 --------------------------------------------------------------------
    FROM mcr.microsoft.com/dotnet/sdk:8.0 AS build
    WORKDIR /src

    # Copy and restore dependencies
    COPY src/Dotnet.Samples.AspNetCore.WebApi/*.csproj ./Dotnet.Samples.AspNetCore.WebApi/
    RUN dotnet restore ./Dotnet.Samples.AspNetCore.WebApi

    # Copy source and publish
    COPY src/Dotnet.Samples.AspNetCore.WebApi ./Dotnet.Samples.AspNetCore.WebApi
    WORKDIR /src/Dotnet.Samples.AspNetCore.WebApi
    RUN dotnet publish -c Release -o /app/publish

# - Stage 2 --------------------------------------------------------------------
    FROM mcr.microsoft.com/dotnet/aspnet:8.0 AS runtime
    WORKDIR /app

    # Copy published output
    # Note: This includes the SQLite database because it's marked as <Content> with
    # <CopyToOutputDirectory> in the .csproj file. No need to copy it manually.
    COPY --from=build /app/publish .

    # Add non-root user (aspnetcore) and switch to it
    RUN adduser --disabled-password --gecos '' aspnetcore \
        && chown -R aspnetcore:aspnetcore /app
    USER aspnetcore

    # Set environment variables
    ENV ASPNETCORE_URLS=https://+:9000
    ENV ASPNETCORE_ENVIRONMENT=Production

    # Default entrypoint
    ENTRYPOINT ["dotnet", "Dotnet.Samples.AspNetCore.WebApi.dll"]

docker-compose.override.yml

version: "3.9"
services:
  webapi:
    environment:
      ASPNETCORE_ENVIRONMENT: Development
      ASPNETCORE_URLS: https://+:9000
    volumes:
      - ./https:/https:ro
      - ./src/Dotnet.Samples.AspNetCore.WebApi/Data:/app/Data:ro

Acceptance Criteria

  • Docker image builds successfully using docker build -t dotnet-samples-aspnetcore-webapi ..
  • Docker container runs successfully using docker run -p 9000:9000 dotnet-samples-aspnetcore-webapi:latest
  • The app listens on http://localhost:9000.
  • Runs as non-root (aspnetcore) in container.

Metadata

Metadata

Assignees

Labels

.NETPull requests that update .NET codecontainersPull requests that update containers codeenhancementNew feature or request

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions