From 6a9026a72273c28eeefc5e7af81c71bcb96b2c43 Mon Sep 17 00:00:00 2001 From: maliming Date: Tue, 24 Oct 2023 09:48:49 +0800 Subject: [PATCH 1/2] Add `New Containers feature with NET 8.0` article. --- .../POST.md | 30 +++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md diff --git a/docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md b/docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md new file mode 100644 index 0000000000..139b2f17b1 --- /dev/null +++ b/docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md @@ -0,0 +1,30 @@ +# New Containers feature with NET 8.0 + +This article will show you the new feature of containers with NET 8.0. + +## Non-root user + +The `Non-root user` feature on net 8 is a security measure that allows users to have limited access to the system without having full administrative privileges. Hosting containers as `non-root` aligns with principle of least privilege. +It’s free security provided by the operating system. If you run your app as root, your app process can do anything in the container, like modify files, install packages, or run arbitrary executables. +That’s a concern if your app is ever attacked. If you run your app as non-root, your app process cannot do much, greatly limiting what a bad actor could accomplish. + +## Default ASP.NET Core port changed from 80 to 8080 + +In .NET 8, there has been a change in the default port used by ASP.NET Core applications. Previously, the default port assigned to ASP.NET Core applications was `80`. However, starting from .NET 8, the default port has been changed to `8080`. +This change was made to avoid conflicts with other applications and services that commonly use port 80, such as web servers like IIS or Apache. By using port 8080 as the default, there is less potential for clashes and easier deployment of ASP.NET Core applications alongside other services. + +It's important to note that this change only affects the default port used when an ASP.NET Core application is run without explicitly specifying a port. + +If you want your application to continue using port 80, you can still specify it during the application launch or configure it in the application settings. + +* Recommended: Explicitly set the `ASPNETCORE_HTTP_PORTS`, `ASPNETCORE_HTTPS_PORTS``, and `ASPNETCORE_URLS` environment variables to the desired port. Example: `docker run --rm -it -p 9999:80 -e ASPNETCORE_HTTP_PORTS=80 `` +* Update existing commands and configuration that rely on the expected default port of port 80 to reference port 8080 instead. Example: `docker run --rm -it -p 9999:8080 `` + +> The `dockerfile` of abp templates has been updated to use port `80`. + +## References + +- [Secure your .NET cloud apps with rootless Linux Containers](https://devblogs.microsoft.com/dotnet/securing-containers-with-rootless/) +- [Containers breaking changes](https://learn.microsoft.com/en-us/dotnet/core/whats-new/dotnet-8#containers) +- [ASP.NET Core apps use port 8080 by default](https://learn.microsoft.com/en-us/dotnet/core/compatibility/8.0#containers) +- [Docker images for ASP.NET Core](https://learn.microsoft.com/en-us/aspnet/core/host-and-deploy/docker/building-net-docker-images?view=aspnetcore-8.0) From 8fa1668f32fd601edb9616c986636e0cb01c0488 Mon Sep 17 00:00:00 2001 From: Hamza Albreem <94292623+braim23@users.noreply.github.com> Date: Fri, 3 Nov 2023 09:52:00 +0300 Subject: [PATCH 2/2] Update POST.md --- .../2023-10-23-NET-8-Feature-containers/POST.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md b/docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md index 139b2f17b1..dc0f96e726 100644 --- a/docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md +++ b/docs/en/Community-Articles/2023-10-23-NET-8-Feature-containers/POST.md @@ -4,7 +4,7 @@ This article will show you the new feature of containers with NET 8.0. ## Non-root user -The `Non-root user` feature on net 8 is a security measure that allows users to have limited access to the system without having full administrative privileges. Hosting containers as `non-root` aligns with principle of least privilege. +The `Non-root user` feature on net 8 is a security measure that allows users to have limited access to the system without having full administrative privileges. Hosting containers as `non-root` aligns with the principle of least privilege. It’s free security provided by the operating system. If you run your app as root, your app process can do anything in the container, like modify files, install packages, or run arbitrary executables. That’s a concern if your app is ever attacked. If you run your app as non-root, your app process cannot do much, greatly limiting what a bad actor could accomplish. @@ -20,7 +20,7 @@ If you want your application to continue using port 80, you can still specify it * Recommended: Explicitly set the `ASPNETCORE_HTTP_PORTS`, `ASPNETCORE_HTTPS_PORTS``, and `ASPNETCORE_URLS` environment variables to the desired port. Example: `docker run --rm -it -p 9999:80 -e ASPNETCORE_HTTP_PORTS=80 `` * Update existing commands and configuration that rely on the expected default port of port 80 to reference port 8080 instead. Example: `docker run --rm -it -p 9999:8080 `` -> The `dockerfile` of abp templates has been updated to use port `80`. +> The `dockerfile` of ABP templates has been updated to use port `80`. ## References