Step by Step Guide on How To Deploy ASP.Net Core and Nginx with Automatic Free SSL renewal (Lets Encrypt & Certbot) on a VPS

4 min readMar 1, 2020

Our situation:

So, we’ve bought a beautiful domain like partohesab.ir, created an ASP.Net Core app, tested it on our local machine and want to deploy to a VPS. What we’re gonna need is a lightweight reverse-proxy to pass requests to our app. Furthermore, we want to redirect all traffic from HTTP to HTTPS.

You can’t plant a seed without getting your hands dirty

Buy a cheap VPS:

We can choose any cloud or server farm provider to get an Ubuntu VPS with ssh support.

Connect to VPS:

We can connect to our server using the syntax:

$ ssh <user>@<remotehost>

example: $ ssh root@8.8.8.8

Install .Net Core 3.1:

Using this guide from Microsoft we are able to install dotnet tool on our Ubuntu. We can select our Ubuntu version in this guide:

We can always check our dotnet version with the following:

Install and start Nginx:

$ apt install nginx
$ systemctl start nginx

We can always check nginx service status with the following command:

$ systemctl status nginx

Now nginx is ready.

Push ASP.NET Core app to VPS:

Create a directory:

$ mkdir -p ~/webapp

The -p argument tells OS to create parent directories along the way.

Now let’s say our publish directory on local machine is at ~/local-webapp. We need to copy our local publish directory to our VPS:

$ scp -r /path/to/local/dir user@remotehost:/path/to/remote/dir

Add firewall rules:

On a fresh Ubuntu server, firewall will not allow incoming/outgoing traffic even on de facto standard ports. Run the following commands to update rules for 80 (default HTTP port) and 443 (default HTTPS port).

$ ufw allow 80/tcp
$ ufw allow 443/tcp
$ ufw allow http
$ ufw allow https

If ufw is not installed, install it with the following command:

$ apt install ufw
$ ufw allow http

Test our application runs OK:

In this tutorial we assume the following:

Our application DOES NOT redirect HTTP to HTTPS
Our application listens to this URL: http://localhost:5000

First we start our app:

$ dotnet /path/to/remote/dir/<appname>.dll

Now test it:

$ curl http://localhost:5000

This should print first page’s source code.

Make our app public on HTTP only:

Before adding HTTPS and SSL support we need to make our website public with HTTP protocol only.

Create our virtual host configuration:

$ nano /etc/nginx/sites-available/www.partohesab.ir

Then put these lines:

Ok there are some notes about this:

First and second lines tell nginx to listen to port 80
Third lines tells nginx that this configuration is related to *.partohesab.ir and partohesab.ir URLs.
The location part tells nginx to bind localhost:5000 to root path on partohesab.ir and *.partohesab.ir URLs. There are also some proxy header configurations which are needed by .Net Core app (see this forwarding headers guide)

Now run these commands to enable our virtual host:

$ rm /etc/nginx/sites-enabled/www.partohesab.ir
$ ln -s /etc/nginx/sites-available/www.partohesab.ir /etc/nginx/sites-enabled/

For changes to take effect in nginx we need to reload it:

$ nginx -s reload

Now navigate to http://www.partohesab.ir. Ta-dat!! We won’t see anything! Why? Because we’ll need a DNS provider to map our server’s IP to www.partohesab.ir. These are famous DNS providers in 2020 Feb:

After we mapped our domain and server’s IP we can then navigate to our domain in browser to see the website.

Install Certbot:

Just when we think about website’s security HTTPS comes to mind. Let’s Encrypt guys have provided us a way to generate free SSL certificates with 3 month validity. They also created a nice bot called certbot to renew our certificate automatically. For our website we will use this, but keep in mind that if care about our website’s SEO, we ought to use a paid certificate, because renewing certificate lowers our rank in Google.

Now, install certbot:

$ apt-get update
$ apt-get install software-properties-common
$ add-apt-repository universe
$ add-apt-repository ppa:certbot/certbot
$ apt-get update
$ apt-get install certbot python-certbot-nginx

Run certbot for our domain. Follow instructions to generate SSL:

$ certbot — nginx -d partohesab.ir

Rediret all HTTP traffic to HTTPS:

Run this command to edit virtual host’s configuration in nginx:

$ nano /etc/nginx/sites-available/www.partohesab.ir

Now run these commands to re-enable our virtual host: