asp.NET on Debian

As expert in data excellence solutions, Anchormen encounters all kinds of different situations in which we add value. Not only the core of a data platform is in good hands with us, also the applications around it can be trusted to us. We get to deal with various applications that are built upon, make use of, integrate with or need to be adapted to a big data platform. Many, if not all, big data platforms are based on Open Source software. At a few specific customer cases, we were confronted with web applications built in .NET that had to run on a Linux platform. Of course we don’t back away for such a challenge ;-).

To verify this, we needed a working asp.NET server that could serve our applications. There are many tutorials already out there, but none of them completely describe the process of setting it up, or would not work at all (mostly because they were out dated).

There were a few that worked, but they would run the application as root user (seriously, did we not all learn from the past? don’t give exposed services admin rights). This tutorial will guide you through the process of installing a server capable of hosting asp.NET applications as a simple system user with minimal privileges.

Note: this tutorial was created using Debian Jessie, there may be significant differences in the commands, packages and service management tools if you try this on a non Debian distribution, or if your distribution does not support apt-get.

Debian

Debian is one of the most used Linux distributions, many use it as a base for their own distributions e.g. Ubuntu.

To install, start with a minimal installation of Debian. Do not configure a root password, this will force the installer to install sudo and setup a user account with sudo permissions.

There is no need for the root user to ever login directly, making your server just a little bit more secure. And I personally think any server with a root login or default user name like admin or administrator should be considered insecure.

Firewall

Ask your system administrator to configure a simple firewall (or follow one of the many tutorials on the internet). Just make sure port 80 is accessible and all loopback traffic is allowed. If you prefer ssh then make sure port 22 is open and an ssh server is installed.

Software

Now that we have a simple server, we need to install some components to support web requests and asp.NET to install the components using the following command in the terminal.

1 sudo apt-get >code class="bash plain">nginx mono-fastcgi-server mono-fastcgi-server2 mono-fastcgi-server4

Users

We need to create a few users to separate the applications from each other. In this example we use `www-wa` as prefix to make it easier to distinguish processes for system administrators allowing them to monitor disk and memory usage.

1 sudo adduser --system --group --no-create-home www-wa-test

We have a new user and group, the group we need later for security reasons in case you want to try socket files.

Application home

Each application will need it’s own directory so we need to create one in this example. We do this in the /var/www, but you may choose to use a different location.

It is recommended that you use the fqdn in the folder name. This makes it easier to handle multiple .NET services on the same server.

1 sudo mkdir /var/www/test.anchormen.local

We will consider this folder the home folder of the user. We did not configure it as home folder to prevent confusion: it is not an actual user therefore it has no home folder. Now we need to give ownership of this folder to the newly created user.

1 sudo chown www-wa-test:www-wa-test /var/www/test.anchormen.local

Opening some doors

Now we need to give nginx access to the application folder (note: on some systems nginx runs as root, you can skip this step in that case). Add `www-wa-test` group to `www-data` user (the nginx user). All files that the new system user can access can now be accessed by nginx (don’t reverse these 2 parameters, it would be a major security issue if applications can access www-data files as they could be shared across multiple applications). If you wish to share between applications, just add the 2 applications groups to each other’s groups.

Note: you can skip this one command if you are not going to use a socket file but it won’t hurt if you do (this will be explained later).

1 sudo usemod -a -G www-wa-test www-data

Now that we have the basics ready, we need to configure services. To do that, we need to create one more folder: the application root folder. In the application home folder we will use ‘htdocs’ (this is where the application should be uploaded to).

1 2 sudo mkdir /var/www/test.anchormen.local/htdocs sudo chown www-wa-test:www-wa-test /var/www/test.anchormen.local/htdocs

SystemD Service

We need to create a new SystemD service file. We installed 2 versions of .NET (2.0 and 4.0). You can chose which is needed based on the last digit in the command: for 2.0 use `fastcgi-mono-server2` and for 4.0 use `fastcgi-mono-server4`.

1 sudo nano /etc/systemd/system/www-wa-test.service

Put the following content into the file and change the highlighted areas to your needs (note that a port is highlighted. This needs to be changed for each application. It should have been possible to use socket files, but the permission setting that mono uses are not compatible and can’t be changed easily in an automatic way). FYI: you can exit nano using ctrl+x.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 [Unit] Description=WWW-WA test application server After=network.target auditd.service   [Service] UMask=117 User=www-wa-test Group=www-wa-test Environment="BASEPATH=" ExecStart=/usr/bin/fastcgi-mono-server2 --applications=/:/var/www/test.anchormen.local/htdocs --socket=tcp:127.0.0.1:9000 ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=on-failure   [Install] WantedBy=multi-user.target

Now that we have a service file, we need to make systemd aware of the file. To do this we need to reload the configuration of systemd.

1 sudo systemctl daemon-reload

This gives basic service capabilities.

1 sudo systemctl [start|stop|restart] www-wa-test.service

In case your application will have trouble starting, you can use the command below to view the process output.

1 sudo journalctl --unit www-wa-test.service

Upload your application into the htdocs folder; you can setup ftp or use scp.

Now we can start the service!

1 sudo systemctl start www-wa-test

If you tried using a socket file, it should be created at the location you can specify (note: group permissions at the time of writing this tutorial were not set to read/write and were not configurable and do not honor umask so I switched to using a tcp socket).

Nginix

The application should be running and we need to configure nginx to serve it to the rest of the world.

1 sudo nano /etc/nginx/sites-available/www-wa-test

You can extend the config to support ssl (there are other manuals for that)

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 server { listen 80; server_name test.anchormen.local; access_log /var/log/nginx/test.anchormen.local.access.log;   location / { root /var/www/test.anchormen.local/htdocs/; index index.html index.htm default.aspx Default.aspx; fastcgi_index Default.aspx; fastcgi_pass 127.0.0.1:9000; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO ""; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } }

Now enable the site by simply create a symbolic link.

1 sudo ln -s /etc/nginx/sites-available/www-wa-test /etc/nginx/sites-enabled/www-wa-test

Restart nginx and it should be running!

1 sudo systemctl restart nginx.service
Back to Big Data Services