Running an ASP.NET Core 2.0 app on Raspbian Stretch Linux on a Raspberry Pi with HTTPS

Today’s challenge: Serve a public API over HTTPS from a Raspberry Pi. I’ll follow up with an article about containerising the app and running it from docker on the Pi.

This article is a fast-paced guide to getting started without stopping to dwell on the details.

Some details will be mopped up in the last section for those wanting to know more.

Prepare the Pi

On your development machine (you won’t need to interact with the Pi directly, so no 2nd keyboard or monitor required):

  • Grab an 8Gb or larger microSD card and use Etcher to flash the Raspbian Lite image to the card.
  • Create an empty file in the root of the microSD card called “ssh”, with no extension, this will enable ssh on Raspbian.
  • Put the microSD card in the Pi, plug in a network cable and then plug in the power
  • After a minute attempt to ping the pi:
ping raspberrypi
  • If you get a response, ssh into the pi from a Bash shell (on Windows, you can use the bash shell that comes with Git):
ssh pi@raspberrypi
  • The “pi@” means you’re logging in as the “pi” user account. The default password is “raspberry”.

Installing the .NET Core prerequisites

This bit looks hard but is quite easy (thanks Dave).

At the ssh prompt, install the .NET dependencies by running each of the following commands (you can copy and paste these commands straight into bash):

sudo apt-get install curl libunwind8 gettext
curl -sSL -o dotnet.tar.gz
sudo mkdir -p /opt/dotnet && sudo tar zxf dotnet.tar.gz -C /opt/dotnet
sudo ln -s /opt/dotnet/dotnet /usr/local/bin

you can check if the .NET Core runtime has been installed by running:

dotnet --help

You should now see some the runtime command line options.

Configuring the App

If you don’t already have an ASP.NET Core app:

  • Download the SDK for your platform (Mac, Linux, Windows) from and install it
  • Make a new directory and navigate to that directory at the command line.
  • Run:
dotnet new react

By default, a new ASP.NET Core application will be set to only listen to requests only from the TCP/IP loopback address ( or localhost), so:

Open up Program.cs in your ASP.NET Core app and change the BuildWebHost method to add the following:

public static IWebHost BuildWebHost(string[] args) =>
        .UseKestrel(options => {
                listenOptions => {
                    listenOptions.UseHttps("raspberrypi.pfx", "<your-password>");

This means that when the app runs on the Pi it will accept requests to port 5000 from external clients.

Please note, Kestrel is not a supported edge server, it is designed to run behind a reverse proxy such as nginx, Apache HTTP Server or Microsoft IIS when exposed to the outside world. Read and understand this before you open up your Pi to the big bad interwebs.

Deploying the App to the Pi

I’m not offering DevOps perfection here, I’m afraid we’re just going to FTP the app across to the pi. But first we need to compile the app so it works with the Raspberry Pi’s low-power ARM processor.

On your development machine, drop to the command line, navigate to your project directory and publish your app so it works on Raspbian by executing the following command:

dotnet publish -r linux-arm

This creates a bin/Debug/netcoreapp2.0/linux-arm/publish directory that contains the binaries for your ASP.NET Core app.

Grab your favourite FTP client. If you don’t have one, FileZilla will do the trick.

Connect your FTP client to your Pi by entering the following details:

Host: raspberrypi
Username: pi
Password: raspberry
Port: 22

The FTP client should show you the directory structure on the Pi. Copy the contents of your linux-arm/publish directory to any path on the pi (I chose /home/pi/piservice/) using the FTP client.


We’re going to use a self-signed certificate to show HTTPS is possible. In a real-world scenario you’d sign a relatively short-lived RSA keypair with a certificate signed by a trusted root cert (and also, you’d probably not use a Raspberry Pi and publicly-exposed Kestrel Web Server to run your services, but hey ho).

SSH into your Pi again and run the following command to create a public and private key pair that will be valid for a year.

openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365

Next, generate a .PFX file from the two generated PEM files (thanks to Pete S Kelly):

openssl pkcs12 -export -out raspberrypi.pfx -inkey key.pem -in cert.pem

This creates the “raspberrypi.pfx” file that your ASP.NET Core app now refers to in Program.cs.

Running the app

At the SSH prompt, tell the .NET Core runtime on teh pito start your app:

dotnet <yourappname>.dll

<yourappname> will be the name of the project you created if you used Visual Studio, or the name of directory you created that you ran dotnet new in. Typically this will be something like HelloWorld.dll or Acme.Web.dll, etc.

If all has been successful you’ll see the following echoed in your SSH session on the Pi:

pi@raspberrypi:~/piservice $ dotnet src.dll
Hosting environment: Production
Content root path: /home/pi/piservice
Now listening on:
Application started. Press Ctrl+C to shut down.

(My emphasis). From your development machine you should now be able to begin making requests to your app hosted on the Pi, https://raspberrypi:5000/

You will get errors about the certificate being untrusted, this is expected as your development machine has no reason to trust the little $30 computer, but you can skip past them – or read the final section of Peter Kelly’s article to learn how to trust the Pi’s self-signed certificate.

Making it Public

This is where things turn a bit vague as it’s up to you how you set up your network.

At the most basic level you need to tell your router to send traffic to port 5000 on your Pi. This usually involves adding a Port-Forwarding Rule. You’ll need to know your Pi’s IP address to set up the rule, so it makes sense to either give the Pi a static DHCP lease. Please refer to your router’s user guide for specific information.

To call your Pi from the outside world you’ll need your router’s public IP address – of course it’s best if this is static, ask your ISP if this is an option – and then you can set up a domain name to point to this IP address.

You can get a proper SSL certificate for your domain name from LetsEncrypt, or any other certificate provider.

Note: You’ll get SSL certificate errors when using a self-signed certificate, and browsers may stop allowing access to sites where the certificate doesn’t match the public domain name.

Follow Up

I’ll follow up soon with an article on containerising the ASP.NET Core app and running it on Docker on the Pi.


Why do people only read things that back up their way of thinking?

Remember when the internet was in its infancy? We all had to put up with little 468 x 90 banner ads everywhere you looked – and sometimes we clicked them because we didn’t know better.

As time went on we grew smarter, we were able to tell the bad adverts from the good, and the emergence of online advertising  bumped the ugly out of the marketplace entirely. And now, our brains automatically blank out adverts to keep us focused on the content we went to the site in the first place for. Many of us use ad-blocking tools so our brains don’t even need to perform the mental airbrushing.

But what if those adverts were trying to tell us something really important?

What if the Emergency Broadcast System was hooked into those banner ads trying to give us forewarning of an avoidable cataclysm?

Social Engineering

Social Engineering refers to psychological manipulation of people into performing actions or divulging confidential information.

It is becoming increasingly common by malicious actors (bank and identity fraud, for example), but is also becoming a core part of many companies’ business models.

It all started innocently enough with the Social Graph. The ability to link people with other people, events, photos and products via rich, meaningful relationships turned the one-size-fits-all internet into a personalised window where the chaos suddenly started to shape itself into something we recognised and could engage with on a more emotional level.

Instant social gratification through ‘likes’ and ‘follows’ became our norm, information relevant to us started to travel at a speed that made some high school students, even back in 2008, say “email is too slow“. The relevancy-engine that is the Social Graph began to play on our most base motivations. Continue Reading “Why do people only read things that back up their way of thinking?”

Google Watch: Time to DuckDuckGo

You can't spell
You can’t spell “Don’t be evil” without “evil”! Coincidence?

Google do a lot of good things. They host free webfonts to make the web a nicer place to be. Their cloudy PaaS service, Engine Yard, gets rave reviews. Their maps are better than anyone’s, their mobile OS is the most popular in the world, and their photo hosting offer is second to none. But they can be very evil sometimes too.

Remember when Google forced you to sign up to Google+ to comment on Youtube videos, or stole your email passwords while they took pictures of your house and then “forgot” to delete it after they got found out and all the Governments told them to, or made you type extra characters to include all your words in their search, or when their CEO said there was no place for privacy and anonymity on the Internet?

* big breath*

Well they are at it again.

And I’ve had enough.

The Devil’s In The Detail

For the last few days I’ve been seeing this ‘privacy reminder’ popup whenever I go to Google (including by searching in Chrome’s address bar). And it stops you dead in your tracks. You have to read through all the legalese before it lets you search for pictures of cats. Well I just don’t have time for that, I need instant cat gratification now!.

That sounds so wrong.

Anyway, I had a quick scan through the privacy reminder and immediately smelled a rat… It all seems really un-evil at first, you can choose to switch off some of Google’s invasive behaviour by following the handy-dandy links in the privacy reminder itself. Wowzers! What a nice thing to do. I opted to switch off all the weird adverts-following-you-around settings. They’re here, in case you’re wondering.

But then I noticed it says these settings are just for this browser. Your other devices and PCs will still track the living crap out of you. Continue Reading “Google Watch: Time to DuckDuckGo”

The Sharing Economy

Your house, yesterday. Probably.
Your house, yesterday. Probably.

The ‘Sharing Economy’ is disrupting established industries and sending huge, powerful incumbents into a tizzy. Uber and AirBnB have shaken the taxi and hotel sectors, shifting power, control and profits from the RadioCabs and Hiltons of this world and into the hands of ordinary citizens armed with nothing more than a smartphone and a mobile data plan.

The question on everyone’s lips is: which industry will be disrupted by the Sharing Economy next?

A couple of years ago, I was in Portland, Oregon, for meetings with some colleagues. One lunchtime, our discussion diverged from work topics to an issue plaguing our home-lives, an issue common to both the US and UK: the reduction in bin-pickup frequency.

It’s a hot topic.

Dude, Where’s My Trash?

We tossed around some ideas to solve our overflowing bins issues, to solve the problems caused by local authorities switching from weekly to two-weekly pick-ups, and to solve that awkward situation we have all faced: that middle-of-the-night walk of shame, bin-bag over shoulder, roaming the streets like a crazed, ferral cat to find a neighbour’s bin with a bit of space left in it to deposit last night’s curry leftovers and beer bottles.

What does this have to do with the Sharing Economy?

A lightbulb lit: why not create a location-aware, social app to help out? Share My Trashcan was born, $5 per bag, with a $1 kick-back to us, it scales and is simple. But then one of our team mentally cycled through a Lean Startup build-measure-learn cycle and developed the concept, discovering that communities can come together to buy a shared dumpster, which would provide even more space (some of which could be shared with other communities!) and would also be picked up weekly.

Share My Trashcan was dead, long live Share My Dumpster!

Later in the day (after doing some actual work) we revisited the idea and the real, Lean, magic happened: we pivoted.  Continue Reading “The Sharing Economy”

Google’s Project Loon

Google Project Loon. Probably not evil. Probably.
Google Project Loon. Probably not evil. Probably.

Google are doing a lot of “10X innovation” right now. That is innovation that isn’t just incrementally better than the competition (like a 10% improvement) but a moon-shot, 10-times improvement. One of these initiatives is called Project Loon:

You can sometimes see these balloons being tested off the coast of Christchurch, New Zealand, on FlightRadar, which means these craft are equipped with Automatic Dependent Surveillance Broadcast (ADS-B) systems:


Continue Reading “Google’s Project Loon”

Mozilla Launches Firefox OS 1.0 Simulator

Ironically, the in-built browser appears to be borked.

I’ve spoken of my excitement for Firefox OS before, but now Mozilla have released version 1.0 of the operating system simulator into the wild. An entirely-web-based operating system poses an enticing, compelling experience for the user; an experience known as “continuous client” because it follows you across your devices as if you were using the same system.

This is the future. In fact, the “web-based operating system” is something I am working on myself. Maybe I won’t be able to take on the might of, but I think my focus is sufficiently different as to allow for them to coincide and even compete. But enough self-promotion… (for now, I’ll publish some info in January 2013)…


Firefox OS

Firefox OS is an operating system based on the Gecko rendering engine that powers the Firefox browser, hence the original working name of “Boot to Gecko”.  Continue Reading “Mozilla Launches Firefox OS 1.0 Simulator”

Whatever You’re Good At, Graph It

Facebook’s Open Graph – connecting creepy stalkers and sexy, unobtainable femmes faster than ever before…

What are you good at? What do you, or your business, do best? Is there something you do better than anybody else? Once you have identified your specialism, turn it into a graph.

TL;DR: I predict that graphs will become the standard way of storing and sharing information. And that providing graphs containing useful information such as banking data or flight prices will end up being a thriving, trillion-dollar economy.


What is a Graph?

A ‘graph’ is a collection of things connected together using a common piece of information. For example, you are connected to the people on your street with a common postal code. You are connected to several tens of thousands of people across the country by sharing the same bank. And you are connected to a much larger graph of people who are Internet users.

But the ‘things’ that are connected together don’t all have to be the same type of thing. The most famous and successful graph on the planet is Facebook’s Social Graph. The social graph is a connected network of people, photos, events, likes, comments and many more things. A photo in itself is a good, monetisable, chunk of information to store (just ask Flickr!). But a photo which is connected to the people in the photo, the place it was taken, and the event that was happening, brings a wealth of context to such a simple thing as a snapshot. But graphs are about more than just things and the connections between things, the type of connection adds an order of magnitude again more information.

Continue Reading “Whatever You’re Good At, Graph It”

New MySpace = Pinterest + Windows 8 + Cool

The last thing Google+ needs is another competitor…

MySpace. Remember them? They were ‘Facebook’ back when Nokia ruled the mobile world, Yahoo! was the world’s second most popular search engine, oil was cheap, flying was luxurious and Saddam Hussein had loads of WMDs.

Then Mark Zuckerberg’s Facebook turned up and stole everyone.

Rupert Murdoch bought the ailing MySpace for a smidge under $600m in 2005, selling them in 2011 for $35m. Although if you ask him about that fiasco, he probably has no recollection of those events


New Myspace

MySpace’s new owners, Specific Media, are making absolutely sure that you know that this is the NEW MySpace. You can go register for the new service at – did I mention it was new?


New Tech, New Design

And by the looks of that link above, Specific Media are embracing the brave new world of HTML5. For the geeks out there, you’ll notice they’re using the HTML5 !DOCTYPE and the new <video> tag.

The design is thin, high-contrast typography in little squares, while large feature-walls of videos and pictures fill the rest of your vision. It’s like the images on Bing, they’re not essential, but they’re engaging and nice.

I was preparing to make comments like, “Bless! They think they can take Facebook on by stealing Microsoft’s Metro UI” or “Some skinny text wont save your butts now, MySpace”, but actually…. and I hate to say this…. I’m very, mightily impressed with what they’re trying to do here.

Facebook should absolutely be concerned about this audacious coup.

While Google+ chief, Vic Gundotra, should be absolutely shitting himself.