How to Enable or Disable HTTP/HTTPS and Change Port in ASP.NET Core

How to Enable or Disable HTTP/HTTPS and Change Port Number in ASP.NET Core

ASP.NET Core provides flexible and powerful ways to configure HTTP, HTTPS, and port numbers
across development, staging, and production environments. Whether you are hosting on IIS,
Linux, Docker, Azure App Service, or behind an Nginx reverse proxy, understanding these
configurations is essential for security and performance.

Configure HTTP/HTTPS and Ports Using launchSettings.json (Development)

The launchSettings.json file is primarily used during local development.
It defines how the application runs when launched from Visual Studio or the .NET CLI.

Enable Both HTTP and HTTPS

{
  "profiles": {
    "MyApp": {
      "commandName": "Project",
      "applicationUrl": "https://localhost:5001;http://localhost:5000",
      "environmentVariables": {
        "ASPNETCORE_ENVIRONMENT": "Development"
      }
    }
  }
}

Enable HTTPS Only

"applicationUrl": "https://localhost:5001"

Enable HTTP Only (Not Recommended)

"applicationUrl": "http://localhost:5000"

Change HTTP/HTTPS Ports Using Kestrel (Program.cs)

Kestrel is the default web server for ASP.NET Core. You can configure ports and protocols
directly in Program.cs.

var builder = WebApplication.CreateBuilder(args);

builder.WebHost.ConfigureKestrel(options =>
{
    options.ListenAnyIP(5000); // HTTP
    options.ListenAnyIP(5001, listenOptions =>
    {
        listenOptions.UseHttps();
    });
});

var app = builder.Build();
app.Run();
  

Disable HTTP Completely

builder.WebHost.ConfigureKestrel(options =>
{
    options.ListenAnyIP(5001, listenOptions =>
    {
        listenOptions.UseHttps();
    });
});
  

Force HTTPS Redirection

To ensure all HTTP requests are automatically redirected to HTTPS, enable HTTPS redirection.

app.UseHttpsRedirection();
  

builder.Services.AddHttpsRedirection(options =>
{
    options.HttpsPort = 5001;
});
  

Nginx Reverse Proxy Setup for ASP.NET Core

When hosting ASP.NET Core on Linux, Nginx is commonly used as a reverse proxy in front of
Kestrel. Nginx handles HTTPS, certificates, and public traffic, while Kestrel runs internally.

Example Nginx Configuration

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/ssl/certs/example.crt;
    ssl_certificate_key /etc/ssl/private/example.key;

    location / {
        proxy_pass http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection keep-alive;
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}
  

In this setup, Kestrel listens only on HTTP internally, while Nginx handles HTTPS and redirects.

Azure App Service HTTP/HTTPS Configuration

Azure App Service manages ports internally. You do not manually configure ports like 5000 or
5001. Azure automatically routes traffic to your application.

Force HTTPS in Azure App Service

1. Go to Azure Portal → App Service
2. Open Settings → TLS/SSL
3. Enable HTTPS Only

Azure will automatically redirect HTTP traffic to HTTPS without requiring code changes.

Optional HTTPS Redirection in Code

app.UseHttpsRedirection();
  

Linux systemd + Kestrel Setup

On Linux servers, ASP.NET Core applications are commonly run as systemd services to ensure
reliability and auto-restart.

Create systemd Service File

sudo nano /etc/systemd/system/myapp.service
  

[Unit]
Description=ASP.NET Core Web Application
After=network.target

[Service]
WorkingDirectory=/var/www/myapp
ExecStart=/usr/bin/dotnet /var/www/myapp/MyApp.dll
Restart=always
RestartSec=10
SyslogIdentifier=myapp
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=ASPNETCORE_URLS=http://localhost:5000

[Install]
WantedBy=multi-user.target
  

Enable and Start the Service

sudo systemctl daemon-reload
sudo systemctl enable myapp
sudo systemctl start myapp
  

In production, this setup is usually combined with Nginx acting as a reverse proxy.

Best Practices

• Always use HTTPS in production environments
• Redirect HTTP traffic to HTTPS
• Use Nginx or IIS as a reverse proxy for better security
• Avoid exposing Kestrel directly to the internet
• Use environment-based configuration

Conclusion

Configuring HTTP, HTTPS, and port numbers in ASP.NET Core depends on where and how your
application is hosted. By using the right approach for development, Linux servers,
Azure App Service, or reverse proxy setups, you can ensure your application is secure,
scalable, and production-ready.