An ASP.NET Core application runs with an in-process HTTP server implementation. The server implementation listens for HTTP requests and surfaces them to the application as sets of request features composed into an
ASP.NET Core ships two server implementations:
Kestrel is the web server that is included by default in ASP.NET Core new-project templates. If your application accepts requests only from an internal network, you can use Kestrel by itself.
If you expose your application to the Internet, you must use IIS, Nginx, or Apache as a reverse proxy server. A reverse proxy server receives HTTP requests from the Internet and forwards them to Kestrel after some preliminary handling, as shown in the following diagram.
The most important reason for using a reverse proxy for edge deployments (exposed to traffic from the Internet) is security. Kestrel is relatively new and does not yet have a full complement of defenses against attacks. This includes but isn't limited to appropriate timeouts, size limits, and concurrent connection limits. For more information about when to use Kestrel with a reverse proxy, see Kestrel.
You can't use IIS, Nginx, or Apache without Kestrel or a custom server implementation. ASP.NET Core was designed to run in its own process so that it can behave consistently across platforms. IIS, Nginx, and Apache dictate their own startup process and environment; to use them directly, ASP.NET Core would have to adapt to the needs of each one. Using a web server implementation such as Kestrel gives ASP.NET Core control over the startup process and environment. So rather than trying to adapt ASP.NET Core to IIS, Nginx, or Apache, you just set up those web servers to proxy requests to Kestrel. This arrangement allows your
Startup classes to be essentially the same no matter where you deploy.
IIS with Kestrel
When you use IIS or IIS Express as a reverse proxy for ASP.NET Core, the ASP.NET Core application runs in a process separate from the IIS worker process. In the IIS process, a special IIS module runs to coordinate the reverse proxy relationship. This is the ASP.NET Core Module. The primary functions of the ASP.NET Core Module are to start the ASP.NET Core application, restart it when it crashes, and forward HTTP traffic to it. For more information, see ASP.NET Core Module.
Nginx with Kestrel
For information about how to use Nginx on Linux as a reverse proxy server for Kestrel, see Publish to a Linux Production Environment.
Apache with Kestrel
For information about how to use Apache on Linux as a reverse proxy server for Kestrel, see Using Apache Web Server as a reverse proxy.
If you run your ASP.NET Core app on Windows, WebListener is an alternative that you can use for scenarios where you want to expose your app to the Internet but you can't use IIS.
WebListener can also be used in place of Kestrel for applications that are exposed only to an internal network, if you need one of its features that Kestrel doesn't support.
For internal network scenarios, Kestrel is generally recommended for best performance, but in some scenarios you might want to use a feature that only WebListener offers. For information about WebListener features, see WebListener.
Notes about ASP.NET Core server infrastructure
IApplicationBuilder available in the
Configure method exposes the
ServerFeatures property of type
IFeatureCollection. Kestrel and WebListener both expose only a single feature,
IServerAddressesFeature, but different server implementations may expose additional functionality.
IServerAddressesFeature can be used to find out which port the server implementation has bound to at runtime.
You can create custom server implementations to use in place of Kestrel or WebListener. The Open Web Interface for .NET (OWIN) guide demonstrates how to write a Nowin-based
IServer implementation. You're free to implement just the feature interfaces your application needs, though at a minimum you must support
For more information, see the following resources: