ASP.NET Core 中的網頁伺服器實作Web server implementations in ASP.NET Core

Tom DykstraSteve SmithStephen HalterChris Ross 提供By Tom Dykstra, Steve Smith, Stephen Halter, and Chris Ross

ASP.NET Core 應用程式執行時,需使用內含式 HTTP 伺服器實作。An ASP.NET Core app runs with an in-process HTTP server implementation. 伺服器實作會接聽 HTTP 要求,並以組成 HttpContext 的一組要求功能形式向應用程式呈現。The server implementation listens for HTTP requests and surfaces them to the app as a set of request features composed into an HttpContext.

ASP.NET Core 隨附下列項目:ASP.NET Core ships with the following:

使用 IISIIS Express 時,應用程式可能會執行於:When using IIS or IIS Express, the app either runs:

ASP.NET Core 模組是一種原生 IIS 模組,可處理 IIS 與同處理序 IIS HTTP 伺服器或 Kestrel 之間的原生 IIS 要求。The ASP.NET Core Module is a native IIS module that handles native IIS requests between IIS and the in-process IIS HTTP Server or Kestrel. 如需詳細資訊,請參閱ASP.NET Core 模組For more information, see ASP.NET Core 模組.

裝載模型Hosting models

同處理序裝載模型In-process hosting model

使用同處理序裝載,ASP.NET Core 應用程式會在與其 IIS 工作者處理序相同的處理序中執行。Using in-process hosting, an ASP.NET Core app runs in the same process as its IIS worker process. 這消除了透過回送配接器對要求進行 Proxy 處理的跨處理序效能損失。該配接器是一種網路介面,會將連出的網路流量傳回相同機器。This removes the out-of-process performance penalty of proxying requests over the loopback adapter, a network interface that returns outgoing network traffic back to the same machine. IIS 透過 Windows 處理序啟用服務 (WAS) 來執行處理程序管理。IIS handles process management with the Windows Process Activation Service (WAS).

ASP.NET Core 模組:The ASP.NET Core Module:

  • 執行應用程式初始化。Performs app initialization.
    • 載入 CoreCLRLoads the CoreCLR.
    • 呼叫 Program.MainCalls Program.Main.
  • 處理 IIS 原生要求的存留期。Handles the lifetime of the IIS native request.

以 .NET Framework 為目標的 ASP.NET Core 應用程式不支援處理序內裝載模型。The in-process hosting model isn't supported for ASP.NET Core apps that target the .NET Framework.

下圖說明 IIS、ASP.NET Core 模組和同處理序裝載應用程式之間的關聯性:The following diagram illustrates the relationship between IIS, the ASP.NET Core Module, and an app hosted in-process:

ASP.NET Core 模組

要求會從 Web 到達核心模式的 HTTP.sys 驅動程式。A request arrives from the web to the kernel-mode HTTP.sys driver. 驅動程式會在網站設定的連接埠上將原生要求路由至 IIS,此連接埠通常是 80 (HTTP) 或 443 (HTTPS)。The driver routes the native request to IIS on the website's configured port, usually 80 (HTTP) or 443 (HTTPS). 模組會接收原生要求,並將它傳遞至 IIS HTTP 伺服器 (IISHttpServer)。The module receives the native request and passes it to IIS HTTP Server (IISHttpServer). IIS HTTP 伺服器是 IIS 的同處理序伺服程式實作,可將要求從原生轉換為受控。IIS HTTP Server is an in-process server implementation for IIS that converts the request from native to managed.

IIS HTTP 伺服器處理要求之後,要求會被推送至 ASP.NET Core 中介軟體管線。After the IIS HTTP Server processes the request, the request is pushed into the ASP.NET Core middleware pipeline. 中介軟體管線會處理要求,並將其作為 HttpContext 執行個體傳遞至應用程式的邏輯。The middleware pipeline handles the request and passes it on as an HttpContext instance to the app's logic. 應用程式的回應會傳回 IIS,而 IIS 會將其推送回起始要求的用戶端。The app's response is passed back to IIS, which pushes it back out to the client that initiated the request.

現有的應用程式可以選擇同處理序裝載,但 dotnet new 範本預設會對所有 IIS 和 IIS Express 案例使用同處理序裝載模型。In-process hosting is opt-in for existing apps, but dotnet new templates default to the in-process hosting model for all IIS and IIS Express scenarios.

跨處理序裝載模型Out-of-process hosting model

因為 ASP.NET Core 應用程式執行所在的處理序會與 IIS 工作者處理序分開,所以此模組會執行處理程序管理。Because ASP.NET Core apps run in a process separate from the IIS worker process, the module handles process management. 此模組會在第一個要求到達時啟動 ASP.NET Core 應用程式的處理序,並在應用程式關閉或損毀時將它重新啟動。The module starts the process for the ASP.NET Core app when the first request arrives and restarts the app if it shuts down or crashes. 此行為基本上與執行同處理序,並由 Windows 處理序啟用服務 (WAS) 所管理的應用程式相同。This is essentially the same behavior as seen with apps that run in-process that are managed by the Windows Process Activation Service (WAS).

下圖說明 IIS、ASP.NET Core 模組和跨處理序裝載應用程式之間的關聯性:The following diagram illustrates the relationship between IIS, the ASP.NET Core Module, and an app hosted out-of-process:

ASP.NET Core 模組

要求會從 Web 到達核心模式的 HTTP.sys 驅動程式。Requests arrive from the web to the kernel-mode HTTP.sys driver. 驅動程式會在網站設定的通訊埠上將要求路由至 IIS,此通訊埠通常是 80 (HTTP) 或 443 (HTTPS)。The driver routes the requests to IIS on the website's configured port, usually 80 (HTTP) or 443 (HTTPS). 此模組會在應用程式的隨機通訊埠上將要求轉送至 Kestrel,而且不會是通訊埠 80 或 443。The module forwards the requests to Kestrel on a random port for the app, which isn't port 80 or 443.

此模組在啟動時透過環境變數指定通訊埠,而 IIS 整合中介軟體則會設定伺服器來接聽 http://localhost:{PORT}The module specifies the port via an environment variable at startup, and the IIS Integration Middleware configures the server to listen on http://localhost:{PORT}. 將會執行額外檢查,不是源自模組的要求都會遭到拒絕。Additional checks are performed, and requests that don't originate from the module are rejected. 此模組不支援 HTTPS 轉送,因此即使由 IIS 透過 HTTPS 接收,要求還是會透過 HTTP 轉送。The module doesn't support HTTPS forwarding, so requests are forwarded over HTTP even if received by IIS over HTTPS.

Kestrel 收取來自模組的要求之後,要求會被推送至 ASP.NET Core 中介軟體管線。After Kestrel picks up the request from the module, the request is pushed into the ASP.NET Core middleware pipeline. 中介軟體管線會處理要求,並將其作為 HttpContext 執行個體傳遞至應用程式的邏輯。The middleware pipeline handles the request and passes it on as an HttpContext instance to the app's logic. IIS Integration 新增的中介軟體會更新配置、遠端 IP 和帳戶路徑基底,以將要求轉送至 Kestrel。Middleware added by IIS Integration updates the scheme, remote IP, and pathbase to account for forwarding the request to Kestrel. 應用程式的回應會傳回 IIS,而 IIS 會將其推送回起始要求的 HTTP 用戶端。The app's response is passed back to IIS, which pushes it back out to the HTTP client that initiated the request.

如需 IIS 和 ASP.NET Core 模組的設定指南,請參閱下列主題:For IIS and ASP.NET Core Module configuration guidance, see the following topics:

ASP.NET Core 隨附下列項目:ASP.NET Core ships with the following:

在使用 IISIIS Express 時,應用程式會執行於從 IIS 背景工作處理序中分離出的處理序 (跨處理序),並搭配 Kestrel 伺服器When using IIS or IIS Express, the app runs in a process separate from the IIS worker process (out-of-process) with the Kestrel server.

因為 ASP.NET Core 應用程式執行所在的處理序會與 IIS 工作者處理序分開,所以此模組會執行處理程序管理。Because ASP.NET Core apps run in a process separate from the IIS worker process, the module handles process management. 此模組會在第一個要求到達時啟動 ASP.NET Core 應用程式的處理序,並在應用程式關閉或損毀時將它重新啟動。The module starts the process for the ASP.NET Core app when the first request arrives and restarts the app if it shuts down or crashes. 此行為基本上與執行同處理序,並由 Windows 處理序啟用服務 (WAS) 所管理的應用程式相同。This is essentially the same behavior as seen with apps that run in-process that are managed by the Windows Process Activation Service (WAS).

下圖說明 IIS、ASP.NET Core 模組和跨處理序裝載應用程式之間的關聯性:The following diagram illustrates the relationship between IIS, the ASP.NET Core Module, and an app hosted out-of-process:

ASP.NET Core 模組

要求會從 Web 到達核心模式的 HTTP.sys 驅動程式。Requests arrive from the web to the kernel-mode HTTP.sys driver. 驅動程式會在網站設定的通訊埠上將要求路由至 IIS,此通訊埠通常是 80 (HTTP) 或 443 (HTTPS)。The driver routes the requests to IIS on the website's configured port, usually 80 (HTTP) or 443 (HTTPS). 此模組會在應用程式的隨機通訊埠上將要求轉送至 Kestrel,而且不會是通訊埠 80 或 443。The module forwards the requests to Kestrel on a random port for the app, which isn't port 80 or 443.

此模組在啟動時透過環境變數指定通訊埠,而 IIS 整合中介軟體則會設定伺服器來接聽 http://localhost:{port}The module specifies the port via an environment variable at startup, and the IIS Integration Middleware configures the server to listen on http://localhost:{port}. 將會執行額外檢查,不是源自模組的要求都會遭到拒絕。Additional checks are performed, and requests that don't originate from the module are rejected. 此模組不支援 HTTPS 轉送,因此即使由 IIS 透過 HTTPS 接收,要求還是會透過 HTTP 轉送。The module doesn't support HTTPS forwarding, so requests are forwarded over HTTP even if received by IIS over HTTPS.

Kestrel 收取來自模組的要求之後,要求會被推送至 ASP.NET Core 中介軟體管線。After Kestrel picks up the request from the module, the request is pushed into the ASP.NET Core middleware pipeline. 中介軟體管線會處理要求,並將其作為 HttpContext 執行個體傳遞至應用程式的邏輯。The middleware pipeline handles the request and passes it on as an HttpContext instance to the app's logic. IIS Integration 新增的中介軟體會更新配置、遠端 IP 和帳戶路徑基底,以將要求轉送至 Kestrel。Middleware added by IIS Integration updates the scheme, remote IP, and pathbase to account for forwarding the request to Kestrel. 應用程式的回應會傳回 IIS,而 IIS 會將其推送回起始要求的 HTTP 用戶端。The app's response is passed back to IIS, which pushes it back out to the HTTP client that initiated the request.

如需 IIS 和 ASP.NET Core 模組的設定指南,請參閱下列主題:For IIS and ASP.NET Core Module configuration guidance, see the following topics:

KestrelKestrel

Kestrel 是內含於 ASP.NET Core 專案範本中的預設網頁伺服器。Kestrel is the default web server included in ASP.NET Core project templates.

Kestrel 的用法有:Kestrel can be used:

  • 供本身當作直接從網路 (包括網際網路) 處理要求的邊緣伺服器。By itself as an edge server processing requests directly from a network, including the Internet.

    Kestrel 不使用反向 Proxy 伺服器直接與網際網路通訊

  • 搭配「反向 Proxy 伺服器」使用,例如 Internet Information Services (IIS)NginxApacheWith a reverse proxy server, such as Internet Information Services (IIS), Nginx, or Apache. 反向 Proxy 伺服器會從網際網路接收 HTTP 要求,然後轉送到 Kestrel。A reverse proxy server receives HTTP requests from the Internet and forwards them to Kestrel.

    Kestrel 透過 IIS、Nginx 或 Apache 等反向 Proxy 伺服器間接與網際網路通訊

不論裝載設定是否具有反向 Proxy 伺服器,ASP.NET Core 2.1 或更新版的應用程式均予以支援。Either hosting configuration—with or without a reverse proxy server—is supported for ASP.NET Core 2.1 or later apps.

如果應用程式只接受來自內部網路的要求,就可單獨使用 Kestrel。If the app only accepts requests from an internal network, Kestrel can be used by itself.

Kestrel 直接與內部網路通訊

如果應用程式會向網際網路公開,Kestrel 就必須使用「反向 Proxy 伺服器」,例如 Internet Information Services (IIS)NginxApacheIf the app is exposed to the Internet, Kestrel must use a reverse proxy server, such as Internet Information Services (IIS), Nginx, or Apache. 反向 Proxy 伺服器會從網際網路接收 HTTP 要求,然後轉送到 Kestrel。A reverse proxy server receives HTTP requests from the Internet and forwards them to Kestrel.

Kestrel 透過 IIS、Nginx 或 Apache 等反向 Proxy 伺服器間接與網際網路通訊

使用反向 Proxy 進行公眾對應 Edge Server 部署 (直接公開到網際網路) 的最重要理由是安全性。The most important reason for using a reverse proxy for public-facing edge server deployments that are exposed directly the Internet is security. 1.x 版的 Kestrel 並不包含可防禦網際網路攻擊的重要安全性功能。The 1.x versions of Kestrel don't include important security features to defend against attacks from the Internet. 這包括但不限於適當的逾時、要求大小限制和同時連線限制。This includes, but isn't limited to, appropriate timeouts, request size limits, and concurrent connection limits.

如需 Kestrel 設定指南及資訊,以了解在反向 Proxy 設定中使用 Kestrel 的時機,請參閱 ASP.NET Core 中的 Kestrel 網頁伺服器實作For Kestrel configuration guidance and information on when to use Kestrel in a reverse proxy configuration, see ASP.NET Core 中的 Kestrel 網頁伺服器實作.

Nginx 與 KestrelNginx with Kestrel

如需如何在 Linux 上使用 Nginx 作為 Kestrel 反向 Proxy 伺服器的資訊,請參閱 在 Linux 上使用 Nginx 裝載 ASP.NET CoreFor information on how to use Nginx on Linux as a reverse proxy server for Kestrel, see 在 Linux 上使用 Nginx 裝載 ASP.NET Core.

Apache 與 KestrelApache with Kestrel

如需如何在 Linux 上使用 Apache 作為 Kestrel 反向 Proxy 伺服器的資訊,請參閱 在 Linux 上使用 Apache 裝載 ASP.NET CoreFor information on how to use Apache on Linux as a reverse proxy server for Kestrel, see 在 Linux 上使用 Apache 裝載 ASP.NET Core.

IIS HTTP 伺服器IIS HTTP Server

IIS HTTP 伺服器是 IIS 的同處理序伺服器,對於同處理序部署不可或缺。IIS HTTP Server is an in-process server for IIS and required for in-process deployments. ASP.NET Core 模組會處理 IIS 與 IIS HTTP 伺服器之間的原生 IIS 要求。The ASP.NET Core Module handles native IIS requests between IIS and IIS HTTP Server. 如需詳細資訊,請參閱ASP.NET Core 模組For more information, see ASP.NET Core 模組.

HTTP.sysHTTP.sys

如果您在 Windows 上執行 ASP.NET Core 應用程式,則 HTTP.sys 是 Kestrel 的替代方案。If ASP.NET Core apps are run on Windows, HTTP.sys is an alternative to Kestrel. 通常建議使用 Kestrel 以達到最佳效能。Kestrel is generally recommended for best performance. HTTP.sys 可以用於下列情況:應用程式公開到網際網路,且必要功能是由 HTTP.sys 而非 Kestrel 支援。HTTP.sys can be used in scenarios where the app is exposed to the Internet and required capabilities are supported by HTTP.sys but not Kestrel. 如需詳細資訊,請參閱ASP.NET Core 中的 HTTP.sys 網頁伺服器實作For more information, see ASP.NET Core 中的 HTTP.sys 網頁伺服器實作.

HTTP.sys 直接與網際網路通訊

HTTP.sys 也可用於只公開到內部網路的應用程式。HTTP.sys can also be used for apps that are only exposed to an internal network.

HTTP.sys 直接與內部網路通訊

如需 HTTP.sys 設定指南,請參閱 ASP.NET Core 中的 HTTP.sys 網頁伺服器實作For HTTP.sys configuration guidance, see ASP.NET Core 中的 HTTP.sys 網頁伺服器實作.

ASP.NET Core 伺服器基礎結構ASP.NET Core server infrastructure

可在 Startup.Configure 方法中使用的 IApplicationBuilder 會公開 IFeatureCollection 類型的 ServerFeatures 屬性。The IApplicationBuilder available in the Startup.Configure method exposes the ServerFeatures property of type IFeatureCollection. Kestrel 和 HTTP.sys 只會個別公開單一功能 IServerAddressesFeature,但不同的伺服器實作可能會公開其他的功能。Kestrel and HTTP.sys only expose a single feature each, IServerAddressesFeature, but different server implementations may expose additional functionality.

IServerAddressesFeature 可用來找出伺服器實作在執行階段已繫結的連接埠。IServerAddressesFeature can be used to find out which port the server implementation has bound at runtime.

自訂伺服器Custom servers

如果內建伺服器不符合應用程式的需求,則可以建立自訂伺服器實作。If the built-in servers don't meet the app's requirements, a custom server implementation can be created. Open Web Interface for .NET (OWIN) 指南示範如何撰寫以 Nowin 為基礎的 IServer 實作。The Open Web Interface for .NET (OWIN) guide demonstrates how to write a Nowin-based IServer implementation. 只有應用程式使用的功能介面需要實作,但至少必須支援 IHttpRequestFeatureIHttpResponseFeatureOnly the feature interfaces that the app uses require implementation, though at a minimum IHttpRequestFeature and IHttpResponseFeature must be supported.

伺服器啟動Server startup

伺服器會在整合式開發環境 (IDE) 或編輯器啟動應用程式時啟動:The server is launched when the Integrated Development Environment (IDE) or editor starts the app:

當您在專案資料夾中使用命令提示字元啟動應用程式時,dotnet run 會啟動應用程式和伺服器 (僅限 Kestrel 和 HTTP.sys)。When launching the app from a command prompt in the project's folder, dotnet run launches the app and server (Kestrel and HTTP.sys only). 組態是由 -c|--configuration 選項指定,會設為 Debug (預設值) 或 ReleaseThe configuration is specified by the -c|--configuration option, which is set to either Debug (default) or Release. 如果 launchSettings.json 檔案中出現啟動設定檔,請使用 --launch-profile <NAME> 選項來設定啟動設定檔 (例如,DevelopmentProduction)。If launch profiles are present in a launchSettings.json file, use the --launch-profile <NAME> option to set the launch profile (for example, Development or Production). 如需詳細資訊,請參閱 dotnet run.NET Core 發佈封裝For more information, see dotnet run and .NET Core distribution packaging.

HTTP/2 支援HTTP/2 support

在下列部署案例中,ASP.NET Core 支援 HTTP/2HTTP/2 is supported with ASP.NET Core in the following deployment scenarios:

  • KestrelKestrel
    • 作業系統Operating system
      • Windows Server 2016/Windows 10 或更新版本†Windows Server 2016/Windows 10 or later†
      • Linux 含 OpenSSL 1.0.2 或更新版本 (例如 Ubuntu 16.04 或更新版本)Linux with OpenSSL 1.0.2 or later (for example, Ubuntu 16.04 or later)
      • 未來版本的 macOS 將會支援 HTTP/2。HTTP/2 will be supported on macOS in a future release.
    • 目標 Framework:.NET Core 2.2 或更新版本Target framework: .NET Core 2.2 or later
  • HTTP.sysHTTP.sys
    • Windows Server 2016/Windows 10 或更新版本Windows Server 2016/Windows 10 or later
    • 目標 Framework:不適用於 HTTP.sys 部署。Target framework: Not applicable to HTTP.sys deployments.
  • IIS (同處理序)IIS (in-process)
    • Windows Server 2016/Windows 10 或更新版本;IIS 10 或更新版本Windows Server 2016/Windows 10 or later; IIS 10 or later
    • 目標 Framework:.NET Core 2.2 或更新版本Target framework: .NET Core 2.2 or later
  • IIS (跨處理序)IIS (out-of-process)
    • Windows Server 2016/Windows 10 或更新版本;IIS 10 或更新版本Windows Server 2016/Windows 10 or later; IIS 10 or later
    • 公眾對應 Edge Server 連線使用 HTTP/2,但是對 Kestrel 的反向 Proxy 連線使用 HTTP/1.1。Public-facing edge server connections use HTTP/2, but the reverse proxy connection to Kestrel uses HTTP/1.1.
    • 目標 Framework:不適用於 IIS 跨處理序部署。Target framework: Not applicable to IIS out-of-process deployments.

†Kestrel 在 Windows Server 2012 R2 與 Windows 8.1 對 HTTP/2 的支援有限。†Kestrel has limited support for HTTP/2 on Windows Server 2012 R2 and Windows 8.1. 支援有限的原因是這些作業系統上的支援 TLS 密碼編譯套件清單有限。Support is limited because the list of supported TLS cipher suites available on these operating systems is limited. 可能需要使用橢圓曲線數位簽章演算法 (ECDSA) 產生的憑證來保護 TLS 連線。A certificate generated using an Elliptic Curve Digital Signature Algorithm (ECDSA) may be required to secure TLS connections.

  • HTTP.sysHTTP.sys
    • Windows Server 2016/Windows 10 或更新版本Windows Server 2016/Windows 10 or later
    • 目標 Framework:不適用於 HTTP.sys 部署。Target framework: Not applicable to HTTP.sys deployments.
  • IIS (跨處理序)IIS (out-of-process)
    • Windows Server 2016/Windows 10 或更新版本;IIS 10 或更新版本Windows Server 2016/Windows 10 or later; IIS 10 or later
    • 公眾對應 Edge Server 連線使用 HTTP/2,但是對 Kestrel 的反向 Proxy 連線使用 HTTP/1.1。Public-facing edge server connections use HTTP/2, but the reverse proxy connection to Kestrel uses HTTP/1.1.
    • 目標 Framework:不適用於 IIS 跨處理序部署。Target framework: Not applicable to IIS out-of-process deployments.

HTTP/2 連線必須使用 Application-Layer Protocol Negotiation (ALPN) 和 TLS 1.2 或更新版本。An HTTP/2 connection must use Application-Layer Protocol Negotiation (ALPN) and TLS 1.2 or later. 如需詳細資訊,請參閱與伺服器部署案例相關的主題。For more information, see the topics that pertain to your server deployment scenarios.

其他資源Additional resources