Introduction to Kestrel web server implementation in ASP.NET Core
By Tom Dykstra, Chris Ross, and Stephen Halter
Kestrel is a cross-platform web server for ASP.NET Core based on libuv, a cross-platform asynchronous I/O library. Kestrel is the web server that is included by default in ASP.NET Core project templates.
Kestrel supports the following features:
- HTTPS
- Opaque upgrade used to enable WebSockets
- Unix sockets for high performance behind Nginx
Kestrel is supported on all platforms and versions that .NET Core supports.
ASP.NET Core 2.x
View or download sample code for 2.x ((xref:)how to download)
ASP.NET Core 1.x
View or download sample code for 1.x ((xref:)how to download)
When to use Kestrel with a reverse proxy
ASP.NET Core 2.x
You can use Kestrel by itself or with a reverse proxy server, such as IIS, Nginx, or Apache. A reverse proxy server receives HTTP requests from the Internet and forwards them to Kestrel after some preliminary handling.
Either configuration — with or without a reverse proxy server — can also be used if Kestrel is exposed only to an internal network.
ASP.NET Core 1.x
If your application accepts requests only from an internal network, you can use Kestrel by itself.
If you expose your application to the Internet, you must use IIS, Nginx, or Apache as a reverse proxy server. A reverse proxy server receives HTTP requests from the Internet and forwards them to Kestrel after some preliminary handling.
A reverse proxy is required for edge deployments (exposed to traffic from the Internet) for security reasons. The 1.x versions of Kestrel don’t have a full complement of defenses against attacks. This includes but isn’t limited to appropriate timeouts, size limits, and concurrent connection limits.
A scenario that requires a reverse proxy is when you have multiple applications that share the same IP and port running on a single server. That doesn’t work with Kestrel directly because Kestrel doesn’t support sharing the same IP and port between multiple processes. When you configure Kestrel to listen on a port, it handles all traffic for that port regardless of host header. A reverse proxy that can share ports must then forward to Kestrel on a unique IP and port.
Even if a reverse proxy server isn’t required, using one might be a good choice for other reasons:
- It can limit your exposed surface area.
- It provides an optional additional layer of configuration and defense.
- It might integrate better with existing infrastructure.
- It simplifies load balancing and SSL set-up. Only your reverse proxy server requires an SSL certificate, and that server can communicate with your application servers on the internal network using plain HTTP.
How to use Kestrel in ASP.NET Core apps
ASP.NET Core 2.x
The Microsoft.AspNetCore.Server.Kestrel package is included in the (xref:)Microsoft.AspNetCore.All metapackage.
ASP.NET Core project templates use Kestrel by default. In Program.cs, the template code calls CreateDefaultBuilder
, which calls UseKestrel behind the scenes.
[!code-csharpMain]
1: #define DefaultBuilder // or Limits or UnixSocket or FileDescriptor
2:
3: using Microsoft.AspNetCore;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Server.Kestrel.Core;
6: using System;
7: using System.Net;
8:
9: namespace KestrelDemo
10: {
11: /// <summary>
12: /// Executing the "dotnet run" command in the application folder will run this app.
13: /// </summary>
14: public class Program
15: {
16: // The default listening address is http://localhost:5000 if none is specified.
17:
18: #if DefaultBuilder
19: #region snippet_DefaultBuilder
20: public static void Main(string[] args)
21: {
22: BuildWebHost(args).Run();
23: }
24:
25: public static IWebHost BuildWebHost(string[] args) =>
26: WebHost.CreateDefaultBuilder(args)
27: .UseStartup<Startup>()
28: .UseKestrel(options =>
29: {
30: options.Listen(IPAddress.Loopback, 5000);
31: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
32: {
33: listenOptions.UseHttps("testCert.pfx", "testPassword");
34: });
35: })
36: .Build();
37: #endregion
38: #elif UnixSocket
39: public static void Main(string[] args)
40: {
41: BuildWebHost(args).Run();
42: }
43:
44: public static IWebHost BuildWebHost(string[] args) =>
45: WebHost.CreateDefaultBuilder(args)
46: .UseStartup<Startup>()
47: #region snippet_UnixSocket
48: .UseKestrel(options =>
49: {
50: options.ListenUnixSocket("/tmp/kestrel-test.sock");
51: options.ListenUnixSocket("/tmp/kestrel-test.sock", listenOptions =>
52: {
53: listenOptions.UseHttps("testCert.pfx", "testpassword");
54: });
55: })
56: #endregion
57: .Build();
58: #elif FileDescriptor
59: public static void Main(string[] args)
60: {
61: BuildWebHost(args).Run();
62: }
63:
64: public static IWebHost BuildWebHost(string[] args) =>
65: WebHost.CreateDefaultBuilder(args)
66: .UseStartup<Startup>()
67: #region snippet_FileDescriptor
68: .UseKestrel(options =>
69: {
70: var fds = Environment.GetEnvironmentVariable("SD_LISTEN_FDS_START");
71: ulong fd = ulong.Parse(fds);
72:
73: options.ListenHandle(fd);
74: options.ListenHandle(fd, listenOptions =>
75: {
76: listenOptions.UseHttps("testCert.pfx", "testpassword");
77: });
78: })
79: #endregion
80: .Build();
81: #elif Limits
82: public static void Main(string[] args)
83: {
84: BuildWebHost(args).Run();
85: }
86:
87: public static IWebHost BuildWebHost(string[] args) =>
88: WebHost.CreateDefaultBuilder(args)
89: .UseStartup<Startup>()
90: #region snippet_Limits
91: .UseKestrel(options =>
92: {
93: options.Limits.MaxConcurrentConnections = 100;
94: options.Limits.MaxConcurrentUpgradedConnections = 100;
95: options.Limits.MaxRequestBodySize = 10 * 1024;
96: options.Limits.MinRequestBodyDataRate =
97: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
98: options.Limits.MinResponseDataRate =
99: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
100: options.Listen(IPAddress.Loopback, 5000);
101: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
102: {
103: listenOptions.UseHttps("testCert.pfx", "testPassword");
104: });
105: })
106: #endregion
107: .Build();
108: #endif
109: }
110: }
111:
112:
If you need to configure Kestrel options, call UseKestrel
in Program.cs as shown in the following example:
[!code-csharpMain]
1: #define DefaultBuilder // or Limits or UnixSocket or FileDescriptor
2:
3: using Microsoft.AspNetCore;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Server.Kestrel.Core;
6: using System;
7: using System.Net;
8:
9: namespace KestrelDemo
10: {
11: /// <summary>
12: /// Executing the "dotnet run" command in the application folder will run this app.
13: /// </summary>
14: public class Program
15: {
16: // The default listening address is http://localhost:5000 if none is specified.
17:
18: #if DefaultBuilder
19: #region snippet_DefaultBuilder
20: public static void Main(string[] args)
21: {
22: BuildWebHost(args).Run();
23: }
24:
25: public static IWebHost BuildWebHost(string[] args) =>
26: WebHost.CreateDefaultBuilder(args)
27: .UseStartup<Startup>()
28: .UseKestrel(options =>
29: {
30: options.Listen(IPAddress.Loopback, 5000);
31: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
32: {
33: listenOptions.UseHttps("testCert.pfx", "testPassword");
34: });
35: })
36: .Build();
37: #endregion
38: #elif UnixSocket
39: public static void Main(string[] args)
40: {
41: BuildWebHost(args).Run();
42: }
43:
44: public static IWebHost BuildWebHost(string[] args) =>
45: WebHost.CreateDefaultBuilder(args)
46: .UseStartup<Startup>()
47: #region snippet_UnixSocket
48: .UseKestrel(options =>
49: {
50: options.ListenUnixSocket("/tmp/kestrel-test.sock");
51: options.ListenUnixSocket("/tmp/kestrel-test.sock", listenOptions =>
52: {
53: listenOptions.UseHttps("testCert.pfx", "testpassword");
54: });
55: })
56: #endregion
57: .Build();
58: #elif FileDescriptor
59: public static void Main(string[] args)
60: {
61: BuildWebHost(args).Run();
62: }
63:
64: public static IWebHost BuildWebHost(string[] args) =>
65: WebHost.CreateDefaultBuilder(args)
66: .UseStartup<Startup>()
67: #region snippet_FileDescriptor
68: .UseKestrel(options =>
69: {
70: var fds = Environment.GetEnvironmentVariable("SD_LISTEN_FDS_START");
71: ulong fd = ulong.Parse(fds);
72:
73: options.ListenHandle(fd);
74: options.ListenHandle(fd, listenOptions =>
75: {
76: listenOptions.UseHttps("testCert.pfx", "testpassword");
77: });
78: })
79: #endregion
80: .Build();
81: #elif Limits
82: public static void Main(string[] args)
83: {
84: BuildWebHost(args).Run();
85: }
86:
87: public static IWebHost BuildWebHost(string[] args) =>
88: WebHost.CreateDefaultBuilder(args)
89: .UseStartup<Startup>()
90: #region snippet_Limits
91: .UseKestrel(options =>
92: {
93: options.Limits.MaxConcurrentConnections = 100;
94: options.Limits.MaxConcurrentUpgradedConnections = 100;
95: options.Limits.MaxRequestBodySize = 10 * 1024;
96: options.Limits.MinRequestBodyDataRate =
97: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
98: options.Limits.MinResponseDataRate =
99: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
100: options.Listen(IPAddress.Loopback, 5000);
101: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
102: {
103: listenOptions.UseHttps("testCert.pfx", "testPassword");
104: });
105: })
106: #endregion
107: .Build();
108: #endif
109: }
110: }
111:
112:
ASP.NET Core 1.x
Install the Microsoft.AspNetCore.Server.Kestrel NuGet package.
Call the UseKestrel extension method on WebHostBuilder
in your Main
method, specifying any Kestrel options that you need, as shown in the next section.
[!code-csharpMain]
1: using System;
2: using System.IO;
3: using Microsoft.AspNetCore.Hosting;
4: using Microsoft.Extensions.Configuration;
5:
6: namespace KestrelDemo
7: {
8: /// <summary>
9: /// Executing the "dotnet run command in the application folder will run this app.
10: /// </summary>
11: public class Program
12: {
13: public static string Server;
14:
15: // The default listening address is http://localhost:5000 if none is specified.
16: // Replace "localhost" with "*" to listen to external requests.
17: // You can use the --urls command-line flag to change the listening address. Ex:
18: // > dotnet run --urls http://*:8080;http://*:8081
19:
20: // Use the following code to configure URLs in code:
21: // builder.UseUrls("http://*:8080", "http://*:8081");
22: // Put it after UseConfiguration(config) to take precedence over command-line configuration.
23:
24: #region snippet_Main
25: public static void Main(string[] args)
26: {
27: Console.WriteLine("Running demo with Kestrel.");
28:
29: var config = new ConfigurationBuilder()
30: .AddCommandLine(args)
31: .Build();
32:
33: var builder = new WebHostBuilder()
34: .UseContentRoot(Directory.GetCurrentDirectory())
35: .UseConfiguration(config)
36: .UseStartup<Startup>()
37: .UseKestrel(options =>
38: {
39: if (config["threadCount"] != null)
40: {
41: options.ThreadCount = int.Parse(config["threadCount"]);
42: }
43: })
44: .UseUrls("http://localhost:5000");
45:
46: var host = builder.Build();
47: host.Run();
48: }
49: #endregion
50: }
51: }
Kestrel options
ASP.NET Core 2.x
The Kestrel web server has constraint configuration options that are especially useful in Internet-facing deployments. Here are some of the limits you can set:
- Maximum client connections
- Maximum request body size
- Minimum request body data rate
You set these constraints and others in the Limits
property of the KestrelServerOptions class. The Limits
property holds an instance of the KestrelServerLimits class.
Maximum client connections
The maximum number of concurrent open TCP connections can be set for the entire application with the following code:
[!code-csharpMain]
1: #define DefaultBuilder // or Limits or UnixSocket or FileDescriptor
2:
3: using Microsoft.AspNetCore;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Server.Kestrel.Core;
6: using System;
7: using System.Net;
8:
9: namespace KestrelDemo
10: {
11: /// <summary>
12: /// Executing the "dotnet run" command in the application folder will run this app.
13: /// </summary>
14: public class Program
15: {
16: // The default listening address is http://localhost:5000 if none is specified.
17:
18: #if DefaultBuilder
19: #region snippet_DefaultBuilder
20: public static void Main(string[] args)
21: {
22: BuildWebHost(args).Run();
23: }
24:
25: public static IWebHost BuildWebHost(string[] args) =>
26: WebHost.CreateDefaultBuilder(args)
27: .UseStartup<Startup>()
28: .UseKestrel(options =>
29: {
30: options.Listen(IPAddress.Loopback, 5000);
31: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
32: {
33: listenOptions.UseHttps("testCert.pfx", "testPassword");
34: });
35: })
36: .Build();
37: #endregion
38: #elif UnixSocket
39: public static void Main(string[] args)
40: {
41: BuildWebHost(args).Run();
42: }
43:
44: public static IWebHost BuildWebHost(string[] args) =>
45: WebHost.CreateDefaultBuilder(args)
46: .UseStartup<Startup>()
47: #region snippet_UnixSocket
48: .UseKestrel(options =>
49: {
50: options.ListenUnixSocket("/tmp/kestrel-test.sock");
51: options.ListenUnixSocket("/tmp/kestrel-test.sock", listenOptions =>
52: {
53: listenOptions.UseHttps("testCert.pfx", "testpassword");
54: });
55: })
56: #endregion
57: .Build();
58: #elif FileDescriptor
59: public static void Main(string[] args)
60: {
61: BuildWebHost(args).Run();
62: }
63:
64: public static IWebHost BuildWebHost(string[] args) =>
65: WebHost.CreateDefaultBuilder(args)
66: .UseStartup<Startup>()
67: #region snippet_FileDescriptor
68: .UseKestrel(options =>
69: {
70: var fds = Environment.GetEnvironmentVariable("SD_LISTEN_FDS_START");
71: ulong fd = ulong.Parse(fds);
72:
73: options.ListenHandle(fd);
74: options.ListenHandle(fd, listenOptions =>
75: {
76: listenOptions.UseHttps("testCert.pfx", "testpassword");
77: });
78: })
79: #endregion
80: .Build();
81: #elif Limits
82: public static void Main(string[] args)
83: {
84: BuildWebHost(args).Run();
85: }
86:
87: public static IWebHost BuildWebHost(string[] args) =>
88: WebHost.CreateDefaultBuilder(args)
89: .UseStartup<Startup>()
90: #region snippet_Limits
91: .UseKestrel(options =>
92: {
93: options.Limits.MaxConcurrentConnections = 100;
94: options.Limits.MaxConcurrentUpgradedConnections = 100;
95: options.Limits.MaxRequestBodySize = 10 * 1024;
96: options.Limits.MinRequestBodyDataRate =
97: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
98: options.Limits.MinResponseDataRate =
99: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
100: options.Listen(IPAddress.Loopback, 5000);
101: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
102: {
103: listenOptions.UseHttps("testCert.pfx", "testPassword");
104: });
105: })
106: #endregion
107: .Build();
108: #endif
109: }
110: }
111:
112:
There’s a separate limit for connections that have been upgraded from HTTP or HTTPS to another protocol (for example, on a WebSockets request). After a connection is upgraded, it isn’t counted against the MaxConcurrentConnections
limit.
The maximum number of connections is unlimited (null) by default.
Maximum request body size
The default maximum request body size is 30,000,000 bytes, which is approximately 28.6MB.
The recommended way to override the limit in an ASP.NET Core MVC app is to use the RequestSizeLimit attribute on an action method:
Here’s an example that shows how to configure the constraint for the entire application, every request:
[!code-csharpMain]
1: #define DefaultBuilder // or Limits or UnixSocket or FileDescriptor
2:
3: using Microsoft.AspNetCore;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Server.Kestrel.Core;
6: using System;
7: using System.Net;
8:
9: namespace KestrelDemo
10: {
11: /// <summary>
12: /// Executing the "dotnet run" command in the application folder will run this app.
13: /// </summary>
14: public class Program
15: {
16: // The default listening address is http://localhost:5000 if none is specified.
17:
18: #if DefaultBuilder
19: #region snippet_DefaultBuilder
20: public static void Main(string[] args)
21: {
22: BuildWebHost(args).Run();
23: }
24:
25: public static IWebHost BuildWebHost(string[] args) =>
26: WebHost.CreateDefaultBuilder(args)
27: .UseStartup<Startup>()
28: .UseKestrel(options =>
29: {
30: options.Listen(IPAddress.Loopback, 5000);
31: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
32: {
33: listenOptions.UseHttps("testCert.pfx", "testPassword");
34: });
35: })
36: .Build();
37: #endregion
38: #elif UnixSocket
39: public static void Main(string[] args)
40: {
41: BuildWebHost(args).Run();
42: }
43:
44: public static IWebHost BuildWebHost(string[] args) =>
45: WebHost.CreateDefaultBuilder(args)
46: .UseStartup<Startup>()
47: #region snippet_UnixSocket
48: .UseKestrel(options =>
49: {
50: options.ListenUnixSocket("/tmp/kestrel-test.sock");
51: options.ListenUnixSocket("/tmp/kestrel-test.sock", listenOptions =>
52: {
53: listenOptions.UseHttps("testCert.pfx", "testpassword");
54: });
55: })
56: #endregion
57: .Build();
58: #elif FileDescriptor
59: public static void Main(string[] args)
60: {
61: BuildWebHost(args).Run();
62: }
63:
64: public static IWebHost BuildWebHost(string[] args) =>
65: WebHost.CreateDefaultBuilder(args)
66: .UseStartup<Startup>()
67: #region snippet_FileDescriptor
68: .UseKestrel(options =>
69: {
70: var fds = Environment.GetEnvironmentVariable("SD_LISTEN_FDS_START");
71: ulong fd = ulong.Parse(fds);
72:
73: options.ListenHandle(fd);
74: options.ListenHandle(fd, listenOptions =>
75: {
76: listenOptions.UseHttps("testCert.pfx", "testpassword");
77: });
78: })
79: #endregion
80: .Build();
81: #elif Limits
82: public static void Main(string[] args)
83: {
84: BuildWebHost(args).Run();
85: }
86:
87: public static IWebHost BuildWebHost(string[] args) =>
88: WebHost.CreateDefaultBuilder(args)
89: .UseStartup<Startup>()
90: #region snippet_Limits
91: .UseKestrel(options =>
92: {
93: options.Limits.MaxConcurrentConnections = 100;
94: options.Limits.MaxConcurrentUpgradedConnections = 100;
95: options.Limits.MaxRequestBodySize = 10 * 1024;
96: options.Limits.MinRequestBodyDataRate =
97: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
98: options.Limits.MinResponseDataRate =
99: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
100: options.Listen(IPAddress.Loopback, 5000);
101: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
102: {
103: listenOptions.UseHttps("testCert.pfx", "testPassword");
104: });
105: })
106: #endregion
107: .Build();
108: #endif
109: }
110: }
111:
112:
You can override the setting on a specific request in middleware:
[!code-csharpMain]
1: #define Default // or Limits
2:
3: using Microsoft.AspNetCore.Builder;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Hosting.Server.Features;
6: using Microsoft.AspNetCore.Http;
7: using Microsoft.AspNetCore.Http.Extensions;
8: using Microsoft.AspNetCore.Http.Features;
9: using Microsoft.AspNetCore.Server.Kestrel.Core;
10: using Microsoft.AspNetCore.Server.Kestrel.Core.Features;
11: using Microsoft.Extensions.Logging;
12: using System;
13:
14: namespace KestrelDemo
15: {
16: public class Startup
17: {
18: #if Default
19: #region snippet_Configure
20: public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
21: {
22: var serverAddressesFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
23:
24: app.UseStaticFiles();
25:
26: app.Run(async (context) =>
27: {
28: context.Response.ContentType = "text/html";
29: await context.Response
30: .WriteAsync("<p>Hosted by Kestrel</p>");
31:
32: if (serverAddressesFeature != null)
33: {
34: await context.Response
35: .WriteAsync("<p>Listening on the following addresses: " +
36: string.Join(", ", serverAddressesFeature.Addresses) +
37: "</p>");
38: }
39:
40: await context.Response.WriteAsync($"<p>Request URL: {context.Request.GetDisplayUrl()}<p>");
41: });
42: }
43: #endregion
44: #elif Limits
45: public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
46: {
47: var serverAddressesFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
48:
49: app.UseStaticFiles();
50:
51: #region snippet_Limits
52: app.Run(async (context) =>
53: {
54: context.Features.Get<IHttpMaxRequestBodySizeFeature>()
55: .MaxRequestBodySize = 10 * 1024;
56: context.Features.Get<IHttpMinRequestBodyDataRateFeature>()
57: .MinDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
58: context.Features.Get<IHttpMinResponseDataRateFeature>()
59: .MinDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
60: #endregion
61: context.Response.ContentType = "text/html";
62: await context.Response
63: .WriteAsync("<p>Hosted by Kestrel</p>");
64:
65: if (serverAddressesFeature != null)
66: {
67: await context.Response
68: .WriteAsync("<p>Listening on the following addresses: " +
69: string.Join(", ", serverAddressesFeature.Addresses) +
70: "</p>");
71: }
72:
73: await context.Response.WriteAsync($"<p>Request URL: {context.Request.GetDisplayUrl()}<p>");
74: });
75: }
76: #endif
77: }
78: }
An exception is thrown if you try to configure the limit on a request after the application has started reading the request. There’s an IsReadOnly
property that tells you if the MaxRequestBodySize
property is in read-only state, meaning it’s too late to configure the limit.
Minimum request body data rate
Kestrel checks every second if data is coming in at the specified rate in bytes/second. If the rate drops below the minimum, the connection is timed out. The grace period is the amount of time that Kestrel gives the client to increase its send rate up to the minimum; the rate is not checked during that time. The grace period helps avoid dropping connections that are initially sending data at a slow rate due to TCP slow-start.
The default minimum rate is 240 bytes/second, with a 5 second grace period.
A minimum rate also applies to the response. The code to set the request limit and the response limit is the same except for having RequestBody
or Response
in the property and interface names.
Here’s an example that shows how to configure the minimum data rates in Program.cs:
[!code-csharpMain]
1: #define DefaultBuilder // or Limits or UnixSocket or FileDescriptor
2:
3: using Microsoft.AspNetCore;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Server.Kestrel.Core;
6: using System;
7: using System.Net;
8:
9: namespace KestrelDemo
10: {
11: /// <summary>
12: /// Executing the "dotnet run" command in the application folder will run this app.
13: /// </summary>
14: public class Program
15: {
16: // The default listening address is http://localhost:5000 if none is specified.
17:
18: #if DefaultBuilder
19: #region snippet_DefaultBuilder
20: public static void Main(string[] args)
21: {
22: BuildWebHost(args).Run();
23: }
24:
25: public static IWebHost BuildWebHost(string[] args) =>
26: WebHost.CreateDefaultBuilder(args)
27: .UseStartup<Startup>()
28: .UseKestrel(options =>
29: {
30: options.Listen(IPAddress.Loopback, 5000);
31: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
32: {
33: listenOptions.UseHttps("testCert.pfx", "testPassword");
34: });
35: })
36: .Build();
37: #endregion
38: #elif UnixSocket
39: public static void Main(string[] args)
40: {
41: BuildWebHost(args).Run();
42: }
43:
44: public static IWebHost BuildWebHost(string[] args) =>
45: WebHost.CreateDefaultBuilder(args)
46: .UseStartup<Startup>()
47: #region snippet_UnixSocket
48: .UseKestrel(options =>
49: {
50: options.ListenUnixSocket("/tmp/kestrel-test.sock");
51: options.ListenUnixSocket("/tmp/kestrel-test.sock", listenOptions =>
52: {
53: listenOptions.UseHttps("testCert.pfx", "testpassword");
54: });
55: })
56: #endregion
57: .Build();
58: #elif FileDescriptor
59: public static void Main(string[] args)
60: {
61: BuildWebHost(args).Run();
62: }
63:
64: public static IWebHost BuildWebHost(string[] args) =>
65: WebHost.CreateDefaultBuilder(args)
66: .UseStartup<Startup>()
67: #region snippet_FileDescriptor
68: .UseKestrel(options =>
69: {
70: var fds = Environment.GetEnvironmentVariable("SD_LISTEN_FDS_START");
71: ulong fd = ulong.Parse(fds);
72:
73: options.ListenHandle(fd);
74: options.ListenHandle(fd, listenOptions =>
75: {
76: listenOptions.UseHttps("testCert.pfx", "testpassword");
77: });
78: })
79: #endregion
80: .Build();
81: #elif Limits
82: public static void Main(string[] args)
83: {
84: BuildWebHost(args).Run();
85: }
86:
87: public static IWebHost BuildWebHost(string[] args) =>
88: WebHost.CreateDefaultBuilder(args)
89: .UseStartup<Startup>()
90: #region snippet_Limits
91: .UseKestrel(options =>
92: {
93: options.Limits.MaxConcurrentConnections = 100;
94: options.Limits.MaxConcurrentUpgradedConnections = 100;
95: options.Limits.MaxRequestBodySize = 10 * 1024;
96: options.Limits.MinRequestBodyDataRate =
97: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
98: options.Limits.MinResponseDataRate =
99: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
100: options.Listen(IPAddress.Loopback, 5000);
101: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
102: {
103: listenOptions.UseHttps("testCert.pfx", "testPassword");
104: });
105: })
106: #endregion
107: .Build();
108: #endif
109: }
110: }
111:
112:
You can configure the rates per request in middleware:
[!code-csharpMain]
1: #define Default // or Limits
2:
3: using Microsoft.AspNetCore.Builder;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Hosting.Server.Features;
6: using Microsoft.AspNetCore.Http;
7: using Microsoft.AspNetCore.Http.Extensions;
8: using Microsoft.AspNetCore.Http.Features;
9: using Microsoft.AspNetCore.Server.Kestrel.Core;
10: using Microsoft.AspNetCore.Server.Kestrel.Core.Features;
11: using Microsoft.Extensions.Logging;
12: using System;
13:
14: namespace KestrelDemo
15: {
16: public class Startup
17: {
18: #if Default
19: #region snippet_Configure
20: public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
21: {
22: var serverAddressesFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
23:
24: app.UseStaticFiles();
25:
26: app.Run(async (context) =>
27: {
28: context.Response.ContentType = "text/html";
29: await context.Response
30: .WriteAsync("<p>Hosted by Kestrel</p>");
31:
32: if (serverAddressesFeature != null)
33: {
34: await context.Response
35: .WriteAsync("<p>Listening on the following addresses: " +
36: string.Join(", ", serverAddressesFeature.Addresses) +
37: "</p>");
38: }
39:
40: await context.Response.WriteAsync($"<p>Request URL: {context.Request.GetDisplayUrl()}<p>");
41: });
42: }
43: #endregion
44: #elif Limits
45: public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
46: {
47: var serverAddressesFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
48:
49: app.UseStaticFiles();
50:
51: #region snippet_Limits
52: app.Run(async (context) =>
53: {
54: context.Features.Get<IHttpMaxRequestBodySizeFeature>()
55: .MaxRequestBodySize = 10 * 1024;
56: context.Features.Get<IHttpMinRequestBodyDataRateFeature>()
57: .MinDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
58: context.Features.Get<IHttpMinResponseDataRateFeature>()
59: .MinDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
60: #endregion
61: context.Response.ContentType = "text/html";
62: await context.Response
63: .WriteAsync("<p>Hosted by Kestrel</p>");
64:
65: if (serverAddressesFeature != null)
66: {
67: await context.Response
68: .WriteAsync("<p>Listening on the following addresses: " +
69: string.Join(", ", serverAddressesFeature.Addresses) +
70: "</p>");
71: }
72:
73: await context.Response.WriteAsync($"<p>Request URL: {context.Request.GetDisplayUrl()}<p>");
74: });
75: }
76: #endif
77: }
78: }
For information about other Kestrel options, see the following classes:
ASP.NET Core 1.x
For information about Kestrel options, see KestrelServerOptions class.
Endpoint configuration
ASP.NET Core 2.x
By default ASP.NET Core binds to http://localhost:5000
. You configure URL prefixes and ports for Kestrel to listen on by calling Listen
or ListenUnixSocket
methods on KestrelServerOptions
. (UseUrls
, the urls
command-line argument, and the ASPNETCORE_URLS environment variable also work but have the limitations noted later in this article.)
Bind to a TCP socket
The Listen
method binds to a TCP socket, and an options lambda lets you configure an SSL certificate:
[!code-csharpMain]
1: #define DefaultBuilder // or Limits or UnixSocket or FileDescriptor
2:
3: using Microsoft.AspNetCore;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Server.Kestrel.Core;
6: using System;
7: using System.Net;
8:
9: namespace KestrelDemo
10: {
11: /// <summary>
12: /// Executing the "dotnet run" command in the application folder will run this app.
13: /// </summary>
14: public class Program
15: {
16: // The default listening address is http://localhost:5000 if none is specified.
17:
18: #if DefaultBuilder
19: #region snippet_DefaultBuilder
20: public static void Main(string[] args)
21: {
22: BuildWebHost(args).Run();
23: }
24:
25: public static IWebHost BuildWebHost(string[] args) =>
26: WebHost.CreateDefaultBuilder(args)
27: .UseStartup<Startup>()
28: .UseKestrel(options =>
29: {
30: options.Listen(IPAddress.Loopback, 5000);
31: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
32: {
33: listenOptions.UseHttps("testCert.pfx", "testPassword");
34: });
35: })
36: .Build();
37: #endregion
38: #elif UnixSocket
39: public static void Main(string[] args)
40: {
41: BuildWebHost(args).Run();
42: }
43:
44: public static IWebHost BuildWebHost(string[] args) =>
45: WebHost.CreateDefaultBuilder(args)
46: .UseStartup<Startup>()
47: #region snippet_UnixSocket
48: .UseKestrel(options =>
49: {
50: options.ListenUnixSocket("/tmp/kestrel-test.sock");
51: options.ListenUnixSocket("/tmp/kestrel-test.sock", listenOptions =>
52: {
53: listenOptions.UseHttps("testCert.pfx", "testpassword");
54: });
55: })
56: #endregion
57: .Build();
58: #elif FileDescriptor
59: public static void Main(string[] args)
60: {
61: BuildWebHost(args).Run();
62: }
63:
64: public static IWebHost BuildWebHost(string[] args) =>
65: WebHost.CreateDefaultBuilder(args)
66: .UseStartup<Startup>()
67: #region snippet_FileDescriptor
68: .UseKestrel(options =>
69: {
70: var fds = Environment.GetEnvironmentVariable("SD_LISTEN_FDS_START");
71: ulong fd = ulong.Parse(fds);
72:
73: options.ListenHandle(fd);
74: options.ListenHandle(fd, listenOptions =>
75: {
76: listenOptions.UseHttps("testCert.pfx", "testpassword");
77: });
78: })
79: #endregion
80: .Build();
81: #elif Limits
82: public static void Main(string[] args)
83: {
84: BuildWebHost(args).Run();
85: }
86:
87: public static IWebHost BuildWebHost(string[] args) =>
88: WebHost.CreateDefaultBuilder(args)
89: .UseStartup<Startup>()
90: #region snippet_Limits
91: .UseKestrel(options =>
92: {
93: options.Limits.MaxConcurrentConnections = 100;
94: options.Limits.MaxConcurrentUpgradedConnections = 100;
95: options.Limits.MaxRequestBodySize = 10 * 1024;
96: options.Limits.MinRequestBodyDataRate =
97: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
98: options.Limits.MinResponseDataRate =
99: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
100: options.Listen(IPAddress.Loopback, 5000);
101: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
102: {
103: listenOptions.UseHttps("testCert.pfx", "testPassword");
104: });
105: })
106: #endregion
107: .Build();
108: #endif
109: }
110: }
111:
112:
Notice how this example configures SSL for a particular endpoint by using ListenOptions. You can use the same API to configure other Kestrel settings for particular endpoints.
[!INCLUDEHow to make an SSL cert]
Bind to a Unix socket
You can listen on a Unix socket for improved performance with Nginx, as shown in this example:
[!code-csharpMain]
1: #define DefaultBuilder // or Limits or UnixSocket or FileDescriptor
2:
3: using Microsoft.AspNetCore;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Server.Kestrel.Core;
6: using System;
7: using System.Net;
8:
9: namespace KestrelDemo
10: {
11: /// <summary>
12: /// Executing the "dotnet run" command in the application folder will run this app.
13: /// </summary>
14: public class Program
15: {
16: // The default listening address is http://localhost:5000 if none is specified.
17:
18: #if DefaultBuilder
19: #region snippet_DefaultBuilder
20: public static void Main(string[] args)
21: {
22: BuildWebHost(args).Run();
23: }
24:
25: public static IWebHost BuildWebHost(string[] args) =>
26: WebHost.CreateDefaultBuilder(args)
27: .UseStartup<Startup>()
28: .UseKestrel(options =>
29: {
30: options.Listen(IPAddress.Loopback, 5000);
31: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
32: {
33: listenOptions.UseHttps("testCert.pfx", "testPassword");
34: });
35: })
36: .Build();
37: #endregion
38: #elif UnixSocket
39: public static void Main(string[] args)
40: {
41: BuildWebHost(args).Run();
42: }
43:
44: public static IWebHost BuildWebHost(string[] args) =>
45: WebHost.CreateDefaultBuilder(args)
46: .UseStartup<Startup>()
47: #region snippet_UnixSocket
48: .UseKestrel(options =>
49: {
50: options.ListenUnixSocket("/tmp/kestrel-test.sock");
51: options.ListenUnixSocket("/tmp/kestrel-test.sock", listenOptions =>
52: {
53: listenOptions.UseHttps("testCert.pfx", "testpassword");
54: });
55: })
56: #endregion
57: .Build();
58: #elif FileDescriptor
59: public static void Main(string[] args)
60: {
61: BuildWebHost(args).Run();
62: }
63:
64: public static IWebHost BuildWebHost(string[] args) =>
65: WebHost.CreateDefaultBuilder(args)
66: .UseStartup<Startup>()
67: #region snippet_FileDescriptor
68: .UseKestrel(options =>
69: {
70: var fds = Environment.GetEnvironmentVariable("SD_LISTEN_FDS_START");
71: ulong fd = ulong.Parse(fds);
72:
73: options.ListenHandle(fd);
74: options.ListenHandle(fd, listenOptions =>
75: {
76: listenOptions.UseHttps("testCert.pfx", "testpassword");
77: });
78: })
79: #endregion
80: .Build();
81: #elif Limits
82: public static void Main(string[] args)
83: {
84: BuildWebHost(args).Run();
85: }
86:
87: public static IWebHost BuildWebHost(string[] args) =>
88: WebHost.CreateDefaultBuilder(args)
89: .UseStartup<Startup>()
90: #region snippet_Limits
91: .UseKestrel(options =>
92: {
93: options.Limits.MaxConcurrentConnections = 100;
94: options.Limits.MaxConcurrentUpgradedConnections = 100;
95: options.Limits.MaxRequestBodySize = 10 * 1024;
96: options.Limits.MinRequestBodyDataRate =
97: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
98: options.Limits.MinResponseDataRate =
99: new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
100: options.Listen(IPAddress.Loopback, 5000);
101: options.Listen(IPAddress.Loopback, 5001, listenOptions =>
102: {
103: listenOptions.UseHttps("testCert.pfx", "testPassword");
104: });
105: })
106: #endregion
107: .Build();
108: #endif
109: }
110: }
111:
112:
Port 0
If you specify port number 0, Kestrel dynamically binds to an available port. The following example shows how to determine which port Kestrel actually bound to at runtime:
[!code-csharpMain]
1: #define Default // or Limits
2:
3: using Microsoft.AspNetCore.Builder;
4: using Microsoft.AspNetCore.Hosting;
5: using Microsoft.AspNetCore.Hosting.Server.Features;
6: using Microsoft.AspNetCore.Http;
7: using Microsoft.AspNetCore.Http.Extensions;
8: using Microsoft.AspNetCore.Http.Features;
9: using Microsoft.AspNetCore.Server.Kestrel.Core;
10: using Microsoft.AspNetCore.Server.Kestrel.Core.Features;
11: using Microsoft.Extensions.Logging;
12: using System;
13:
14: namespace KestrelDemo
15: {
16: public class Startup
17: {
18: #if Default
19: #region snippet_Configure
20: public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
21: {
22: var serverAddressesFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
23:
24: app.UseStaticFiles();
25:
26: app.Run(async (context) =>
27: {
28: context.Response.ContentType = "text/html";
29: await context.Response
30: .WriteAsync("<p>Hosted by Kestrel</p>");
31:
32: if (serverAddressesFeature != null)
33: {
34: await context.Response
35: .WriteAsync("<p>Listening on the following addresses: " +
36: string.Join(", ", serverAddressesFeature.Addresses) +
37: "</p>");
38: }
39:
40: await context.Response.WriteAsync($"<p>Request URL: {context.Request.GetDisplayUrl()}<p>");
41: });
42: }
43: #endregion
44: #elif Limits
45: public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
46: {
47: var serverAddressesFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
48:
49: app.UseStaticFiles();
50:
51: #region snippet_Limits
52: app.Run(async (context) =>
53: {
54: context.Features.Get<IHttpMaxRequestBodySizeFeature>()
55: .MaxRequestBodySize = 10 * 1024;
56: context.Features.Get<IHttpMinRequestBodyDataRateFeature>()
57: .MinDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
58: context.Features.Get<IHttpMinResponseDataRateFeature>()
59: .MinDataRate = new MinDataRate(bytesPerSecond: 100, gracePeriod: TimeSpan.FromSeconds(10));
60: #endregion
61: context.Response.ContentType = "text/html";
62: await context.Response
63: .WriteAsync("<p>Hosted by Kestrel</p>");
64:
65: if (serverAddressesFeature != null)
66: {
67: await context.Response
68: .WriteAsync("<p>Listening on the following addresses: " +
69: string.Join(", ", serverAddressesFeature.Addresses) +
70: "</p>");
71: }
72:
73: await context.Response.WriteAsync($"<p>Request URL: {context.Request.GetDisplayUrl()}<p>");
74: });
75: }
76: #endif
77: }
78: }
UseUrls limitations
You can configure endpoints by calling the UseUrls
method or using the urls
command-line argument or the ASPNETCORE_URLS environment variable. These methods are useful if you want your code to work with servers other than Kestrel. However, be aware of these limitations:
- You can’t use SSL with these methods.
- If you use both the
Listen
method andUseUrls
, theListen
endpoints override theUseUrls
endpoints.
Endpoint configuration for IIS
If you use IIS, the URL bindings for IIS override any bindings that you set by calling either Listen
or UseUrls
. For more information, see Introduction to ASP.NET Core Module.
ASP.NET Core 1.x
By default ASP.NET Core binds to http://localhost:5000
. You can configure URL prefixes and ports for Kestrel to listen on by using the UseUrls
extension method, the urls
command-line argument, or the ASP.NET Core configuration system. For more information about these methods, see Hosting. For information about how URL binding works when you use IIS as a reverse proxy, see ASP.NET Core Module.
URL prefixes
If you call UseUrls
or use the urls
command-line argument or ASPNETCORE_URLS environment variable, the URL prefixes can be in any of the following formats.
ASP.NET Core 2.x
Only HTTP URL prefixes are valid; Kestrel does not support SSL when you configure URL bindings by using UseUrls
.
IPv4 address with port number
http://65.55.39.10:80/
0.0.0.0 is a special case that binds to all IPv4 addresses.
IPv6 address with port number
http://[0:0:0:0:0:ffff:4137:270a]:80/
[::] is the IPv6 equivalent of IPv4 0.0.0.0.
Host name with port number
http://contoso.com:80/ http://*:80/
Host names, *, and +, are not special. Anything that is not a recognized IP address or “localhost” will bind to all IPv4 and IPv6 IPs. If you need to bind different host names to different ASP.NET Core applications on the same port, use HTTP.sys or a reverse proxy server such as IIS, Nginx, or Apache.
“Localhost” name with port number or loopback IP with port number
http://localhost:5000/ http://127.0.0.1:5000/ http://[::1]:5000/
When
localhost
is specified, Kestrel tries to bind to both IPv4 and IPv6 loopback interfaces. If the requested port is in use by another service on either loopback interface, Kestrel fails to start. If either loopback interface is unavailable for any other reason (most commonly because IPv6 is not supported), Kestrel logs a warning.
ASP.NET Core 1.x
IPv4 address with port number
http://65.55.39.10:80/ https://65.55.39.10:443/
0.0.0.0 is a special case that binds to all IPv4 addresses.
IPv6 address with port number
http://[0:0:0:0:0:ffff:4137:270a]:80/ https://[0:0:0:0:0:ffff:4137:270a]:443/
[::] is the IPv6 equivalent of IPv4 0.0.0.0.
Host name with port number
http://contoso.com:80/ http://*:80/ https://contoso.com:443/ https://*:443/
Host names, *, and + aren’t special. Anything that isn’t a recognized IP address or “localhost” binds to all IPv4 and IPv6 IPs. If you need to bind different host names to different ASP.NET Core applications on the same port, use WebListener or a reverse proxy server such as IIS, Nginx, or Apache.
“Localhost” name with port number or loopback IP with port number
http://localhost:5000/ http://127.0.0.1:5000/ http://[::1]:5000/
When
localhost
is specified, Kestrel tries to bind to both IPv4 and IPv6 loopback interfaces. If the requested port is in use by another service on either loopback interface, Kestrel fails to start. If either loopback interface is unavailable for any other reason (most commonly because IPv6 is not supported), Kestrel logs a warning.Unix socket
http://unix:/run/dan-live.sock
Port 0
If you specify port number 0, Kestrel dynamically binds to an available port. Binding to port 0 is allowed for any host name or IP except for localhost
name.
The following example shows how to determine which port Kestrel actually bound to at runtime:
[!code-csharpMain]
1: using Microsoft.AspNetCore.Builder;
2: using Microsoft.AspNetCore.Hosting;
3: using Microsoft.AspNetCore.Hosting.Server.Features;
4: using Microsoft.AspNetCore.Http;
5: using Microsoft.AspNetCore.Http.Extensions;
6: using Microsoft.Extensions.Configuration;
7: using Microsoft.Extensions.Logging;
8:
9: namespace KestrelDemo
10: {
11: public class Startup
12: {
13: public Startup(IHostingEnvironment env)
14: {
15: Configuration = new ConfigurationBuilder()
16: .AddEnvironmentVariables()
17: .Build();
18: }
19:
20: public IConfigurationRoot Configuration { get; private set; }
21:
22: #region snippet_Configure
23: public void Configure(IApplicationBuilder app, ILoggerFactory loggerFactory)
24: {
25: loggerFactory.AddConsole();
26:
27: var serverAddressesFeature = app.ServerFeatures.Get<IServerAddressesFeature>();
28:
29: app.UseStaticFiles();
30:
31: app.Run(async (context) =>
32: {
33: context.Response.ContentType = "text/html";
34: await context.Response
35: .WriteAsync("<p>Hosted by Kestrel</p>");
36:
37: if (serverAddressesFeature != null)
38: {
39: await context.Response
40: .WriteAsync("<p>Listening on the following addresses: " +
41: string.Join(", ", serverAddressesFeature.Addresses) +
42: "</p>");
43: }
44:
45: await context.Response.WriteAsync($"<p>Request URL: {context.Request.GetDisplayUrl()}<p>");
46: });
47: }
48: #endregion
49: }
50: }
URL prefixes for SSL
Be sure to include URL prefixes with https:
if you call the UseHttps
extension method, as shown below.
var host = new WebHostBuilder()
.UseKestrel(options =>
{
options.UseHttps("testCert.pfx", "testPassword");
})
.UseUrls("http://localhost:5000", "https://localhost:5001")
.UseContentRoot(Directory.GetCurrentDirectory())
.UseStartup<Startup>()
.Build();
[!NOTE] HTTPS and HTTP cannot be hosted on the same port.
[!INCLUDEHow to make an SSL cert]
|