Recommendations for dotnet core reverse proxy
-
Hi all, in an effort to keep myself amused during this lockdown ( UK in my case ) I've been playing with building a NET Core webapi service, this is I've done. I have it running as a daemon on a Linux box on my LAN with NGInx setup as a reverse proxy. All is working ok. Am I doing this the correct way ? ( I'm not all that clued up with web stuff ) I thought a Web server such as Apache could be used to host the service not just as a reverse proxy but to host it entirely. What I'm trying to say is, when I've written WCF services to be hosted in a Windows environment in the past, I hosted them in IIS ( using WAS ) which took care of starting and stopping the whole caboodle, is this possible with Net core api services ( on Linux in this case ) ? As I say I'm not that clued up on the web side of things.
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
My Entire production setup at www.digital-solutions.me.uk all uses Nginx Well Mostly... uses Nginx :-) First up I have a wildcard domain, so *.digital-solutions.me.uk will ALWAYS hit my public IP address same with my personal domain too. My Firewall has exactly ONE port forward on port 80 and that hit's a VM running on hyper-v, the VM is a linux server install, that runs only Nginx nothing else. In the config for Nginx I list all my subdomains as virtual servers, and then in those virtual servers I proxy the connection to other servers,desktops,IoT devices, containers and VM's some of which run dotnet core apps, some which run Apache, and some which serve classic .NET apps from an IIS instance. The first VM to be hit is responsible for routing to the correct destination machine, I find that Nginx works perfectly and it can handle traffic through put really well too. It's routes to Windows, Linux, Bsd all manner of target systems, even Solaris :-) Anything that's not in the Nginx config for the frontend VM just get's blackholed and a reply is never sent for it. Those VMs that DO run dotnet core services on them, I keep the services running using SupervisorD: [Supervisor: A Process Control System — Supervisor 4.1.0 documentation](http://supervisord.org/) Shawty
Still Crazy.... Best and ONLY way to be.
-
My Entire production setup at www.digital-solutions.me.uk all uses Nginx Well Mostly... uses Nginx :-) First up I have a wildcard domain, so *.digital-solutions.me.uk will ALWAYS hit my public IP address same with my personal domain too. My Firewall has exactly ONE port forward on port 80 and that hit's a VM running on hyper-v, the VM is a linux server install, that runs only Nginx nothing else. In the config for Nginx I list all my subdomains as virtual servers, and then in those virtual servers I proxy the connection to other servers,desktops,IoT devices, containers and VM's some of which run dotnet core apps, some which run Apache, and some which serve classic .NET apps from an IIS instance. The first VM to be hit is responsible for routing to the correct destination machine, I find that Nginx works perfectly and it can handle traffic through put really well too. It's routes to Windows, Linux, Bsd all manner of target systems, even Solaris :-) Anything that's not in the Nginx config for the frontend VM just get's blackholed and a reply is never sent for it. Those VMs that DO run dotnet core services on them, I keep the services running using SupervisorD: [Supervisor: A Process Control System — Supervisor 4.1.0 documentation](http://supervisord.org/) Shawty
Still Crazy.... Best and ONLY way to be.
-
Thanks for this could I see your nginx.conf - I'm keen to learn this stuff
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
Yes sure, but for obvious reasons I'm not posting it publicly. Hunt me down on twitter I'm @shawty_ds We'll take it from there. I'm off to cook evening meal for the family right now, but I'll be back at my PC either in a few hours (Or tomorrow if I end up watching TV with the wife and drinking beer .... :-D ) You can also find me on gmail as "shawty.d.ds" Regards Shawty
-
Yes sure, but for obvious reasons I'm not posting it publicly. Hunt me down on twitter I'm @shawty_ds We'll take it from there. I'm off to cook evening meal for the family right now, but I'll be back at my PC either in a few hours (Or tomorrow if I end up watching TV with the wife and drinking beer .... :-D ) You can also find me on gmail as "shawty.d.ds" Regards Shawty
-
I don't use twitter have you an email address I can use ?
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
As I said in my last post :-) Im shawty.d.ds on gmail :-D
-
Hi all, in an effort to keep myself amused during this lockdown ( UK in my case ) I've been playing with building a NET Core webapi service, this is I've done. I have it running as a daemon on a Linux box on my LAN with NGInx setup as a reverse proxy. All is working ok. Am I doing this the correct way ? ( I'm not all that clued up with web stuff ) I thought a Web server such as Apache could be used to host the service not just as a reverse proxy but to host it entirely. What I'm trying to say is, when I've written WCF services to be hosted in a Windows environment in the past, I hosted them in IIS ( using WAS ) which took care of starting and stopping the whole caboodle, is this possible with Net core api services ( on Linux in this case ) ? As I say I'm not that clued up on the web side of things.
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
If you are using WebHostBuilder with UseKestrel() you don't need NGinx. To make sure it starts automatically or restarts on a crash on most Linux systems you would use systemd. [Manage Kestrel process with systemd](https://kimsereyblog.blogspot.com/2018/05/manage-kestrel-process-with-systemd.html)
-
I don't use twitter have you an email address I can use ?
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
-
If you are using WebHostBuilder with UseKestrel() you don't need NGinx. To make sure it starts automatically or restarts on a crash on most Linux systems you would use systemd. [Manage Kestrel process with systemd](https://kimsereyblog.blogspot.com/2018/05/manage-kestrel-process-with-systemd.html)
That may be, but all the advice I've seen to date, even the official MS stuff, states that you should NEVER place a dotnet core app directly on a public facing IP as kestrel is not built to take the onslaught that more mature web servers are. It's always been best advice to proxy the inbound traffic to a dotnet core app, allowing you to take advantage of all sorts of things that kestrel doesn't do, such as virtual hosting and the many battle hardened security features these server apps have built into them.
-
Didn't see an email from you yet.... just making sure shawty.d.ds at gmail
-
That may be, but all the advice I've seen to date, even the official MS stuff, states that you should NEVER place a dotnet core app directly on a public facing IP as kestrel is not built to take the onslaught that more mature web servers are. It's always been best advice to proxy the inbound traffic to a dotnet core app, allowing you to take advantage of all sorts of things that kestrel doesn't do, such as virtual hosting and the many battle hardened security features these server apps have built into them.
Hi Peter, thanks for the stuff you sent me although it's largely over my head :laugh: - did you see my question in the General Programming C# category regarding asking how to expose my locally hosted service to remote clients ?
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
-
Hi Peter, thanks for the stuff you sent me although it's largely over my head :laugh: - did you see my question in the General Programming C# category regarding asking how to expose my locally hosted service to remote clients ?
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
It's easy once you know how :-) RE: Question, nope... you wanna spin me a link? Shawty
-
It's easy once you know how :-) RE: Question, nope... you wanna spin me a link? Shawty
[My Question](https://www.codeproject.com/Messages/5715945/Access-WebApi-remotely-Cmon-guys-I-dont-believe-no.aspx) Edit n.b Nginx and the API service are on the same box I just worked it out, nginx is listening to port 80 on my API box then proxy passing to the API service - so I need to port forward an external port on my router to port 80 on my API box- I have and it works - thanks for your help - do you mind if I bombard you with net core questions ?
"We can't stop here - this is bat country" - Hunter S Thompson - RIP
