Kestrel hosting
Kestrel is a cross platform web server and it is included in Blazor Server by default. Kestrel can be a stand-alone host for Blazor Server websites or become a local server to implement the Reverse Proxy hosting model. Kestrel focuses on performance and memory utilization. The downside of Kestrel is the lack of advanced features like DDos protection, load balancing...
Kestrel is the preferred server for:
- Internal websites or low user base.
- Local server for Reverse Proxy hosting model.
You can download the example code used in this topic on GitHub.
Setting up a Kestrel server
In this section, you will learn how to set up a Kestrel server to host a website or make Kestrel a local server for Reverse Proxy hosting.
Installing .NET 5 Runtime
For Windows machines, go to https://dotnet.microsoft.com/download/visual-studio-sdks and download the runtime of .NET 5.
For Linux machines, go to https://docs.microsoft.com/en-us/dotnet/core/install/linux?WT.mc_id=dotnet-35129-website and follow the instructions there.
Starting the Kestrel server
After you have .NET 5 SDK installed in the machine, open a cmd (Windows) or terminal (Linux) to the folder that contains the DLL file and start the Kestrel server by dotnet CLI.
dotnet BlazorSchool.dll
Forward & Reverse Proxy hosting
After you start the Kestrel server, you will see a notification message on how Kestrel listens.
You need to pay attention to the address that Kestrel displayed. The following image illustrates the meaning of the displayed address.
- Protocol: can be HTTP or HTTPS.
- IP address: the endpoint Kestrel will bind to.
- Exposed port: is the port that Kestrel will listen to.
For Reverse Proxy, set the IP address to localhost, for Forward Proxy, set the IP address to the domain name or hosting machine IP or [::].
You can modify the url by using the parameter --urls as follows:
dotnet BlazorSchool.dll --urls="https://blazorschool.com;https://dotnetpro.tech"
In the above example, we demonstrate how to use 2 urls. You can also remove the second url per need.
You cannot use localhost as IP address for the Forward Proxy hosting model.
Add SSL for Kestrel
If you are using the HTTPS protocol for Kestrel, you need to obtain a certificate for your website, you can do that using Certbot or IIS. Once you have the certificate, you can start using it for Kestrel.
To use the SSL for Kestrel, you need to set it up in the appsettings.json file, the .NET CLI does not support setting up an SSL. The appsettings.json allows you to set up for complex scenarios. If your website has multiple endpoints, the appsettings.json uses the first match win strategy, and if none match, it will fall back to the default SSL.
For default SSL, add the following config to the appsettings.json.
"Kestrel":
{
"Certificates":
{
"Default":
{
"Path": "D:/BlazorSchool.crt",
"KeyPath": "D:/BlazorSchool.key"
}
}
}
Each endpoint can also have its own SSL with the following configuration.
"Kestrel":
{
"Endpoints":
{
"BlazorSchool":
{
"Url": "https://0.0.0.0:443",
"Certificate":
{
"Path": "D:/BlazorSchool.crt",
"KeyPath": "D:/BlazorSchool.key"
}
}
},
"Certificates":
{
...
}
}
In the above example, we demonstrate how to use the CRT SSL. There are other SSL formats like Certificate Stores, PFX, PEM and each of them requires different fields in the Certificate/Certificates config. The following table will show how to use each type of SSL formats with Kestrel.
| SSL type | Required field | Value |
|---|---|---|
| PFX | Path |
The path to the .pfx file |
Password |
The certificate password | |
| PEM, CRT | Path |
The path to the .pfx file |
KeyPath |
The path to the .key file | |
Password |
The certificate password | |
| Certificate Stores | Subject |
The certificate subject |
Store |
The certificate store | |
Location |
The certificate location. For example: CurrentUser | |
AllowInvalid |
Allow invalid users. Can be true or false |
