I am quite confused as I haven't seen any blogs or instructions on how to host ASP.NET Core/.NET Core applications with HA and multi-host deployments. All examples are either:
1) One NGINX reverse-proxy, one Kestrel
2) One IIS reverse-proxy, one Kestrel
And both components on same host. In real-life production environments, you have LB maybe service discovery, multiple frontends, multiple backends, etc. But for this case there are no instructions whatsoever. So my questions would be for multi-host environments:
Do I deploy one IIS/NGINX as LB/Reverse-proxy, and redirect requests to Kestrels running on many separate VM:s, i.e. various different IP:s?
Or do I run an NGINX/F5 for load-balancing on one host, then route http traffic to various VM:s that run IIS+Kestrel, or just Kestrel? Is IIS required in this setup as NGINX acts as LB?
If I run IIS or NGINX as reverse-proxy, can they keep alive Kestrels on different VM:s, or does each Kestrel require exactly one IIS/NGINX to keep it alive? I.e. the Kestrel process must be on the same same host as the reverse-proxy?
All answers are very welcome, and thanks a lot in advance! :)
I'm running NGINX at the edge as a load balancer and for SSL Termination and multiple servers with IIS + Kestrel serving MVC. This is working well for us. You may not need it but I've found NGINX to be quite a bit more sophisticated and powerful than anything you could do with IIS. Obviously F5 or something would work as well. Previously I also ran for a while using AWS ELB load balancers which also worked fine, just didn't have much configurability. So depends on your needs.
As was mentioned already, IIS is needed on each box running kestrel to manage the process. You could do this some other way, but using IIS is the easiest.
I have a setup with one VM using (IIS as LB) + several VMs with (IIS + Kestrel). It's working fine for my usage, but I'm curious to see if other people have different suggestions. Then it depends on what you are doing, if you use encryption, machine key needs to be shared between VMs, you might also needs to share session between VMs (https://www.exceptionnotfound.net/finding-and-using-asp-net-session-in-core-1-0/), store things in database ...
Related
Simple noob question :-)
I'm about to go into production with a small .NET core app host that's hosted in a droplet at digitalocean. I've always hosted websites using IIS, but I would like to move to linux distributions and use nginx as reverse proxy.
My question is as the title says :-) Does kestrel every need to recycle a "application pool" like the IIS does? If not, does that mean the application is loaded from Kestrel is online until it's shut down?
Best regards
Jens
Based on bits of information here and there from watching all the http://live.asp.net Community Standup meetings I'd so no, Kestrel does not recycle itself the way IIS does.
The reason for this is that Kestrel currently has no way to restart itself if it stops. That's one of the many reasons why it's important to put it behind some sort of reverse proxy like IIS or nginx. This kind of process lifetime management functionality must currently come from a software layer outside of Kestrel. If Kestrel dies due to a software bug or other reason and there is no reverse proxy or other process to restart it, it will not restart by itself and the website will be stay down.
For additional information, this article talks about Publishing to a Linux Production Environment and includes an example nginx system service file that has Restart=always https://learn.microsoft.com/en-us/aspnet/core/publishing/linuxproduction
Note: because there is no windows hosting that satisfies me at the moment, I'm developing my application in PHP and host them on a linux VPS.
Since Windows Server 2016 supports Docker and you are able to create .net 4.5 images, I thought why not review my applications and hosting plans.
Because I'm not a fan of hosting websites directly on a VPS with IIS (setup and configuration seems clumsy), I thought this "infrastructure" seems ideal for me.
A Windows 2016 VPS
A Linux based VPS
For each asp.net application, create a docker image based on microsoft/iis. This means that for the application, there is nothing left to be configured, right? This application will run on the Windows 2016 server.
On the Linux VPS, I will have nginx configured to have all the configuration for SSL certificates and optimizations. Nginx will have proxies that point to the Windows 2016 VPS on specific ports for the different applications.
I think this architecture has scaling possibilities, less configuration on the Windows VPS, more room for improvement? It should even be possible to do this with Ansible if I'm not wrong.
I only need hosting, nothing related to email, ftp, ... That's why I'm not using shared and/or cloud hosting.
Does this architecture seem fine?
Am I missing something?
Would you still just use a Windows VPS for hosting asp.net applications, even if this architecture is possible?
Does this all seem possible with Ansible? I only have basic experience with it.
I don't see anything wrong in your proposal. Remember you can use ansible inside the Linux image's Dockerfile. Maybe you can find that it is an overkill but it should work.
Probably you will find some problems linking your Linux / Windows containers. But I don't see anything short stopping.
Go ahead and post your results. Also if you encounter some walls just ask here and we will try to help.
Regards
because there is no windows hosting that satisfies me at the moment, I'm developing my application in PHP and host them on a linux VPS.
Would you mind telling us a bit about your requirement of Windows Hosting?
For each asp.net http://asp.net/ application, create a docker image based on microsoft/iis. This means that for the application, there is nothing left to be configured, right?
Once fully functional pre-configured image is prepared, you don't have to perform any other changes to your main image. The main image is only modified when you want to update any application in the image or looking to make any changes or update Windows OS.
Does this architecture seem fine?
NGINX reverse proxy works with IIS backend, so, this proposed architecture is achievable. Initial setup of connecting Linux VPS NGINX web server to individual Windows docker image is slightly complex. If you are successful doing that, the next challenge will be adding subsequent dockers to Windows Hyper-V. Here, I don't see actual purpose of using Docker images to host ASP.Net http://asp.net/ applications, when you can easily deploy pre-installed VMs through Windows HyperVisor.
As far as Ansible is concerned, I don't have much idea about this product, but as seen on their website Ansible can automate the dockers.
I usually run my Flask applications with uWSGI and an nginx in front of it.
But I was thinking that the same could be achieved with just supervisor and nginx, so I googled around and found a lot of posts on how to setup and the benefits of the uWSGI-supervisor-nginx stack. I've decided to turn to SO, risking getting axed online for such a question.
So what are the benefits of running a Flask application behind uWSGI, supervisor and nginx?
Why does apparently no one run Flask applications with only supervisor?
An app server such as gnicorn or uWSGI (used to host the flask applications) is used with nginx. nginx is a reverse proxy server which acts as a middleman. This helps with load balancing - handling multiples requests efficiently by distributing workloads over the resources. On top of this, supervisor is just used to monitor and control the server processes (gunicorn or uWSGI in our example).
From my understanding, the web server that comes with Flask (werkzeug server) is not production ready and should be used for development purposes only.
It's all about performance. Usually servers build into frameworks like Flask or Django are design for development environment, when you can quickly and easily reload code which you changed.
When you are running your application in production environment you don't have to worry about debugging and reloading your code often. Your biggest concerns are performance, security and configuration. During setting up production environment you can choose between uWSGI, Gunicorn , mod_wsgi and many others.
You can find plenty of blog posts with benchmarks between them and choose one which works best for you.
We have the need to setup a highly available load balanced Windows Server. Is there a guide on how to setup a web farm with NLB configured? Our operations team tried to use the Web Farm Framework 2.2 to create the web farm and then configure windows NLB on the machines but we haven’t managed to get it to work. Have anyone done this before? What’s the best practice and the recommended way of doing this?
Cheers,
The MS recommended way of doing this is by using 2 or more Web Farm Framework 'controller' servers running ARR and windows NLB, and then Primary/Secondary servers below that.
There's details on how to set this up here: http://learn.iis.net/page.aspx/511/achieving-high-availability-and-scalability---arr-and-nlb/
You can also use hardware based load balancers, some have specific support, others will work, but won't integrate nicely into the WFF console.
Details on doing this with an F5 Big-IP load balancer are here: http://blogs.iis.net/gursing/archive/2011/01/21/how-to-integrate-f5-with-web-farm-framework.aspx
You can also just use the standard microsoft NLB with WFF and without ARR, but there doesn't seem to be much documentation on how to do this. I've got it working on a 2 group by:
install windows NLB on both servers and create a standard cluster with a shared IP
installing WFF on one server
setting that server as primary but don't tick the 'ready for load balancing' tickbox (this tickbox really means add this server to the ARR load balancing).
Then add the second server and again don't tick the 'ready for load balancing'
You should then have the config sharing/updating benefits of WFF with the load balancing/redundancy of NLB using only 2 servers.
A quick ASP.Net performance question...
I have an ASP.Net 3.5 SP1 Application that I want to run on IIS 6. For SSL certificate reasons I need to run it on separate sites in IIS. It's a CMS, and some clients will need the add their own SSL certs.
1) Can I run the same set of ASP.Net files on the disk on multiple sites in IIS or do I need to mirror them?
2) What considerations do I need to make in terms of performance, e.g. having multiple database connections from each site?? Or will they be 'pooled'?! Also, I am using Linq to SQL and am caching the results using ASP.Net's cache. Will it be an overhead to have separate caches for each IIS site of essentially the same data? Are there any other performance or application design considerations for this scenario?
3) Does running the IIS sites under the same App Pool make any difference?
Or does anyone have a totally different recommendations?
Any guidance you can give would be much appreciated. I'm looking for as many varied opinions and experiences as possible here, so please do add an answer if you can help.
Cheers,
Tim
Maintenance will be WAY easier if you only have one IIS site to manage. A more efficient way would be to deal with the SSL issue somewhere else (eg, hardware load balancer, content switch, Apache box, etc) and reverse-proxy to a single IIS instance with a single version of the app running. Sharing the app pools won't help (assuming you're using SQL Server with the managed client anyway), because each web app gets its own Appdomain and hence its own connection pool. Sharing app pools causes them to share a process, but not an appdomain.
I've done this on the cheap before by having Apache installed on the same machine as IIS, listening only on port 443 (for however many IP/cert combos were needed), then have Apache set up as a reverse proxy to IIS on the same machine listening only on port 80 (but for any host header).
I agree it does not make sense to run different web sites for the same applicaiton.
You can set SSL port in the web site with IIS manager. If you do not set IIS to require certificates, some users can use the HTTP version without the certificate error and the others can use SSL.