What is the point Kestrel? #1074
Comments
No, we couldn't have, turns out IIS doesn't run on *nix. We also get rid of tons of engineering duplication if the hosting model is the same across OS's. We can avoid testing things N times if we unify.
Things like this #1066. Keep alive timeouts, connection timeout, body reading timeouts, request timeouts, size limits, concurrent connection limits, memory limits. Things you don't usually have to think about when writing your web application. We're working on putting the necessary things in place so that kestrel can be an edge server. If you watch the commits, you'll see it happening right before your eyes 😉 . |
|
Don't get me wrong, I think you guys have done a ton of great work. Like I said compared to the other standalone server dlls that I have been forced to use, kestrel is awesome. I have been reading some of the commits probably once a week for almost year now. I have also read a lot of comments by Microsoft employees that imply that it is not meant to and was never meant to be run as an edge server. That is really depressing. If you are saying that it is going to be an edge server, then I am extremely happy. Would it be to much to ask for a roapmap to be made public. I am not saying timeframes, just a generic version based roadmap with very high level things that you guys expect kestrel to be able to do. |
|
To expand on what davidfowl wrote I will say that it is largely because of time pressure. In the time leading up to 1.0 they were still working on getting things working reliably. They ran out of time to really get into really hardening things. As an example, last I remember hearing publicly, there hadn't been any real fuzz testing done yet. IIS, and nginx are known quantities. They have been around the block, and are battle tested. Assuming they are configured correctly your chances of a security issue, or DoS attack are very low. At the moment Kestrel is an unknown in that regard. As such, it would be pretty irresponsible for Microsoft to recommend using it as an edge server. If it makes it any easier, for now you can mentally label Kestrel an Application Server, instead of a Web Server. Putting those behind a reverse-proxy like nginx is pretty standard. |
Over the last year I have read/(watch a lot of video's) about .net core, asp.net core, and kestrel. Of course they used to be called by different name, don't let that distract you. Anyways, I kept hearing that it was going to be so great because now self-hosting in an application is easy. Self-hosting was big part of the draw to kestrel. If I am misunderstanding this, then I bet most other people who have watched/read like I have, are in the same situation.
Lately, I have read a lot of comments here on github that say, that it is always supposed to be run behind a real web server like IIS or nginx. So you are going to tell me to write a self-hosted server and then setup iis to proxy the requests? If that is the case, what good is kestrel? You guys could have of just stuck with the old IIS model.
Microsoft people keep saying that kestrel is not full featured. Well, that is really a point of view. Before kestrel, I have used a lot of standalone web server dlls for my projects. They all sucked, and kestrel kicks the crap out of them. If the bar is IIS, then it might not have as many "modules" as IIS, but who cares, I never used 95% of those anyways.
I want to know from Microsoft, what is really missing from using it standalone, without having it behind a proxy. Or a point by point list of thing that are missing compared to IIS, and if you plan on filling those parts in. I'm not asking for a time frame, just knowing the missing pieces is good enough.
The text was updated successfully, but these errors were encountered: