6

I'm getting ready to deploy an ASP.NET Core MVC website to production. The application will be deployed to AWS ECS (EC2 Container Service). Kestrel isn't recommended for serving traffic from the internet, and it is recommended that a reverse proxy sits in front. My question is, is an AWS ALB good enough? It does SSL termination, load balancing, and supports HTTP/2 and WebSocket.

I believe that I'm giving up compression (to my knowledge neither ALB or Kestrel supports it). What is missing from this setup? Should I be looking at an additional reverse proxy (haproxy/nginx)? The additional complexity is enough that I don't want to go down that route if I don't have to.

Erick T
  • 7,009
  • 9
  • 50
  • 85
  • one thing you need to think about with this solution is how are you going to manage the kestrel process. The recommended windows solution(running behind IIS) does this via IIS Core Module. It starts kestrel on first request and restarts if it fails – Tom Mar 03 '17 at 15:36
  • In the case of ECS, ALB/ECS takes care of spinning up enough instances. – Erick T Mar 03 '17 at 19:14
  • ah, ok, I missed the container service part, I haven't used that. Sounds like that would work fine. I did just switch from ELB to NGINX because we needed more fine control over the load balancing, but if your needs there are basic, ELB works fine. – Tom Mar 04 '17 at 20:57
  • I don't think kestrel can do http/2 https://github.com/aspnet/KestrelHttpServer/issues/73 – Paul Totzke Apr 28 '17 at 06:26

1 Answers1

3

If you don't need compression (it has small SEO advantages), you are good to go.

There are a few things to note about your kestrel application which im sure you are aware of when placing it behind a referse proxy:

  • The notion of request url is gone: since the proxy forwards the request the request url is always the proxy itself.
  • Also the protocol will always be http and never https.
  • Load balancer switches between applications every time, so things that worked fine (that didnt work fine but you didnt realize) with static properties now might fall over.

The downside of ALB i can image could be that you have no control over how load balancing is happening. If this is not an issue for you than i think pretty much any reverse proxy should be fine for you. (you can even make a simple reverse proxy in nodejs if you like).

Joel Harkes
  • 10,975
  • 3
  • 46
  • 65
  • 1
    Thanks. While compression is nice, it certainly isn't a hard requirement. I use haproxy now (for on-prem IIS), and it does take some getting used to. As for the last point, in some ways it is a benefit - if your website is that stateful, it's better to know sooner rather than later. – Erick T Mar 03 '17 at 18:03