Kestrel web server, like any other web server, has some configuration settings. For HTTPS, we can specify SSL certificates, or we can allow only TLS protocol via some settings, or we can also set the request size.
In this article, let’s have a look at some certificate relate settings that can be applied to Kestrel server.
There are multiple ways to specify the SSL certificates. Easiest way is via
Kestrel configuration section in
appsettings.json. In appsettings.json file, a certificate can be specified using 3 ways:
- File system
passwordto load .pfx files
Passwordto load .pem/.crt and .key files
Storeto load from the certificate store.
Below configuration section shows multiple ways to configure the certificates. The whole setting file is taken from documentation. It specifies multiple endpoint and every endpoint is loading different certificates, using different technique.
There are two important sections:
Kestrel:Endpointssection to configure different endpoints. Every endpoint has
Certificateattribute. Certificate section can load certificate from either file path or from the store.
Kestrel:Certificates:Defaultsection to configure the default certificate. This certificate would be used for any endpoint which does not have a certificate specified.
There is an attribute for certificate configuration,
AllowInvalid, which by default is set to
false. If this is true, then invalid certificate is allowed. This might be worth knowing for development environments.
ConfigureWebHostDefaults call on
HostBuilder, can be used to configure this setting. KeepAliveTimeout gets or sets the keep-alive timeout for the server. The default value is 2 minutes.
MaxConcurrentConnections is the maximum number simultaneous open connections. The default value is NULL, which means unlimited open connections are allowed.
MaxConcurrentUpgradedConnections is the maximum number of open and upgraded connections. An upgraded connection is a connection which is upgraded from HTTP to some other protocol, like web sockets. The default value for this also is NULL, which means unlimited number of upgraded connections are allowed.
Request Body Size
MaxRequestBodySize is the maximum number of bytes allowed in the request body. The default value is 30,000,000 bytes which is approximately 28 MB. When set to null, the maximum request body size is unlimited.
During bootstrapping, this can limit can be set for all requests. If this value needs to be overridden for only a couple of actions, the recommended way is to use method attribute
RequestSizeLimit which accepts the number of bytes as input.
Kestrel always checks the rate at which data is arrived or being sent. If the data rate drops below the minimum value configured, then the connection times out.
There is also a grace period associated. If the data rate is below the expected minimum rate, then a grace period is the time for which Kestrel waits for data rate to rise upto the allowed minimum level. If it does not reach the minimum allowed data rate then the connection times out.
There are two properties MinRequestBodyDataRate and MinResponseDataRate, and both of them have the same default minimum rate. The default minimum rate is 240 bytes/second with a 5-second grace period.
These two values can also be customized for specific requests using HttpContext.Features. There are two interfaces – IHttpMinRequestBodyDataRateFeature and IHttpMinResponseDataRateFeature, which have minimum data rate property. This property can be set to the allowed data rates
Request Headers Timeout
RequestHeadersTimeout gets or sets the maximum amount of time server waits to receive the request headers. Default value is 30 seconds.
Below is a code snippet showing how to set these settings via code:
Have you applied any other settings to Kestrel server ? Let me know your thoughts.