We currently have a collection of stateless/stateful .NET Core services hosted in Azure Service Fabric which we want to deploy to production (internet facing) but the guidance out there on what hosting is production ready is pretty sparse.
So currently we're using Kestrel w/HTTPS which is commonly stated to not be appropriate, but nowhere states why - the closest we've seen mentioned is that it could be DOS vulnerable? I digress.
It's commonly recommended to run kestrel behind a battle tested reverse proxy - and it looks like there is an nginx Service Fabric package floating around, but that also states it is just a proof of concept and not fit for production use.
The closest thing we've found to an endorsement is WebListener which is stated to be supported for edge deployments here https://github.com/aspnet/Announcements/issues/204. (and also has port sharing which is neat.)
I have also seen some folks mention using AspNetCoreModule in front of kestrel as opposed to IIS - is this supported/advised in Service Fabric? and if so is there any documentation or repos to demonstate this?
Please advise.
With the 1.0.0 RC2 release, WebListener is the recommended web server for Internet-facing services on Service Fabric on Windows. Note that this is still an RC release currently.
Kestrel is not yet recommended for Internet-facing services without a reverse-proxy in front of it to handle certain DoS cases. You can certainly run a reverse proxy like nginx on Service Fabric and put Kestrel behind it in a service that doesn't have any Internet-facing ports. But the easiest thing to do, really, is to just use WebListener.