如何设置让我们为Go服务器应用程序加密 [英] How to set up Let's Encrypt for a Go server application
问题描述
我拥有自己的域,并使用Go编写的Web服务。我正在使用内置Go Web服务器,前面没有Nginx或Apache。
我想通过HTTPS开始服务,我意识到Let's Encrypt即将成为这样做。
任何人都可以共享整个设置过程来配置在Linux服务器上运行的Go应用程序吗?
这是使用Go和Let's Encrypt证书对HTTPS服务器的最小自动设置,我发现:
包主
$ b导入(
加密/ tls
记录
净/ http
golang.org/x/crypto/acme/autocert
)
func main(){
certManager:= autocert.Manager {
提示: autocert.AcceptTOS,
HostPolicy:autocert.HostWhitelist(example.com),//您的域在这里
缓存:autocert.DirCache(certs),//用于存储证书的文件夹
}
http.HandleFu nc(/,func(w http.ResponseWriter,r * http.Request){
w.Write([] byte(Hello world))
})
server:=& http.Server {
Addr::https,
TLSConfig:& tls.Config {
GetCertificate:certManager.GetCertificate,
},
}
go http.ListenAndServe(:http,certManager.HTTPHandler(nil))
log.Fatal(server.ListenAndServeTLS(, ))// Key和Cert来自Let's Encrypt
}
更多关于autocert包:链接
编辑:需要使http可用,因为 letsencrypt安全问题,阅读更多此处。作为此修补程序的奖励,我们现在有http - > https重定向。如果您已经收到证书,那么旧示例将继续工作,但会在新网站中破解。
I have my own domain with web services written in Go. I am using the inbuilt Go web server, without Nginx or Apache in front.
I would like to start serving over HTTPS and I realized Let's Encrypt is just about to become THE WAY for doing that.
Can anyone share the whole setup procedure for configuring a Go app running on a Linux server?
This is the minimal automatic setup of an HTTPS server using Go and Let's Encrypt certificates I have found:
package main
import (
"crypto/tls"
"log"
"net/http"
"golang.org/x/crypto/acme/autocert"
)
func main() {
certManager := autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist("example.com"), //Your domain here
Cache: autocert.DirCache("certs"), //Folder for storing certificates
}
http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
w.Write([]byte("Hello world"))
})
server := &http.Server{
Addr: ":https",
TLSConfig: &tls.Config{
GetCertificate: certManager.GetCertificate,
},
}
go http.ListenAndServe(":http", certManager.HTTPHandler(nil))
log.Fatal(server.ListenAndServeTLS("", "")) //Key and cert are coming from Let's Encrypt
}
More information on the autocert package: link
EDIT: Needed to make http available because of letsencrypt security issue, read more here. As a bonus of this fix we now have http-->https redirect. The old example will continue to work if you have already received certificates on it, but it will break for new sites.
这篇关于如何设置让我们为Go服务器应用程序加密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!