英文:
Do I need to use nginx or Apache to use Lets Encrypt?
问题
我有一个非常简单的基于golang的API,它只是在一个路径上监听并根据数据库插入作出响应。
我想使用Let's Encrypt来提供TLS/https服务,但是所有的教程似乎都要求使用Apache或nginx。
我喜欢保持我的服务器非常轻量化,并且没有看到引入这些Web服务器的必要性(它绝对不是一个完整的网站),并且在http上我的go实现工作得很好。
是否可能在没有Apache或nginx的情况下安装它?
英文:
I have a really simple API based on golang that just listens at a path and responds accordingly with a database insert.
I want to serve it over TLS/https using Lets Encrypt, but all the tutorials seem to indicate use of Apache or nginx as a requirement.
I like keeping my server really light and haven't seen any need to introduce the overhead of these web servers (it's definitely not a full fledged website) and over http my go implementation works well.
Is it possible to install it without Apache or nginx?
答案1
得分: 4
不,你不需要使用Apache/Nginx,Go可以很好地处理TLS。
示例代码如下:
➜ sudo letsencrypt certonly --standalone --agree-tos --email you@email.com -d domain1.com [-d domain2.com, etc..]
➜ sudo cat /etc/letsencrypt/archive/domain1.com/fullchain1.pem > cert.pem
➜ sudo cat /etc/letsencrypt/archive/domain1.com/privkey1.pem > key.pem
➜ cat main.go
import (
"log"
"net/http"
)
func handler(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}
func main() {
http.HandleFunc("/", handler)
log.Printf("About to listen on 10443. Go to https://domain1.com:10443/")
log.Fatal(http.ListenAndServeTLS(":10443", "cert.pem", "key.pem", nil))
}
请注意,如果你希望Go服务器监听443端口(默认的HTTPS端口),你需要以root身份运行它,或者使用systemd来传递端口。
在443端口上运行的示例:
- 将代码修改为
log.Fatal(http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil)) go buildsudo ./your-package-name- 如果你不想以root身份运行,你需要将cert.pem/key.pem的所有权更改为你的用户,然后运行
setcap cap_net_bind_service=+ep your-package-name,这样你就可以作为用户监听443/80端口。
关于使用setcap的更多详细信息,请参考:https://wiki.apache.org/httpd/NonRootPortBinding
英文:
No, you do not need to use Apache/Nginx, Go handles TLS just fine.
Check http.ListenAndServeTLS
Example:
➜ sudo letsencrypt certonly --standalone --agree-tos --email you@email.com -d domain1.com [-d domain2.com, etc..]
➜ sudo cat /etc/letsencrypt/archive/domain1.com/fullchain1.pem > cert.pem
➜ sudo cat /etc/letsencrypt/archive/domain1.com/privkey1.pem > key.pem
➜ cat main.go
import (
"log"
"net/http"
)
func handler(w http.ResponseWriter, req *http.Request) {
w.Header().Set("Content-Type", "text/plain")
w.Write([]byte("This is an example server.\n"))
}
func main() {
http.HandleFunc("/", handler)
log.Printf("About to listen on 10443. Go to https://domain1.com:10443/")
log.Fatal(http.ListenAndServeTLS(":10443", "cert.pem", "key.pem", nil))
}
Note that if you want your go server to listen on port 443 (default https port), you will either have to run it as root or use systemd to pass it the port.
Example of running on port 443:
-
Change the code to
log.Fatal(http.ListenAndServeTLS(":443", "cert.pem", "key.pem", nil)) -
go build -
sudo ./your-package-name -
or if you don't want to run as root, you will have to chown cert.pem/key.pem as your user then run
setcap cap_net_bind_service=+ep your-package-namethen you will be able to listen on port 443/80 as a user.
More details about using setcap: https://wiki.apache.org/httpd/NonRootPortBinding
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论