英文:
HTTPS for Golang API
问题
我对Golang还不熟悉,但我可以帮你翻译一下你的问题和代码。
以下是你要翻译的内容:
我对Golang还不熟悉,但我已经在我们的VPS上设置了一个Golang API的“Hello World!”测试消息。它在http://www.example.com:8080/hello上正常工作。然而,我想切换到HTTPS。
有人可以逐步告诉我如何将Golang API从HTTP切换到HTTPS吗?谢谢!
如果Golang代码有问题的话:
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, World")
})
fmt.Println("Server Started On Port 8080")
log.Fatal(http.ListenAndServe(":8080", nil))
}
英文:
I am new to Golang and I did set up a "hello world!" test message for a Golang API on our VPS. It works just fine at http://www.example.com:8080/hello. I would like however to move to HTTPS.
Could someone tell me step by step the right procedure to go from HTTP to HTTPS for a golang API? Thank you!
In case there is an issue with the golang code:
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, World")
})
fmt.Println("Server Started On Port 8080")
log.Fatal(http.ListenAndServe(":8080", nil))
}
答案1
得分: 2
使用http.ListenAndServeTLS代替
https://pkg.go.dev/net/http#ListenAndServeTLS
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, World")
})
fmt.Println("Server Started On Port 8080")
err := http.ListenAndServeTLS(":8080", "cert.pem", "key.pem", nil)
log.Fatal(err)
}
请注意,这是一个Go语言的示例代码,用于在端口8080上启动一个使用TLS的HTTP服务器。你需要将cert.pem
和key.pem
替换为你自己的TLS证书和私钥文件。
英文:
Use http.ListenAndServeTLS Instead
https://pkg.go.dev/net/http#ListenAndServeTLS
package main
import (
"fmt"
"log"
"net/http"
)
func main() {
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, World")
})
fmt.Println("Server Started On Port 8080")
err := http.ListenAndServeTLS(":8080", "cert.pem", "key.pem", nil)
log.Fatal(err)
}
答案2
得分: 1
感谢John Hanley的支持,帮助我得出这个答案。
首先,我通过编辑/etc/apache2/ports.conf文件将端口8443设置为https:
Listen 80
<IfModule ssl_module>
Listen 443
Listen 8443
</IfModule>
然后,我在example.com域的配置中添加了一个VirtualHost,使端口8443充当代理:
<VirtualHost *:8443>
ServerAdmin admin@example.com
ServerName www.example.com
ServerAlias example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
你需要使用a2enmod proxy
和a2enmod proxy_http
命令加载proxy和proxy_http模块。
重新加载apache之后,可以通过https://www.example.com:8443/hello调用API。
英文:
Thanks to John Hanley for support that lead to this answer.
First of all I did set the port 8443 for https by editing /etc/apache2/ports.conf:
Listen 80
<IfModule ssl_module>
Listen 443
Listen 8443
</IfModule>
Then I added a VirtualHost in the config of the example.com domain so that port 8443 acts as a proxy:
<VirtualHost *:8443>
ServerAdmin admin@example.com
ServerName www.example.com
ServerAlias example.com
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem
</VirtualHost>
and you need to load the modules proxy and proxy_http using e2enmod proxy
and e2enmod proxy_http
.
After reloading apache, the API can be called at https://www.example.com:8443/hello.
答案3
得分: 0
添加到@Dan的答案上。这是一个稍微复杂一些的实现,但可以让你进行更多的配置。
如果你想使用多个证书集合:
certs := []tls.Certificate{}
for _, cert := range []string{"cert1", "cert2"} {
certSet, err := tls.LoadX509KeyPair(cert+".pem", cert+".key")
if err != nil {
return err
}
certs = append(certs, certSet)
}
创建tls配置:
cfg := &tls.Config{
Certificates: certs,
MinVersion: tls.VersionTLS12,
}
cfg.BuildNameToCertificate()
server := &http.Server{
Addr: ":8080",
TLSConfig: cfg,
IdleTimeout: 30 * time.Second,
}
添加处理程序并启动服务器:
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, World")
})
err := server.ListenAndServeTLS("", "") // 如果在上面的tls配置中提供了一组证书,则此处不要提供文件名
if err != nil {
return err
}
英文:
Adding on to @Dan 's answer. A little more complex implementation but enables you to configure it more.
If you want to use more than 1 set of certs
certs := []tls.Certificate{}
for _, cert := range []{"cert1", "cert2"} {
certSet, err := tls.LoadX509KeyPair(cert+".pem", cert+".key")
if err != nil {
return err
}
certs = append(certs, certSet)
}
Create tls config
cfg := &tls.Config {
Certificates: certs,
MinVersion: tls.VersionTLS12,
}
cfg.BuildNameToCertificate()
server := &http.Server{
Addr: ":8080",
TLSConfig: cfg,
IdleTimeout: 30 * time.Second,
}
Add handler and start server
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, World")
})
err := server.ListenAndServeTLS("", "") // Dont give filename here if giving set of certs in tls config above
if err != nil {
return err
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论