英文:
HTTPS for Golang API
问题
我对Golang还不熟悉,但我可以帮你翻译一下你的问题和代码。
以下是你要翻译的内容:
我对Golang还不熟悉,但我已经在我们的VPS上设置了一个Golang API的“Hello World!”测试消息。它在http://www.example.com:8080/hello上正常工作。然而,我想切换到HTTPS。
有人可以逐步告诉我如何将Golang API从HTTP切换到HTTPS吗?谢谢!
如果Golang代码有问题的话:
package mainimport ("fmt""log""net/http")func main() {http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {fmt.Fprintf(w, "Hello, World")})fmt.Println("Server Started On Port 8080")log.Fatal(http.ListenAndServe(":8080", nil))}
英文:
I am new to Golang and I did set up a "hello world!" test message for a Golang API on our VPS. It works just fine at http://www.example.com:8080/hello. I would like however to move to HTTPS.
Could someone tell me step by step the right procedure to go from HTTP to HTTPS for a golang API? Thank you!
In case there is an issue with the golang code:
package mainimport ("fmt""log""net/http")func main() {http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {fmt.Fprintf(w, "Hello, World")})fmt.Println("Server Started On Port 8080")log.Fatal(http.ListenAndServe(":8080", nil))}
答案1
得分: 2
使用http.ListenAndServeTLS代替
https://pkg.go.dev/net/http#ListenAndServeTLS
package mainimport ("fmt""log""net/http")func main() {http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {fmt.Fprintf(w, "Hello, World")})fmt.Println("Server Started On Port 8080")err := http.ListenAndServeTLS(":8080", "cert.pem", "key.pem", nil)log.Fatal(err)}
请注意,这是一个Go语言的示例代码,用于在端口8080上启动一个使用TLS的HTTP服务器。你需要将cert.pem和key.pem替换为你自己的TLS证书和私钥文件。
英文:
Use http.ListenAndServeTLS Instead
https://pkg.go.dev/net/http#ListenAndServeTLS
package mainimport ("fmt""log""net/http")func main() {http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {fmt.Fprintf(w, "Hello, World")})fmt.Println("Server Started On Port 8080")err := http.ListenAndServeTLS(":8080", "cert.pem", "key.pem", nil)log.Fatal(err)}
答案2
得分: 1
感谢John Hanley的支持,帮助我得出这个答案。
首先,我通过编辑/etc/apache2/ports.conf文件将端口8443设置为https:
Listen 80<IfModule ssl_module>Listen 443Listen 8443</IfModule>
然后,我在example.com域的配置中添加了一个VirtualHost,使端口8443充当代理:
<VirtualHost *:8443>ServerAdmin admin@example.comServerName www.example.comServerAlias example.comProxyRequests Off<Proxy *>Order deny,allowAllow from all</Proxy>ProxyPass / http://localhost:8080/ProxyPassReverse / http://localhost:8080/ErrorLog ${APACHE_LOG_DIR}/error.logCustomLog ${APACHE_LOG_DIR}/access.log combinedInclude /etc/letsencrypt/options-ssl-apache.confSSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem</VirtualHost>
你需要使用a2enmod proxy和a2enmod proxy_http命令加载proxy和proxy_http模块。
重新加载apache之后,可以通过https://www.example.com:8443/hello调用API。
英文:
Thanks to John Hanley for support that lead to this answer.
First of all I did set the port 8443 for https by editing /etc/apache2/ports.conf:
Listen 80<IfModule ssl_module>Listen 443Listen 8443</IfModule>
Then I added a VirtualHost in the config of the example.com domain so that port 8443 acts as a proxy:
<VirtualHost *:8443>ServerAdmin admin@example.comServerName www.example.comServerAlias example.comProxyRequests Off<Proxy *>Order deny,allowAllow from all</Proxy>ProxyPass / http://localhost:8080/ProxyPassReverse / http://localhost:8080/ErrorLog ${APACHE_LOG_DIR}/error.logCustomLog ${APACHE_LOG_DIR}/access.log combinedInclude /etc/letsencrypt/options-ssl-apache.confSSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pemSSLCertificateKeyFile /etc/letsencrypt/live/example.com/privkey.pem</VirtualHost>
and you need to load the modules proxy and proxy_http using e2enmod proxy and e2enmod proxy_http.
After reloading apache, the API can be called at https://www.example.com:8443/hello.
答案3
得分: 0
添加到@Dan的答案上。这是一个稍微复杂一些的实现,但可以让你进行更多的配置。
如果你想使用多个证书集合:
certs := []tls.Certificate{}for _, cert := range []string{"cert1", "cert2"} {certSet, err := tls.LoadX509KeyPair(cert+".pem", cert+".key")if err != nil {return err}certs = append(certs, certSet)}
创建tls配置:
cfg := &tls.Config{Certificates: certs,MinVersion: tls.VersionTLS12,}cfg.BuildNameToCertificate()server := &http.Server{Addr: ":8080",TLSConfig: cfg,IdleTimeout: 30 * time.Second,}
添加处理程序并启动服务器:
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {fmt.Fprintf(w, "Hello, World")})err := server.ListenAndServeTLS("", "") // 如果在上面的tls配置中提供了一组证书,则此处不要提供文件名if err != nil {return err}
英文:
Adding on to @Dan 's answer. A little more complex implementation but enables you to configure it more.
If you want to use more than 1 set of certs
certs := []tls.Certificate{}for _, cert := range []{"cert1", "cert2"} {certSet, err := tls.LoadX509KeyPair(cert+".pem", cert+".key")if err != nil {return err}certs = append(certs, certSet)}
Create tls config
cfg := &tls.Config {Certificates: certs,MinVersion: tls.VersionTLS12,}cfg.BuildNameToCertificate()server := &http.Server{Addr: ":8080",TLSConfig: cfg,IdleTimeout: 30 * time.Second,}
Add handler and start server
http.HandleFunc("/hello", func(w http.ResponseWriter, r *http.Request) {fmt.Fprintf(w, "Hello, World")})err := server.ListenAndServeTLS("", "") // Dont give filename here if giving set of certs in tls config aboveif err != nil {return err}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论