需要帮助在 Go 中自动化 TLS 证书处理
Need help automating TLS Cert Handling in Go
我有一个简单的 Go 网络服务器,我希望它使用 TLS 证书。我知道 certbot,python 应用程序,到目前为止经常使用它,但我想几乎自动化一切。那是我偶然发现 https://github.com/caddyserver/certmagic 的地方,它非常棒。但是,我似乎无法将它与自定义服务器结构结合使用。
srv := http.Server{
ReadTimeout: 1 * time.Second,
WriteTimeout: 2 * time.Second,
IdleTimeout: 10 * time.Second,
ReadHeaderTimeout: 2 * time.Second,
Handler: router,
Addr: serverAddr,
}
if fileExists(serverCertFile) && fileExists(serverKeyFile) {
if err := srv.ListenAndServeTLS(serverCertFile, serverKeyFile); err != nil && err != http.ErrServerClosed {
panic("Couldn't start server with TLS")
}
} else {
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
panic("Couldn't start server")
}
}
到目前为止,这是我解决问题的方法,只是使用手动请求的证书。有什么建议吗?
文档 here 建议使用 Listen() 而不是 HTTPS() 来利用您自己的 http.Server 值。
listener, err := certmagic.Listen([]string{"yourdomain.com"})
srv := http.Server{
ReadTimeout: 1 * time.Second,
WriteTimeout: 2 * time.Second,
IdleTimeout: 10 * time.Second,
ReadHeaderTimeout: 2 * time.Second,
Handler: router,
Addr: serverAddr,
}
srv.Serve(listener)
Listent()
的文档
Listen manages certificates for domainName and returns a TLS listener. It uses the Default config.
Because this convenience function returns only a TLS-enabled listener and does not presume HTTP is also being served, the HTTP challenge will be disabled. The package variable Default is modified so that the HTTP challenge is disabled.
Calling this function signifies your acceptance to the CA's Subscriber Agreement and/or Terms of Service.
我有一个简单的 Go 网络服务器,我希望它使用 TLS 证书。我知道 certbot,python 应用程序,到目前为止经常使用它,但我想几乎自动化一切。那是我偶然发现 https://github.com/caddyserver/certmagic 的地方,它非常棒。但是,我似乎无法将它与自定义服务器结构结合使用。
srv := http.Server{
ReadTimeout: 1 * time.Second,
WriteTimeout: 2 * time.Second,
IdleTimeout: 10 * time.Second,
ReadHeaderTimeout: 2 * time.Second,
Handler: router,
Addr: serverAddr,
}
if fileExists(serverCertFile) && fileExists(serverKeyFile) {
if err := srv.ListenAndServeTLS(serverCertFile, serverKeyFile); err != nil && err != http.ErrServerClosed {
panic("Couldn't start server with TLS")
}
} else {
if err := srv.ListenAndServe(); err != nil && err != http.ErrServerClosed {
panic("Couldn't start server")
}
}
到目前为止,这是我解决问题的方法,只是使用手动请求的证书。有什么建议吗?
文档 here 建议使用 Listen() 而不是 HTTPS() 来利用您自己的 http.Server 值。
listener, err := certmagic.Listen([]string{"yourdomain.com"})
srv := http.Server{
ReadTimeout: 1 * time.Second,
WriteTimeout: 2 * time.Second,
IdleTimeout: 10 * time.Second,
ReadHeaderTimeout: 2 * time.Second,
Handler: router,
Addr: serverAddr,
}
srv.Serve(listener)
Listent()
Listen manages certificates for domainName and returns a TLS listener. It uses the Default config. Because this convenience function returns only a TLS-enabled listener and does not presume HTTP is also being served, the HTTP challenge will be disabled. The package variable Default is modified so that the HTTP challenge is disabled. Calling this function signifies your acceptance to the CA's Subscriber Agreement and/or Terms of Service.