Skip to content

Instantly share code, notes, and snippets.

Created April 3, 2015 21:24
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
Star You must be signed in to star a gist
Save 0xdabbad00/98bb562f3abbe038cec6 to your computer and use it in GitHub Desktop.
// Gist associated with
package main
import (
log ""
gojiweb ""
// Replace these with your paths
func main() {
configfile := flag.String("config", "config.json", "Path to configuration file")
var application = &system.Application{}
// Setup static files
static := gojiweb.New()
static.Get("/assets/*", http.StripPrefix("/assets/", http.FileServer(http.Dir(application.Configuration.PublicPath))))
http.Handle("/assets/", static)
// Setup logging
// If debug, use text, else use json.
type LogInterface func() log.Formatter
var getLogger LogInterface
getLogger = func() log.Formatter { return new(log.JSONFormatter) }
if application.Configuration.Environment == "debug" {
getLogger = func() log.Formatter { return new(log.TextFormatter) }
// Setup logging for our code
// Setup logging for goji
logr := log.New()
logr.Formatter = getLogger()
applicationName := "webserver"
goji.Use(glogrus.NewGlogrus(logr, applicatonName))
// Add HTTP security headers via
secureMiddleware := secure.New(secure.Options{
// STSSeconds is the max-age of the Strict-Transport-Security header.
// Default is 0, which would NOT include the header.
STSSeconds: 315360000,
// If STSIncludeSubdomains is set to true, the `includeSubdomains` will be appended to the Strict-Transport-Security header.
// Default is false.
STSIncludeSubdomains: true,
// If FrameDeny is set to true, adds the X-Frame-Options header with the value of `DENY`.
// Default is false.
FrameDeny: true,
// CustomFrameOptionsValue allows the X-Frame-Options header value to be set with a custom value.
// This overrides the FrameDeny option.
CustomFrameOptionsValue: "SAMEORIGIN",
// If ContentTypeNosniff is true, adds the X-Content-Type-Options header with the value `nosniff`.
// Default is false.
ContentTypeNosniff: true,
// If BrowserXssFilter is true, adds the X-XSS-Protection header with the value `1; mode=block`.
// Default is false.
BrowserXssFilter: true,
// ContentSecurityPolicy allows the Content-Security-Policy header value to be set with a custom value.
// Default is "".
ContentSecurityPolicy: "default-src 'self'",
// Apply other middleware
controller := &web.Controller{}
// Setup routes
goji.Get("/", application.Route(controller, "Index"))
// ... Add more routes ...
// Perform graceful shutdown procedures
graceful.PostHook(func() {
// Allow us to run on different ports
flag.Set("bind", fmt.Sprintf(":%s", application.Configuration.ListeningPort))
// Start the server
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment