Skip to content

Instantly share code, notes, and snippets.

@DazWilkin
Last active December 12, 2019 00:28
Show Gist options
  • Save DazWilkin/ac6ca02a9bee44e5d5621aabe233eb1b to your computer and use it in GitHub Desktop.
Save DazWilkin/ac6ca02a9bee44e5d5621aabe233eb1b to your computer and use it in GitHub Desktop.
NGINX Ingress
FROM golang:1.13 as build
WORKDIR /server
COPY go.mod ./
COPY main.go ./
RUN CGO_ENABLED=0 GOOG=linux go build -o /go/bin/server main.go
FROM scratch
COPY --from=build /go/bin/server /
EXPOSE 443
ENTRYPOINT ["/server"]
CMD ["--https_endpoint=:443"]
module github.com/DazWilkin/go-https
go 1.13
require golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
package main
import (
"bytes"
"crypto/tls"
"crypto/x509"
"encoding/pem"
"flag"
"fmt"
"io/ioutil"
"log"
"net/http"
"golang.org/x/net/http2"
)
var (
httpsEndpoint = flag.String("https_endpoint", ":433", "The HTTPS endpoint to listen on.")
crtCA = flag.String("crt_ca", "bigmachine.crt", "CA PEM-encoded Certificate")
crtServer = flag.String("crt_server", "server.crt", "PEM-encoded Certificate")
keyServer = flag.String("key_server", "server.key", "PEM-encoded Private Key")
)
func certsHandler(w http.ResponseWriter, r *http.Request) {
for _, c := range r.TLS.PeerCertificates {
var b bytes.Buffer
err := pem.Encode(&b, &pem.Block{
Type: "CERTIFICATE",
Bytes: c.Raw,
})
if err != nil {
fmt.Fprint(w, err)
}
fmt.Fprintf(w, b.String())
}
}
func healthHandler(w http.ResponseWriter, r *http.Request) {
fmt.Fprintln(w, "ok")
}
func main() {
flag.Parse()
log.Printf("[main] CA: %s", *crtCA)
log.Printf("[main] Server cert: %s; key: %s", *crtServer, *keyServer)
caCert, err := ioutil.ReadFile(*crtCA)
if err != nil {
log.Fatal(err)
}
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM(caCert)
config := &tls.Config{
ClientCAs: caCertPool,
ClientAuth: tls.RequireAndVerifyClientCert,
}
mux := http.NewServeMux()
mux.HandleFunc("/certs", certsHandler)
mux.HandleFunc("/healthz", healthHandler)
server := &http.Server{
TLSConfig: config,
Addr: *httpsEndpoint,
Handler: mux,
}
http2.ConfigureServer(server, &http2.Server{})
log.Printf("[main] Server starting [%s]", *httpsEndpoint)
log.Fatal(server.ListenAndServeTLS(*crtServer, *keyServer))
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment