DazWilkin/Dockerfile

## Dockerfile
FROM golang:1.13 as build

WORKDIR /server

COPY go.mod ./
COPY main.go ./

RUN CGO_ENABLED=0 GOOG=linux go build -o /go/bin/server main.go

FROM scratch

COPY --from=build /go/bin/server /

EXPOSE 443

ENTRYPOINT ["/server"]
CMD ["--https_endpoint=:443"]

## go.mod
module github.com/DazWilkin/go-https

go 1.13

require golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553

## main.go
package main

import (
	"bytes"
	"crypto/tls"
	"crypto/x509"
	"encoding/pem"
	"flag"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"

	"golang.org/x/net/http2"
)

var (
	httpsEndpoint = flag.String("https_endpoint", ":433", "The HTTPS endpoint to listen on.")
	crtCA         = flag.String("crt_ca", "bigmachine.crt", "CA PEM-encoded Certificate")
	crtServer     = flag.String("crt_server", "server.crt", "PEM-encoded Certificate")
	keyServer     = flag.String("key_server", "server.key", "PEM-encoded Private Key")
)

func certsHandler(w http.ResponseWriter, r *http.Request) {
	for _, c := range r.TLS.PeerCertificates {
		var b bytes.Buffer
		err := pem.Encode(&b, &pem.Block{
			Type:  "CERTIFICATE",
			Bytes: c.Raw,
		})
		if err != nil {
			fmt.Fprint(w, err)
		}
		fmt.Fprintf(w, b.String())
	}
}
func healthHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintln(w, "ok")
}
func main() {
	flag.Parse()

	log.Printf("[main] CA: %s", *crtCA)
	log.Printf("[main] Server cert: %s; key: %s", *crtServer, *keyServer)

	caCert, err := ioutil.ReadFile(*crtCA)
	if err != nil {
		log.Fatal(err)
	}

	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)

	config := &tls.Config{
		ClientCAs:  caCertPool,
		ClientAuth: tls.RequireAndVerifyClientCert,
	}

	mux := http.NewServeMux()
	mux.HandleFunc("/certs", certsHandler)
	mux.HandleFunc("/healthz", healthHandler)

	server := &http.Server{
		TLSConfig: config,
		Addr:      *httpsEndpoint,
		Handler:   mux,
	}
	http2.ConfigureServer(server, &http2.Server{})

	log.Printf("[main] Server starting [%s]", *httpsEndpoint)
	log.Fatal(server.ListenAndServeTLS(*crtServer, *keyServer))
}
	FROM golang:1.13 as build

	WORKDIR /server

	COPY go.mod ./
	COPY main.go ./

	RUN CGO_ENABLED=0 GOOG=linux go build -o /go/bin/server main.go

	FROM scratch

	COPY --from=build /go/bin/server /

	EXPOSE 443

	ENTRYPOINT ["/server"]
	CMD ["--https_endpoint=:443"]
	module github.com/DazWilkin/go-https

	go 1.13

	require golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553
	package main

	import (
	"bytes"
	"crypto/tls"
	"crypto/x509"
	"encoding/pem"
	"flag"
	"fmt"
	"io/ioutil"
	"log"
	"net/http"

	"golang.org/x/net/http2"
	)

	var (
	httpsEndpoint = flag.String("https_endpoint", ":433", "The HTTPS endpoint to listen on.")
	crtCA = flag.String("crt_ca", "bigmachine.crt", "CA PEM-encoded Certificate")
	crtServer = flag.String("crt_server", "server.crt", "PEM-encoded Certificate")
	keyServer = flag.String("key_server", "server.key", "PEM-encoded Private Key")
	)

	func certsHandler(w http.ResponseWriter, r *http.Request) {
	for _, c := range r.TLS.PeerCertificates {
	var b bytes.Buffer
	err := pem.Encode(&b, &pem.Block{
	Type: "CERTIFICATE",
	Bytes: c.Raw,
	})
	if err != nil {
	fmt.Fprint(w, err)
	}
	fmt.Fprintf(w, b.String())
	}
	}
	func healthHandler(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintln(w, "ok")
	}
	func main() {
	flag.Parse()

	log.Printf("[main] CA: %s", *crtCA)
	log.Printf("[main] Server cert: %s; key: %s", crtServer, keyServer)

	caCert, err := ioutil.ReadFile(*crtCA)
	if err != nil {
	log.Fatal(err)
	}

	caCertPool := x509.NewCertPool()
	caCertPool.AppendCertsFromPEM(caCert)

	config := &tls.Config{
	ClientCAs: caCertPool,
	ClientAuth: tls.RequireAndVerifyClientCert,
	}

	mux := http.NewServeMux()
	mux.HandleFunc("/certs", certsHandler)
	mux.HandleFunc("/healthz", healthHandler)

	server := &http.Server{
	TLSConfig: config,
	Addr: *httpsEndpoint,
	Handler: mux,
	}
	http2.ConfigureServer(server, &http2.Server{})

	log.Printf("[main] Server starting [%s]", *httpsEndpoint)
	log.Fatal(server.ListenAndServeTLS(crtServer, keyServer))
	}