-
-
Save czyt/25331416ea7432a68609fe4083fb980c to your computer and use it in GitHub Desktop.
Currently cobbled autocerted file server thingy
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"crypto/tls" | |
"fmt" | |
"golang.org/x/crypto/acme/autocert" | |
"io" | |
"log" | |
"net/http" | |
"time" | |
) | |
func main() { | |
m := &autocert.Manager{ | |
Prompt: autocert.AcceptTOS, | |
HostPolicy: autocert.HostWhitelist("localhost"), | |
} | |
tlsConfig := &tls.Config{ | |
// Causes servers to use Go's default ciphersuite preferences, | |
// which are tuned to avoid attacks. Does nothing on clients. | |
PreferServerCipherSuites: true, | |
// Only use curves which have assembly implementations | |
CurvePreferences: []tls.CurveID{ | |
tls.CurveP256, | |
tls.X25519, // Go 1.8 only | |
}, | |
MinVersion: tls.VersionTLS12, | |
GetCertificate: m.GetCertificate, | |
CipherSuites: []uint16{ | |
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, | |
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | |
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only | |
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only | |
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, | |
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, | |
// Best disabled, as they don't provide Forward Secrecy, | |
// but might be necessary for some clients | |
// tls.TLS_RSA_WITH_AES_256_GCM_SHA384, | |
// tls.TLS_RSA_WITH_AES_128_GCM_SHA256, | |
}, | |
} | |
go http.ListenAndServe(":http", m.HTTPHandler(nil)) | |
fmt.Println(time.Now().Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ": Startup") | |
mux := http.NewServeMux() | |
mux.Handle("/test/", middle(http.StripPrefix("/test/", http.FileServer(http.Dir("~/test/"))))) | |
mux.Handle("/robots.txt", middle(http.HandlerFunc(robots))) | |
s := &http.Server{ | |
ReadTimeout: 5 * time.Second, | |
// WriteTimeout: 10 * time.Second, | |
IdleTimeout: 120 * time.Second, | |
Addr: ":https", | |
Handler: mux, | |
TLSConfig: tlsConfig, | |
} | |
err := s.ListenAndServeTLS("", "") | |
log.Fatal(err) | |
} | |
func middle(h http.Handler) http.Handler { | |
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { | |
start := time.Now() | |
url := r.URL | |
fmt.Println(start.Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ":", url, "from", r.RemoteAddr) | |
h.ServeHTTP(w, r) | |
finish := time.Now() | |
fmt.Println(finish.Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ":", url, "from", r.RemoteAddr, "done") | |
}) | |
} | |
func robots(w http.ResponseWriter, r *http.Request) { | |
io.WriteString(w, "User-agent: *\n") | |
io.WriteString(w, "Disallow: /") | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment