czyt/autocert.go

## autocert.go
package main

import (
	"crypto/tls"
	"fmt"
	"golang.org/x/crypto/acme/autocert"
	"io"
	"log"
	"net/http"
	"time"
)

func main() {
	m := &autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist("localhost"),
	}

	tlsConfig := &tls.Config{
		// Causes servers to use Go's default ciphersuite preferences,
		// which are tuned to avoid attacks. Does nothing on clients.
		PreferServerCipherSuites: true,
		// Only use curves which have assembly implementations
		CurvePreferences: []tls.CurveID{
			tls.CurveP256,
			tls.X25519, // Go 1.8 only
		},
		MinVersion:     tls.VersionTLS12,
		GetCertificate: m.GetCertificate,
		CipherSuites: []uint16{
			tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
			tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,   // Go 1.8 only
			tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

			// Best disabled, as they don't provide Forward Secrecy,
			// but might be necessary for some clients
			// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
			// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
		},
	}

	go http.ListenAndServe(":http", m.HTTPHandler(nil))

	fmt.Println(time.Now().Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ": Startup")
	mux := http.NewServeMux()
	mux.Handle("/test/", middle(http.StripPrefix("/test/", http.FileServer(http.Dir("~/test/")))))
	mux.Handle("/robots.txt", middle(http.HandlerFunc(robots)))

	s := &http.Server{
		ReadTimeout:  5 * time.Second,
//		WriteTimeout: 10 * time.Second,
		IdleTimeout:  120 * time.Second,

		Addr:      ":https",
		Handler:   mux,
		TLSConfig: tlsConfig,
	}
	err := s.ListenAndServeTLS("", "")

	log.Fatal(err)

}

func middle(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		start := time.Now()
		url := r.URL
		fmt.Println(start.Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ":", url, "from", r.RemoteAddr)
		h.ServeHTTP(w, r)
		finish := time.Now()
		fmt.Println(finish.Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ":", url, "from", r.RemoteAddr, "done")
	})
}

func robots(w http.ResponseWriter, r *http.Request) {
	io.WriteString(w, "User-agent: *\n")
	io.WriteString(w, "Disallow: /")
}
	package main

	import (
	"crypto/tls"
	"fmt"
	"golang.org/x/crypto/acme/autocert"
	"io"
	"log"
	"net/http"
	"time"
	)

	func main() {
	m := &autocert.Manager{
	Prompt: autocert.AcceptTOS,
	HostPolicy: autocert.HostWhitelist("localhost"),
	}

	tlsConfig := &tls.Config{
	// Causes servers to use Go's default ciphersuite preferences,
	// which are tuned to avoid attacks. Does nothing on clients.
	PreferServerCipherSuites: true,
	// Only use curves which have assembly implementations
	CurvePreferences: []tls.CurveID{
	tls.CurveP256,
	tls.X25519, // Go 1.8 only
	},
	MinVersion: tls.VersionTLS12,
	GetCertificate: m.GetCertificate,
	CipherSuites: []uint16{
	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
	tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305, // Go 1.8 only
	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

	// Best disabled, as they don't provide Forward Secrecy,
	// but might be necessary for some clients
	// tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	// tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
	},
	}

	go http.ListenAndServe(":http", m.HTTPHandler(nil))

	fmt.Println(time.Now().Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ": Startup")
	mux := http.NewServeMux()
	mux.Handle("/test/", middle(http.StripPrefix("/test/", http.FileServer(http.Dir("~/test/")))))
	mux.Handle("/robots.txt", middle(http.HandlerFunc(robots)))

	s := &http.Server{
	ReadTimeout: 5 * time.Second,
	// WriteTimeout: 10 * time.Second,
	IdleTimeout: 120 * time.Second,

	Addr: ":https",
	Handler: mux,
	TLSConfig: tlsConfig,
	}
	err := s.ListenAndServeTLS("", "")

	log.Fatal(err)

	}

	func middle(h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	start := time.Now()
	url := r.URL
	fmt.Println(start.Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ":", url, "from", r.RemoteAddr)
	h.ServeHTTP(w, r)
	finish := time.Now()
	fmt.Println(finish.Format("Mon Jan 2 15:04:05 -0700 MST 2006"), ":", url, "from", r.RemoteAddr, "done")
	})
	}

	func robots(w http.ResponseWriter, r *http.Request) {
	io.WriteString(w, "User-agent: *\n")
	io.WriteString(w, "Disallow: /")
	}