Created
July 10, 2017 00:56
-
-
Save jedy/06c3fb7746f400acf94572d65e63f2cc to your computer and use it in GitHub Desktop.
自动获得let's encrypt的证书
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| package main | |
| // https://blog.kowalczyk.info/article/Jl3G/https-for-free-in-go.html | |
| // To run: | |
| // go run main.go | |
| // Command-line options: | |
| // -production : enables HTTPS on port 443 | |
| // -redirect-to-https : redirect HTTP to HTTTPS | |
| import ( | |
| "context" | |
| "crypto/tls" | |
| "flag" | |
| "fmt" | |
| "io" | |
| "log" | |
| "net/http" | |
| "time" | |
| "golang.org/x/crypto/acme/autocert" | |
| ) | |
| const ( | |
| htmlIndex = `<html><body>Welcome!</body></html>` | |
| httpPort = "127.0.0.1:8080" | |
| ) | |
| var ( | |
| flgProduction = false | |
| flgRedirectHTTPToHTTPS = false | |
| ) | |
| func handleIndex(w http.ResponseWriter, r *http.Request) { | |
| io.WriteString(w, htmlIndex) | |
| } | |
| func makeServerFromMux(mux *http.ServeMux) *http.Server { | |
| // set timeouts so that a slow or malicious client doesn't | |
| // hold resources forever | |
| return &http.Server{ | |
| ReadTimeout: 5 * time.Second, | |
| WriteTimeout: 5 * time.Second, | |
| IdleTimeout: 120 * time.Second, | |
| Handler: mux, | |
| } | |
| } | |
| func makeHTTPServer() *http.Server { | |
| mux := &http.ServeMux{} | |
| mux.HandleFunc("/", handleIndex) | |
| return makeServerFromMux(mux) | |
| } | |
| func makeHTTPToHTTPSRedirectServer() *http.Server { | |
| handleRedirect := func(w http.ResponseWriter, r *http.Request) { | |
| newURI := "https://" + r.Host + r.URL.String() | |
| http.Redirect(w, r, newURI, http.StatusFound) | |
| } | |
| mux := &http.ServeMux{} | |
| mux.HandleFunc("/", handleRedirect) | |
| return makeServerFromMux(mux) | |
| } | |
| func parseFlags() { | |
| flag.BoolVar(&flgProduction, "production", false, "if true, we start HTTPS server") | |
| flag.BoolVar(&flgRedirectHTTPToHTTPS, "redirect-to-https", false, "if true, we redirect HTTP to HTTPS") | |
| flag.Parse() | |
| } | |
| func main() { | |
| parseFlags() | |
| var httpsSrv *http.Server | |
| if flgProduction { | |
| hostPolicy := func(ctx context.Context, host string) error { | |
| // Note: change to your real host | |
| allowedHost := "www.mydomain.com" | |
| if host == allowedHost { | |
| return nil | |
| } | |
| return fmt.Errorf("acme/autocert: only %s host is allowed", allowedHost) | |
| } | |
| dataDir := "." | |
| m := autocert.Manager{ | |
| Prompt: autocert.AcceptTOS, | |
| HostPolicy: hostPolicy, | |
| Cache: autocert.DirCache(dataDir), | |
| } | |
| httpsSrv = makeHTTPServer() | |
| httpsSrv.Addr = ":443" | |
| httpsSrv.TLSConfig = &tls.Config{GetCertificate: m.GetCertificate} | |
| go func() { | |
| fmt.Printf("Starting HTTPS server on %s\n", httpsSrv.Addr) | |
| err := httpsSrv.ListenAndServeTLS("", "") | |
| if err != nil { | |
| log.Fatalf("httpsSrv.ListendAndServeTLS() failed with %s", err) | |
| } | |
| }() | |
| } | |
| var httpSrv *http.Server | |
| if flgRedirectHTTPToHTTPS { | |
| httpSrv = makeHTTPToHTTPSRedirectServer() | |
| } else { | |
| httpSrv = makeHTTPServer() | |
| } | |
| httpSrv.Addr = httpPort | |
| fmt.Printf("Starting HTTP server on %s\n", httpPort) | |
| err := httpSrv.ListenAndServe() | |
| if err != nil { | |
| log.Fatalf("httpSrv.ListenAndServe() failed with %s", err) | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment