tjamet/tls-http-server.go

## tls-http-server.go
// From https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3223
// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
// connections. It's used by ListenAndServe and ListenAndServeTLS so
// dead TCP connections (e.g. closing laptop mid-download) eventually
// go away.
type tcpKeepAliveListener struct {
	*net.TCPListener
}

func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
	tc, err := ln.AcceptTCP()
	if err != nil {
		return
	}
	tc.SetKeepAlive(true)
	tc.SetKeepAlivePeriod(3 * time.Minute)
	return tc, nil
}

// ListenAndServeTLSKeyPair start a server using in-memory TLS KeyPair
func ListenAndServeTLSKeyPair(addr string, cert tls.Certificate, handler http.Handler) error {

	// as defined in https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3034
	if addr == "" {
		addr = ":https"
	}
	// as defined in https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3037
	ln, err := net.Listen("tcp", addr)
	if err != nil {
		return err
	}
	server := &http.Server{
		Addr:    addr,
		Handler: handler,
		TLSConfig: &tls.Config{
      // alternatifely we can use GetCertificate func(*ClientHelloInfo) (*Certificate, error)
      // for host-dependant certificates (possibly let's encrypt)
			Certificates: []tls.Certificate{cert},
		},
	}
	// if TLS config is defined, and no actual key path is provided, ServeTLS keeps the certificate
	// https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L2832
	return server.ServeTLS(ln, "", "")
}
	// From https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3223
	// tcpKeepAliveListener sets TCP keep-alive timeouts on accepted
	// connections. It's used by ListenAndServe and ListenAndServeTLS so
	// dead TCP connections (e.g. closing laptop mid-download) eventually
	// go away.
	type tcpKeepAliveListener struct {
	*net.TCPListener
	}

	func (ln tcpKeepAliveListener) Accept() (c net.Conn, err error) {
	tc, err := ln.AcceptTCP()
	if err != nil {
	return
	}
	tc.SetKeepAlive(true)
	tc.SetKeepAlivePeriod(3 * time.Minute)
	return tc, nil
	}

	// ListenAndServeTLSKeyPair start a server using in-memory TLS KeyPair
	func ListenAndServeTLSKeyPair(addr string, cert tls.Certificate, handler http.Handler) error {

	// as defined in https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3034
	if addr == "" {
	addr = ":https"
	}
	// as defined in https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L3037
	ln, err := net.Listen("tcp", addr)
	if err != nil {
	return err
	}
	server := &http.Server{
	Addr: addr,
	Handler: handler,
	TLSConfig: &tls.Config{
	// alternatifely we can use GetCertificate func(ClientHelloInfo) (Certificate, error)
	// for host-dependant certificates (possibly let's encrypt)
	Certificates: []tls.Certificate{cert},
	},
	}
	// if TLS config is defined, and no actual key path is provided, ServeTLS keeps the certificate
	// https://github.com/golang/go/blob/c0547476f342665514904cf2581a62135d2366c3/src/net/http/server.go#L2832
	return server.ServeTLS(ln, "", "")
	}