Skip to content
A Simple, Secured Default HTTP(S) Server for Golang
Go
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
.gitignore
LICENSE
readme.md
secureserver.go

readme.md

Go secureserver

Out-of-the-box, Go is a fully capable HTTP/HTTPS server. However, it is not configured correctly to avoid malicious clients, timeouts, or even simple SSL auto setup with LetsEncrypt.org.

This repository exists to help go developers launch a secure, simple HTTPS server.

This configuration blocks major attacks like:

  • BEAST attack
  • POODLE (SSLv3)
  • POODLE (TLS)
  • Heartbleed
  • CRIME
  • FUBAR
  • OpenSSL CCS vulnerability (CVE-2014-0224)
  • OpenSSL Padding Oracle vulnerability

Achieving forward secrecy and low server load are a focus.

Reading

Install

go get github.com/xeoncross/secureserver

Demo Server

You can quickly run a test HTTP/HTTPS server like so:

package main

import (
  "github.com/xeoncross/secureserver"
)

func main() {
  domain := "example.com"
  HSTS := false // enable/disable HSTS
  secureserver.RunHTTPRedirectServer()
  secureserver.RunDemoHTTPSServer(domain, HSTS) // blocks
}

Usage

package main

import (
  "github.com/xeoncross/secureserver"
)

func main() {
  domain := "example.com"
  secureserver.RunHTTPRedirectServer()
  s := secureserver.GetHTTPSServer(domain)

  mux := http.NewServeMux()
  mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
    w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
    w.Write([]byte("This is an example server on " + domain + ".\n"))
  })

  s.Handler = mux

  log.Fatal(s.ListenAndServeTLS("", ""))
}

Todo

Contributions Required

To serve a source of information about current Go best-practices; pull requests, issues, and documentation are welcome.

You can’t perform that action at this time.