-
Notifications
You must be signed in to change notification settings - Fork 1
/
tls.go
39 lines (32 loc) · 1003 Bytes
/
tls.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package server
import (
"crypto/tls"
"embed"
"fmt"
"net/http"
)
// For production environment: expects tls-cert.pem and tls-key.pem in tls directory.
//go:embed all:tls
var tlsFiles embed.FS
// Listens and serves on the given address, using embedded TLS certificate and key files.
// If handler is nil, uses http.DefaultServeMux.
func listenAndServeTLS(address string, handler http.Handler) error {
certFile, err := tlsFiles.ReadFile("tls/tls-cert.pem")
if err != nil {
return fmt.Errorf("tls certificate setup failed: %w", err)
}
keyFile, err := tlsFiles.ReadFile("tls/tls-key.pem")
if err != nil {
return fmt.Errorf("tls key setup failed: %w", err)
}
certificate, err := tls.X509KeyPair(certFile, keyFile)
if err != nil {
return fmt.Errorf("error configuring tls certificate: %w", err)
}
server := &http.Server{
Addr: address,
Handler: handler,
TLSConfig: &tls.Config{Certificates: []tls.Certificate{certificate}},
}
return server.ListenAndServeTLS("", "")
}