feat: support autocert

[mthli]

Golang has a package called autocert which provides automatic access to certificates from Let's Encrypt and any other ACME-based CA. Since Let’s Encrypt certificates are valid for 90 days , automatic renew certificates is very convenient.

I want to use autocert with fiber but this issue #200 didn't completely solve my problem. So I adapted autocert to fiber by myself, and it works really nice. I think it's time to create a PR to this project.

This sample code shows how this PR works:

package main

import (
	"log"

	"github.com/gofiber/fiber"
	"golang.org/x/crypto/acme/autocert"
)

...

func run(app *fiber.Fiber) {
	// Initialize the autocert.Manager m's Cache, HostPolicy, Prompt, 
	// and other desired options by yourself.
	m := &autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist("yourDomain"),
		Cache:      autocert.DirCache("yourCertsDirPath"),
	}

	// Then just call ListenAutoTLS.
	err := app.ListenAutoTLS(443, m)
	if err != nil {
		log.Fatal(err)
	}
}

🍻

[welcome]

Thanks for opening this pull request! 🎉 Please check out our contributing guidelines. If you want to chat with us, join ons on Telegram https://t.me/gofiber

[renanbastos93]

Golang has a package called autocert which provides automatic access to certificates from Let's Encrypt and any other ACME-based CA. Since Let’s Encrypt certificates are valid for 90 days , automatic renew certificates is very convenient.

I want to use autocert with fiber but this issue #200 didn't completely solve my problem. So I adapted autocert to fiber by myself, and it works really nice. I think it's time to create a PR to this project.

This sample code shows how this PR works:

package main

import (
	"log"

	"github.com/gofiber/fiber"
	"golang.org/x/crypto/acme/autocert"
)

...

func run(app *fiber.Fiber) {
	// Initialize the autocert.Manager m's Cache, HostPolicy, Prompt, 
	// and other desired options by yourself.
	m := &autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist("yourDomain"),
		Cache:      autocert.DirCache("yourCertsDirPath"),
	}

	// Then just call ListenAutoTLS.
	err := app.ListenAutoTLS(443, m)
	if err != nil {
		log.Fatal(err)
	}
}

🍻

it seems good to me, but I have a question.

Do you want to say that to make renew certs using lib acme, right?

[mthli]

@renanbastos93 Yes, renew certs using lib instead of manual. Another Go web framework called echo also use autocert to automatic renew certs, see it's doc Auto TLS Recipe.

[renanbastos93]

@renanbastos93 Yes, renew certs using lib instead of manual. Another Go web framework called echo also use autocert to automatic renew certs, see it's doc Auto TLS Recipe.

How nice, I will review your code

[renanbastos93]

LGTM

[Fenny]

@mthli, Listen accepts a *tls.Config argument. So the following example should do the job, if you could confirm it works I can add it to the recipes repo 👍

package main

import (
    "crypto/tls"

    "github.com/gofiber/fiber"
    "golang.org/x/crypto/acme/autocert"
)

func main() {
    app := fiber.New()

    app.Get("/", func(c *fiber.Ctx) {
        c.Send("Hi TLS")
    })

    m := &autocert.Manager{
        Prompt:     autocert.AcceptTOS,
        HostPolicy: autocert.HostWhitelist("example.com"),
        Cache:      autocert.DirCache("./certs"),
    }

    tls := &tls.Config{
        GetCertificate: m.GetCertificate,
    }

    app.Listen(443, tls)
}

[mthli]

@Fenny the following code will work:

package main

import (
	"crypto/tls"
	"log"

	"github.com/gofiber/fiber"
	"golang.org/x/crypto/acme"
	"golang.org/x/crypto/acme/autocert"
)

func main() {
	app := fiber.New()

	app.Get("/", func(c *fiber.Ctx) {
		c.Send("Hi TLS")
	})

	m := &autocert.Manager{
		Prompt:     autocert.AcceptTOS,
		HostPolicy: autocert.HostWhitelist("example.com"), // replaced with your domain.
		Cache:      autocert.DirCache("./certs"),
	}

	tls := &tls.Config{
		GetCertificate: m.GetCertificate,
		// Must add acme.ALPNProto to NextProtos for TLS-ALPN-01.
		// Or just use m.TLSConfig() and remove it's NextProtos "h2" string.
		NextProtos: []string{
			"http/1.1", acme.ALPNProto,
		},
	}

	err := app.Listen(443, tls)
	if err != nil {
		log.Fatal(err)
	}
}

Since Let’s Encrypt has rate limits, it's recommended to use it's staging environment to test the code, see the doc Staging Environment. Here are some brief test steps:

1. Open the package source code autocert.go , change DefaultACMEDirectory value to https://acme-staging-v02.api.letsencrypt.org/directory and save.
2. Exec go build -a to force rebuilding all packages in your VPS.
3. Download the staging environment intermediate certificate from the doc to your computer, add it to your computer trust store.
4. Open a browser to visit your domain, you will see Hi LTS string.

Also, move to the recipes repo should be a better choice 😄

[Fenny]

@mthli Awesome, I added it to the recipes :-)
https://github.com/gofiber/recipes/blob/master/autocert/main.go