-
-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: support autocert #267
Conversation
Thanks for opening this pull request! 馃帀 Please check out our contributing guidelines. If you want to chat with us, join ons on Telegram https://t.me/gofiber |
it seems good to me, but I have a question. Do you want to say that to make renew certs using lib acme, right? |
@renanbastos93 Yes, renew certs using lib instead of manual. Another Go web framework called echo also use autocert to automatic renew certs, see it's doc Auto TLS Recipe. |
How nice, I will review your code |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
@mthli, Listen accepts a package main
import (
"crypto/tls"
"github.com/gofiber/fiber"
"golang.org/x/crypto/acme/autocert"
)
func main() {
app := fiber.New()
app.Get("/", func(c *fiber.Ctx) {
c.Send("Hi TLS")
})
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist("example.com"),
Cache: autocert.DirCache("./certs"),
}
tls := &tls.Config{
GetCertificate: m.GetCertificate,
}
app.Listen(443, tls)
} |
@Fenny the following code will work: package main
import (
"crypto/tls"
"log"
"github.com/gofiber/fiber"
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
)
func main() {
app := fiber.New()
app.Get("/", func(c *fiber.Ctx) {
c.Send("Hi TLS")
})
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
HostPolicy: autocert.HostWhitelist("example.com"), // replaced with your domain.
Cache: autocert.DirCache("./certs"),
}
tls := &tls.Config{
GetCertificate: m.GetCertificate,
// Must add acme.ALPNProto to NextProtos for TLS-ALPN-01.
// Or just use m.TLSConfig() and remove it's NextProtos "h2" string.
NextProtos: []string{
"http/1.1", acme.ALPNProto,
},
}
err := app.Listen(443, tls)
if err != nil {
log.Fatal(err)
}
} Since Let鈥檚 Encrypt has rate limits, it's recommended to use it's staging environment to test the code, see the doc Staging Environment. Here are some brief test steps:
Also, move to the recipes repo should be a better choice 馃槃 |
@mthli Awesome, I added it to the recipes :-) |
Golang has a package called autocert which provides automatic access to certificates from Let's Encrypt and any other ACME-based CA. Since Let鈥檚 Encrypt certificates are valid for 90 days , automatic renew certificates is very convenient.
I want to use autocert with fiber but this issue #200 didn't completely solve my problem. So I adapted autocert to fiber by myself, and it works really nice. I think it's time to create a PR to this project.
This sample code shows how this PR works:
馃嵒