Standard Go web server, with lots of added extras to get you up and running fast and securely.
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


Go Report Card

Visit the Fortress Go web site.

Easily write secure, fast, production-ready web sites and servers in Golang.

Want to create a secure site in Go? It's a fantastic choice but unlike Ruby (with Rails), C# (with Asp.Net MVC), or Python (with Django or Flask) it isn't obvious where to start if you want to go beyond the (excellent) tutorials on request routing, handlers, and middleware.

Include Fortress Go in your own application and with a simple set of configuration options you get a standard server with masses of extras built in. Deploy with confidence.

  • Standard HTTP(S) server with standard handlers and routing.
  • Automatic LetsEncrypt (HTTPS) by specifying port 443.
  • Restrict the server by hostname.
  • Serve static assets (CSS, JavaScript etc) from a specified folder.
  • HTML templates automatically loaded and cached.
  • Helper method executes any cached template with any data.
  • Built-in template functions including Markdown rendering.
  • Panic handling (server continues).
  • Request logging in Apache format (stdout or custom destination).
  • Secure and encrypted cookies with explicit lifetimes and easy usage.
  • Cookie based session support.
  • User login/logout/get current.
  • Public and signed-in routes.
  • Per request cookie based CSRF.
  • CORS with support for headers, methods, and origins.
  • CSP (content security policy) for default, styles, and scripts.
  • Optional middleware converts from status codes to displaying an error template.
  • Optional database (MySQL/MariaDB currently) ping at startup with connection made available to all handlers.
  • Load server configuration from a config file.
  • Enforce JSON or XML content types for a request (and set response content type).
  • Session-based flash messages with optional remove-on-retrieval.

Note that although MySQL/MariaDB is mentioned above, the server is standard Go so other database options can be used as normal.

How do I use it?

It's ready and fully usable, though not yet documented. In the meantime the example folder (see below) shows how incredibly simple it can be.


  • Go v1.7 or later

What does it use in the background?

Standing on the shoulders of giants ...

  • The Go standard library authors
  • Gorilla web toolkit - cookies, sessions, routing, logging, panics
  • Russ Ross - Black Friday for Markdown rendering
  • LetsEncrypt - issuers for auto-renewing certificates
  • Julian Schmidt and others for the MySQL library
  • Jason Moiron for the SQLX extensions

Custom code has been kept to a minimum and mostly consists of setup/orchestration/simplification of the above. The exceptions are CSRF, CORS, CSP, simple user protection, and configuration loading. These were added by myself.

Possibly incoming (in no particular order)

  • Error logging (possibly to a third party).
  • Response caching.

Running the example

The example folder contains an example of how to use the Fortress Go package.

There are pre-built cross-platform versions, but do not run them directly from the example/builds subfolder as they will be unable to find their templates and static content due to the path. Run them like so:

cd example

./builds/macos/example  # Mac OS
./builds/linux/example  # Linux
builds/windows/example  # Windows

There are a few sample handlers, the routes to which can be found in example/main.go - also linked to on a menu when the example runs. Press Ctrl-C to stop the server.

The example has a config.ini file holding its settings, and the main.go file shows it being used. You can ignore that file and set all the options directly by populating your own ServerConfig in code.

Changing Fortress Go itself

If you are writing your own site and are including Fortress Go as it stands then you don't need to read any further. What follows is for people who want to make changes to Fortress Go's own behaviour.

Build and run the example for your current system

dep ensure
cd example

go build -o builds/macos/example && ./builds/macos/example  # Mac OS
go build -o builds/linux/example && ./builds/linux/example  # Linux
go build -o builds\windows\example.exe && .\builds\windows\example.exe  # Windows

Create cross-platform builds of the example

Run the script (below) that corresponds to your system. Each of the three scripts builds for all three platforms.

dep ensure
cd example

./scripts/  # Mac OS
./scripts/  # Linux
.\scripts\windows.bat  # Windows