Easily write secure, fast, production-ready web sites and servers in Golang.
Want to create a secure site in Go? It's a fantastic choice but unlike Ruby (with Rails), C# (with Asp.Net MVC), or Python (with Django or Flask) it isn't obvious where to start if you want to go beyond the (excellent) tutorials on request routing, handlers, and middleware.
Include Fortress Go in your own application and with a simple set of configuration options you get a standard server with masses of extras built in. Deploy with confidence.
- Standard HTTP(S) server with standard handlers and routing.
- Automatic LetsEncrypt (HTTPS) by specifying port 443.
- Restrict the server by hostname.
- HTML templates automatically loaded and cached.
- Helper method executes any cached template with any data.
- Built-in template functions including Markdown rendering.
- Panic handling (server continues).
- Request logging in Apache format (stdout or custom destination).
- Secure and encrypted cookies with explicit lifetimes and easy usage.
- Cookie based session support.
- User login/logout/get current.
- Public and signed-in routes.
- Per request cookie based CSRF.
- CORS with support for headers, methods, and origins.
- CSP (content security policy) for default, styles, and scripts.
- Optional middleware converts from status codes to displaying an error template.
- Optional database (MySQL/MariaDB currently) ping at startup with connection made available to all handlers.
- Load server configuration from a config file.
- Enforce JSON or XML content types for a request (and set response content type).
- Session-based flash messages with optional remove-on-retrieval.
Note that although MySQL/MariaDB is mentioned above, the server is standard Go so other database options can be used as normal.
How do I use it?
It's ready and fully usable, though not yet documented.
In the meantime the
example folder (see below) shows how incredibly simple it can be.
- Go v1.7 or later
What does it use in the background?
Standing on the shoulders of giants ...
- The Go standard library authors
- Gorilla web toolkit - cookies, sessions, routing, logging, panics
- Russ Ross - Black Friday for Markdown rendering
- LetsEncrypt - issuers for auto-renewing certificates
- Julian Schmidt and others for the MySQL library
- Jason Moiron for the SQLX extensions
Custom code has been kept to a minimum and mostly consists of setup/orchestration/simplification of the above. The exceptions are CSRF, CORS, CSP, simple user protection, and configuration loading. These were added by myself.
Possibly incoming (in no particular order)
- Error logging (possibly to a third party).
- Response caching.
Running the example
example folder contains an example of how to use the Fortress Go package.
There are pre-built cross-platform versions, but do not run them directly from the
example/builds subfolder as they will be unable to find their templates and static content due to the path. Run them like so:
cd example ./builds/macos/example # Mac OS ./builds/linux/example # Linux builds/windows/example # Windows
There are a few sample handlers, the routes to which can be found in
They are also mostly linked to on a menu when the example runs.
Press Ctrl-C to stop the server.
Changing Fortress Go itself
If you are writing your own site and are including Fortress Go as it stands then you don't need to read any further. What follows is for people who want to make changes to Fortress Go's own behaviour.
Build and run the example for your current system
dep ensure cd example go build -o builds/macos/example && ./builds/macos/example # Mac OS go build -o builds/linux/example && ./builds/linux/example # Linux go build -o builds\windows\example.exe && .\builds\windows\example.exe # Windows
Create cross-platform builds of the example
Run the script (below) that corresponds to your system. Each of the three scripts builds for all three platforms.
dep ensure cd example ./scripts/macos.sh # Mac OS ./scripts/linux.sh # Linux .\scripts\windows.bat # Windows