Introduction
Nowadays, there is no HTTPS on the website. I feel embarrassed to meet people.
HyperText Transfer Protocol Secure (English: HTTPS; commonly known as HTTP over TLS, HTTP over SSL or HTTP Secure) is a transmission protocol that communicates securely over a computer network. HTTPS communicates over HTTP, but uses SSL/TLS to encrypt packets. The main purpose of HTTPS development is to provide authentication of website servers and protect the privacy and integrity of exchanged data. This agreement was first proposed by Netscape in 1994 and later expanded to the Internet.
HTTPS trust is based on a certificate authority (CA) pre-installed in the operating system. Therefore, an HTTPS connection to a website can be trusted only in these cases:
- The browser correctly implements HTTPS and the operating system is equipped with a correct and trusted certificate authority;
- Certificate authorities trust only legal websites;
- The visited website provides a valid certificate, which means it is issued by a certificate authority trusted by the operating system (most browsers will issue warnings for invalid certificates);
- This certificate correctly verifies the visited website (e.g., visitwhen I received a certificate issued to other domain names instead of other domain names);
- The encryption layer (SSL/TLS) of this protocol can effectively provide authentication and high-strength encryption.
The main purpose is:
- Safe transfer of data
- Prevent man-in-the-middle attacks and eavesdropping
- Verify the trustworthiness of the server
practice
Using HTTPS in Go is also very simple, with the interface as follows:
func (srv *Server) ListenAndServe() error func (srv *Server) ListenAndServeTLS(certFile, keyFile string) error
Just compare it and you will know that HTTPS can be implemented by only two parameters.
These two parameters are the path of the certificate file and the path of the private key file.
Usually to obtain these two files, you need to obtain them from the certificate authority.
Although there are free ones, they are still quite troublesome and usually require a domain name.
For simplicity, self-signed certificates are used here. Of course, such certificates will not be trusted by the browser.
Generate certificate and private key
If it is a Windows system, it can be run in git bash.MSYS_NO_PATHCONV=1 It is an environment variable specially set for git bash. If not, it will report an error.
MSYS_NO_PATHCONV=1 openssl req -new -nodes -x509 -out -keyout -days 3650 -subj "/C=CN/ST=SH/L=SH/O=CoolCat/OU=CoolCat Software/CN=127.0.0.1/emailAddress=coolcat@"
For PowerShell version, you need to specify the configuration path -config, the default should be "C:\Program Files\Git\usr\ssl\".
openssl req -config "C:\Program Files\Git\usr\ssl\" -new -nodes -x509 -out -keyout -days 3650 -subj "/C=CN/ST=SH/L=SH/O=CoolCat/OU=CoolCat Software/CN=127.0.0.1/emailAddress=coolcat@"
It can be run directly under Linux.
openssl req -new -nodes -x509 -out -keyout -days 3650 -subj "/C=CN/ST=SH/L=SH/O=CoolCat/OU=CoolCat Software/CN=127.0.0.1/emailAddress=coolcat@"
This command will generate a certificate file and a private key file in the current directory, and will be copied to the project's conf directory.
Modify the configuration file
Add HTTPS-related parameters in the configuration file conf/.
tls: addr: :443 # HTTPS binding port cert: conf/ # Self-issued digital certificate key: conf/ # Private key file
The default port of HTTPS is 443, which is also configured as 443, so that the port number can be omitted in the URL.
Modify the startup function
At the beginning, the startup function is to start the HTTP server in goroutine.
Here is a goroutine to start the HTTPS server.
// Start https servicecert := ("")
key := ("")
addrTLS := ("")
if cert != "" && key != "" {
go func() {
// Wait for the http service to start normally <-wait
("Start the server in https address: %s", addrTLS)
= addrTLS
if err := (cert, key); err != nil && err != {
("listen on https: %s\n", err)
}
}()
}
After starting, you can verify it through https://127.0.0.1/v1/check/cpu.
Opening it in the browser will definitely show that it is unsafe because the certificate cannot pass the verification.
Summarize
HTTPS is a trend and the future. For security of API interfaces, HTTPS is generally required.
Moreover, it is quite simple to use HTTPS in Go. Just change to a function ending with TLS.
You can also use only HTTPS, prohibit HTTP external services,
Just modify the HTTP configuration parameter addr to localhost:port.
The code for the current part
As versionv0.10.0
The above is all the content of this article. I hope it will be helpful to everyone's study and I hope everyone will support me more.