secureserver

package module

v0.0.0-...-ac8d81a Latest Latest Go to latest Published: Dec 26, 2016 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/Xeoncross/secureserver

Links

Open Source Insights

README ¶

Go secureserver

Out-of-the-box, Go is a fully capable HTTP/HTTPS server. However, it is not configured correctly to avoid malicious clients, timeouts, or even simple SSL auto setup with LetsEncrypt.org.

This repository exists to help go developers launch a secure, simple HTTPS server.

This configuration blocks major attacks like:

BEAST attack
POODLE (SSLv3)
POODLE (TLS)
Heartbleed
CRIME
FUBAR
OpenSSL CCS vulnerability (CVE-2014-0224)
OpenSSL Padding Oracle vulnerability

Achieving forward secrecy and low server load are a focus.

Reading

Install

go get github.com/xeoncross/secureserver

Demo Server

You can quickly run a test HTTP/HTTPS server like so:

package main

import (
  "github.com/xeoncross/secureserver"
)

func main() {
  domain := "example.com"
  HSTS := false // enable/disable HSTS
  secureserver.RunHTTPRedirectServer()
  secureserver.RunDemoHTTPSServer(domain, HSTS) // blocks
}

Usage

package main

import (
  "github.com/xeoncross/secureserver"
)

func main() {
  domain := "example.com"
  secureserver.RunHTTPRedirectServer()
  s := secureserver.GetHTTPSServer(domain)

  mux := http.NewServeMux()
  mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
    w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains")
    w.Write([]byte("This is an example server on " + domain + ".\n"))
  })

  s.Handler = mux

  log.Fatal(s.ListenAndServeTLS("", ""))
}

Todo

Implement support for graceful shutdown

Contributions Required

To serve a source of information about current Go best-practices; pull requests, issues, and documentation are welcome.

Documentation ¶

Index ¶

Variables
func GetCertificate(domain string) autocert.Manager
func GetHTTPSServer(domain string) (s *http.Server)
func RunDemoHTTPSServer(domain string, HSTS bool) (s *http.Server)
func RunHTTPRedirectServer() (s *http.Server)
func TLSConfig(domain string) *tls.Config

Constants ¶

This section is empty.

Variables ¶

View Source

var CipherSuites = []uint16{
	tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
	tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,

	tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
	tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
}

CipherSuites without known attacks or extreme CPU usage https://golang.org/src/crypto/tls/cipher_suites.go#L75

View Source

var Curves = []tls.CurveID{

	tls.CurveP256,
}

Curves without known attacks or extreme CPU usage https://golang.org/src/crypto/tls/common.go#L542

Functions ¶

func GetCertificate ¶

func GetCertificate(domain string) autocert.Manager

GetCertificate using autocert

func GetHTTPSServer ¶

func GetHTTPSServer(domain string) (s *http.Server)

GetHTTPSServer fully secured

func RunDemoHTTPSServer ¶

func RunDemoHTTPSServer(domain string, HSTS bool) (s *http.Server)

RunDemoHTTPSServer to demo a working example

func RunHTTPRedirectServer ¶

func RunHTTPRedirectServer() (s *http.Server)

RunHTTPRedirectServer to send all HTTP traffic to HTTPS

func TLSConfig ¶

func TLSConfig(domain string) *tls.Config

TLSConfig for including autocert manager

Types ¶

This section is empty.

Source Files ¶

View all Source files

secureserver.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL