secureserver

by Xeoncross

Xeoncross / secureserver

A Simple, Secured Default HTTP(S) Server for Golang

128 Stars 7 Forks Last release: Not found MIT License 9 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

Go secureserver

Out-of-the-box, Go is a fully capable HTTP/HTTPS server. However, it is not configured correctly to avoid malicious clients, timeouts, or even simple SSL auto setup with LetsEncrypt.org.

This repository exists to help go developers launch a secure, simple HTTPS server.

This configuration blocks major attacks like:

  • BEAST attack
  • POODLE (SSLv3)
  • POODLE (TLS)
  • Heartbleed
  • CRIME
  • FUBAR
  • OpenSSL CCS vulnerability (CVE-2014-0224)
  • OpenSSL Padding Oracle vulnerability

Achieving forward secrecy and low server load are a focus.

Reading

  • https://blog.bracebin.com/achieving-perfect-ssl-labs-score-with-go
  • https://blog.gopheracademy.com/advent-2016/exposing-go-on-the-internet/
  • https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
  • https://cipherli.st/
  • https://wiki.mozilla.org/Security/ServerSideTLS

Install

go get github.com/xeoncross/secureserver

Demo Server

You can quickly run a test HTTP/HTTPS server like so:

package main

import ( "github.com/xeoncross/secureserver" )

func main() { domain := "example.com" HSTS := false // enable/disable HSTS secureserver.RunHTTPRedirectServer() secureserver.RunDemoHTTPSServer(domain, HSTS) // blocks }

Usage

package main

import ( "github.com/xeoncross/secureserver" )

func main() { domain := "example.com" secureserver.RunHTTPRedirectServer() s := secureserver.GetHTTPSServer(domain)

mux := http.NewServeMux() mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { w.Header().Add("Strict-Transport-Security", "max-age=63072000; includeSubDomains") w.Write([]byte("This is an example server on " + domain + ".\n")) })

s.Handler = mux

log.Fatal(s.ListenAndServeTLS("", "")) }

Todo

Contributions Required

To serve a source of information about current Go best-practices; pull requests, issues, and documentation are welcome.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.