Closed gnoirzox closed 7 years ago
kennygrant
commented
7 years ago Just about to push changes to support this as I have them done but not pushed up, and wanted to enable autocert , it is fairly straightforward. I'm currently testing autocert on a smaller site and works perfectly so far.
kennygrant
commented
7 years ago I've now switched over to using autocert and have pushed up the change. It's in server.go, and you just call which wraps some autocert stuff with a simpler interface. You probably also want to redirect all port 80 traffic to your canonical url, and to serve on a lower port you need to use setcap (I use AmbientCapabilities=CAP_NET_BIND_SERVICE in the unit file). See the new server.go file for an example of all of this.
Re using the configs in the exposing go on the internet article, some of those are 1.8 only, so I'm not using all yet - I am experimenting with timeouts but at the moment have those disabled as with 1.8 beta I saw some strange behaviour, so I'm going to wait for stable 1.8 and try enabling them again, I think perhaps I did something wrong so for now I'm mostly using the defaults. Unless your server is very high traffic or actively targetted, the timeouts are unlikely to be a problem.
Hope this helps.
Hi,
I want to release my own project and would also like to execute it as a standalone process without a proxy, like you did lately on golangnews (cf. https://golangnews.com/comments/260).
I suppose that you used the StartTLS() function of fragmenta's server implementation. Did you also modify it to implement the recommended configurations explained in this article (https://blog.gopheracademy.com/advent-2016/exposing-go-on-the-internet/) ?
Also, regarding the ssl certificate with letsencrypt, did you use the certbot script as the autoencrypt package is not stable yet ?
So, could you tell me, please, what configuration would you advise to do ?
Thanks,
(and happy new year!)