package module
v0.0.0-...-f2547d4 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 12, 2022 License: MIT Imports: 13 Imported by: 1


Simple Secure Server

Go Report Card Documentation GitHub issues license Mentioned in Awesome Go

  • Your server must be reachable through the provided domain name, this is how LetsEncrypt verifies domain ownership and grants your server a trusted certificate
With Default Values:
ss, err := sslmgr.NewSecureServer(handler, "")
if err != nil {

Note: This option uses the file system as the certificate cache. If your use case does not have a persistent file system, you should provide a value for CertCache in the ServerConfig as shown below.

With Optional Values:

(Using the certcache library to define a cache)

ss, err := sslmgr.NewServer(sslmgr.ServerConfig{
	Hostnames: []string{os.Getenv("CN_FOR_CERTIFICATE")},
	HTTPPort:  ":80",
	HTTPSPort: ":443",
	Handler:   h,
	ServeSSLFunc: func() bool {
		return strings.ToLower(os.Getenv("PROD")) == "true"
	CertCache: certcache.NewLayered(
	ReadTimeout:         5 * time.Second,
	WriteTimeout:        5 * time.Second,
	IdleTimeout:         25 * time.Second,
	GracefulnessTimeout: 5 * time.Second,
	GracefulShutdownErrHandler: func(e error) {
if err != nil {





This section is empty.


View Source
var (
	// ErrNoHostname is returned whenever a user calls NewSecureServer
	// without any hostnames in the config
	ErrNoHostname = errors.New("no hostnames provided")

	// ErrNoHandler is returned whenever a user calls NewSecureServer
	// with a nil http.Handler in the config
	ErrNoHandler = errors.New("server handler cannot be nil")

	// ErrNotAnInteger is returned whenever a user calls NewSecureServer with
	// port definitions which do not correspont to integers. i.e. "not a number"
	ErrNotAnInteger = errors.New("port number must be a numerical string")


This section is empty.


type SecureServer

type SecureServer struct {
	// contains filtered or unexported fields

SecureServer is a server which abstracts away acme/autocert's certificate manager and server configuration

func NewSecureServer

func NewSecureServer(h http.Handler, hostnames ...string) (*SecureServer, error)

NewSecureServer returns a SecureServer with default configuration

func NewServer

func NewServer(c ServerConfig) (*SecureServer, error)

NewServer returns a SecureServer with the given config applied

func (*SecureServer) ListenAndServe

func (ss *SecureServer) ListenAndServe()

ListenAndServe starts the secure server

type ServerConfig

type ServerConfig struct {
	// Hostnames for which the server is allowed to serve HTTPS.
	// If the server receives an https request through a DNS name or IP
	// not contained in this list, the request will be denied
	Hostnames []string

	// The server's http handler
	Handler http.Handler

	// ServeSSLFunc is called to determine whether to serve HTTPS
	// or not. This function's enables users to purpusely disable
	// HTTPS i.e. for local development.
	// Default behavior is to serve HTTPS
	ServeSSLFunc func() bool

	// An implementation of the autocert.Cache interface, which autocert
	// will use to store and manage certificates. It is strongly recommended
	// to provide this field.
	// Default behavior is to store at "." in the file system
	CertCache autocert.Cache

	// Default value is ":443"
	HTTPSPort string

	// Default value is ":80"
	HTTPPort string

	// Default value is 5 seconds
	ReadTimeout time.Duration

	// Default value is 5 seconds
	WriteTimeout time.Duration

	// Default value is 25 seconds
	IdleTimeout time.Duration

	// Default value is 5 seconds
	GracefulnessTimeout time.Duration

	// GracefulShutdownErrHandler is called to handle the event of an error during
	// a graceful shutdown (accept no more connections, and wait for existing
	// ones to finish within the GracefulnessTimeout)
	// Default value is a NOP
	GracefulShutdownErrHandler func(error)

ServerConfig holds configuration to initialize a SecureServer. Requied Fields: Hostnames and Handler Note that it is strongly recommended not to use the default CertCache


Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL