README
¶
Go Cloudflare origin http.Server
Documentation
¶
Overview ¶
Package origin configures an http.Server to only accept legitimate TLS requests from Cloudflare.
The server will only accept SNI requests matching one of the provided certificates. It can also be configured to only accept requests from Cloudflare IP ranges, and to authenticate origin pulls.
If the above checks fail, TLS handshake fails without leaking server certificates.
See:
https://www.cloudflare.com/ips/ https://origin-pull.cloudflare.com/
Usage:
func main() {
server, err := origin.NewServer("cert.pem", "key.pem", "origin-pull-ca.pem", true)
if err != nil {
log.Fatal(err)
}
http.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) {
io.WriteString(w, "Hello, TLS!\n")
})
log.Fatal(server.ListenAndServeTLS("", ""))
}
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewServer ¶
NewServer creates a Cloudflare origin http.Server.
Filenames containing a certificate and matching private key for the server must be provided. The filename to the origin pull CA certificate is optional.
func NewServerWithCerts ¶
func NewServerWithCerts(filterIPs bool, pullCA *x509.CertPool, cert ...tls.Certificate) *http.Server
NewServerWithCerts creates a Cloudflare origin http.Server from loaded certificates.
At least one server certificate must be provided. The origin pull CA certificate is optional.
Types ¶
This section is empty.
Source Files