Question about Secure for Gin web framework

xuanbao · · 643 次点击    
这是一个分享于 的资源,其中的信息可能已经有所发展或是发生改变。
<p>Does anybody have experience using this? If so, I was hoping to ask you a few questions please! Thank you ahead of time!</p> <hr/>**评论:**<br/><br/>nhooyr: <pre><p>What do you mean by &#34;Secure&#34; for Gin?</p></pre>theunseen: <pre><p>Secure is middleware for using HTTPS.</p></pre>nhooyr: <pre><p>Can you link to this middleware? I&#39;m not quite sure what you mean by &#34;middleware&#34; here. Why would you need middleware to use HTTPS?</p></pre>theunseen: <pre><p><a href="https://github.com/unrolled/secure" rel="nofollow">https://github.com/unrolled/secure</a></p></pre>nhooyr: <pre><p>No reason it shouldn&#39;t work. Are you encountering any problems?</p></pre>theunseen: <pre><p>I&#39;m pretty noob so I&#39;m not sure if it is working. I have it set to redirect to HTTPS so it ensures to use HTTPS but I can&#39;t see where it sets the certificate (I&#39;d like to use a self-signed certificate) that is used for HTTPS so I&#39;m not even sure it&#39;s doing HTTPS properly. Chrome also gives me an error when trying to access the HTTPS endpoint. Yes, I realize I&#39;m pretty noob at this so what I&#39;m writing may seem completely ridiculous :P</p></pre>nhooyr: <pre><p>It&#39;s not setting up HTTPS for you, it&#39;s merely setting some headers for extra security. You have to set up HTTPS manually. See net/http in godoc.</p></pre>theunseen: <pre><p>OH. OK, that makes a lot more sense. Thank you.</p></pre>1lann: <pre><p>Why not just ask your questions in your post? Input from open discussions are valuable, not everyone&#39;s use cases or requirements are the same.</p></pre>theunseen: <pre><p>True, sorry. Basically was wondering how to specify a certificate to use for HTTPS. In the README, I saw the Secure options, but it doesn&#39;t seem to specify where I actually specify which certificate it uses for HTTPS. I&#39;m also completely new at this, so yeah... Sorry. </p></pre>1lann: <pre><p>OK I&#39;ll clarify some things. &#34;Secure&#34; is a library that helps you to add HTTP headers recommended for security reasons, it is meant to be used in conjunction with HTTPS, but <strong>does not provide HTTPS</strong>. The headers are added to prevent XSS (Cross-site scripting) and CSRF (Cross-site request forgery).</p> <p>Gin has its own &#34;secure&#34; library <a href="https://godoc.org/github.com/gin-gonic/contrib/secure" rel="nofollow">here</a>. You can find an <a href="https://github.com/gin-gonic/contrib/blob/master/secure/example/example.go" rel="nofollow">example use here</a>.</p> <p>It is recommended to use both HTTPS and the &#34;secure&#34; package&#39;s headers. To use HTTPS in Gin, simply replace</p> <p><code> router.Run() // where typically: router := gin.Default() </code></p> <p>with</p> <p><code> http.ListenAndServeTLS(&#34;:443&#34;, &#34;/path/to/cert.pem&#34;, &#34;/path/to/key.pem&#34;, router) </code></p> <p>Don&#39;t forget to add <code>&#34;http&#34;</code> to your import list at the top of your Go file too.</p> <p>I should also mention that people typically don&#39;t use HTTPS at the web application level, but rather at the reverse proxy. So the web application will be listening with HTTP on a firewalled port, and the reverse proxy will be listening port 80/443, and will forward the request to the web application. This allows you to serve multiple websites under the same server. Such examples of reverse proxies include <a href="https://nginx.org/" rel="nofollow">nginx</a>, Apache httpd (which I recommend against), and <a href="https://caddyserver.com/" rel="nofollow">Caddy</a>. I personally recommend Caddy, as it&#39;s easy to setup, is written in Go, so supports Go middleware, and has automatic HTTPS through Let&#39;s Encrypt.</p></pre>itsmontoya: <pre><p>ListenAndServeTLS and pass the gin.Engine as the handler</p></pre>theunseen: <pre><p>I did see ListenAndServeTLS, but that doesn&#39;t seem to use Secure?</p></pre>itsmontoya: <pre><p>ListenAndServeTLS is the method for listening for secure connections</p></pre>

入群交流(和以上内容无关):加入Go大咖交流群,或添加微信:liuxiaoyan-s 备注:入群;或加QQ群:692541889

643 次点击  
加入收藏 微博
暂无回复
添加一条新回复 (您需要 登录 后才能回复 没有账号 ?)
  • 请尽量让自己的回复能够对别人有帮助
  • 支持 Markdown 格式, **粗体**、~~删除线~~、`单行代码`
  • 支持 @ 本站用户;支持表情(输入 : 提示),见 Emoji cheat sheet
  • 图片支持拖拽、截图粘贴等方式上传