Does anybody have experience using this? If so, I was hoping to ask you a few questions please! Thank you ahead of time!
评论:
nhooyr:
theunseen:What do you mean by "Secure" for Gin?
nhooyr:Secure is middleware for using HTTPS.
theunseen:Can you link to this middleware? I'm not quite sure what you mean by "middleware" here. Why would you need middleware to use HTTPS?
nhooyr:
theunseen:No reason it shouldn't work. Are you encountering any problems?
nhooyr:I'm pretty noob so I'm not sure if it is working. I have it set to redirect to HTTPS so it ensures to use HTTPS but I can't see where it sets the certificate (I'd like to use a self-signed certificate) that is used for HTTPS so I'm not even sure it's doing HTTPS properly. Chrome also gives me an error when trying to access the HTTPS endpoint. Yes, I realize I'm pretty noob at this so what I'm writing may seem completely ridiculous :P
theunseen:It's not setting up HTTPS for you, it's merely setting some headers for extra security. You have to set up HTTPS manually. See net/http in godoc.
1lann:OH. OK, that makes a lot more sense. Thank you.
theunseen:Why not just ask your questions in your post? Input from open discussions are valuable, not everyone's use cases or requirements are the same.
1lann:True, sorry. Basically was wondering how to specify a certificate to use for HTTPS. In the README, I saw the Secure options, but it doesn't seem to specify where I actually specify which certificate it uses for HTTPS. I'm also completely new at this, so yeah... Sorry.
itsmontoya:OK I'll clarify some things. "Secure" is a library that helps you to add HTTP headers recommended for security reasons, it is meant to be used in conjunction with HTTPS, but does not provide HTTPS. The headers are added to prevent XSS (Cross-site scripting) and CSRF (Cross-site request forgery).
Gin has its own "secure" library here. You can find an example use here.
It is recommended to use both HTTPS and the "secure" package's headers. To use HTTPS in Gin, simply replace
router.Run() // where typically: router := gin.Default()
with
http.ListenAndServeTLS(":443", "/path/to/cert.pem", "/path/to/key.pem", router)
Don't forget to add
"http"
to your import list at the top of your Go file too.I should also mention that people typically don't use HTTPS at the web application level, but rather at the reverse proxy. So the web application will be listening with HTTP on a firewalled port, and the reverse proxy will be listening port 80/443, and will forward the request to the web application. This allows you to serve multiple websites under the same server. Such examples of reverse proxies include nginx, Apache httpd (which I recommend against), and Caddy. I personally recommend Caddy, as it's easy to setup, is written in Go, so supports Go middleware, and has automatic HTTPS through Let's Encrypt.
theunseen:ListenAndServeTLS and pass the gin.Engine as the handler
itsmontoya:I did see ListenAndServeTLS, but that doesn't seem to use Secure?
ListenAndServeTLS is the method for listening for secure connections