├── LICENCE
├── README.md
├── dockerfile
├── go.mod
├── go.sum
└── main.go


/LICENCE:
--------------------------------------------------------------------------------
 1 | This is free and unencumbered software released into the public domain.
 2 | 
 3 | Anyone is free to copy, modify, publish, use, compile, sell, or
 4 | distribute this software, either in source code form or as a compiled
 5 | binary, for any purpose, commercial or non-commercial, and by any
 6 | means.
 7 | 
 8 | In jurisdictions that recognize copyright laws, the author or authors
 9 | of this software dedicate any and all copyright interest in the
10 | software to the public domain. We make this dedication for the benefit
11 | of the public at large and to the detriment of our heirs and
12 | successors. We intend this dedication to be an overt act of
13 | relinquishment in perpetuity of all present and future rights to this
14 | software under copyright law.
15 | 
16 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
17 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
18 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
19 | IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
20 | OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
21 | ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
22 | OTHER DEALINGS IN THE SOFTWARE.
23 | 
24 | For more information, please refer to <http://unlicense.org>
25 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # go-web-base
2 | 
3 | This base provides a dockerized, automatic TLS certificate generating, leightweight web application using go1.11 and Let's Encrypt.
4 | 
5 | See https://brendanr.net/blog/go-docker-https for a more thorough explanation.
6 | 


--------------------------------------------------------------------------------
/dockerfile:
--------------------------------------------------------------------------------
 1 | # Accept the Go version for the image to be set as a build argument.
 2 | # Default to Go 1.11
 3 | ARG GO_VERSION=1.11
 4 | 
 5 | # First stage: build the executable.
 6 | FROM golang:${GO_VERSION}-alpine AS builder
 7 | 
 8 | # Git is required for fetching the dependencies.
 9 | RUN apk add --no-cache ca-certificates git
10 | 
11 | # Set the working directory outside $GOPATH to enable the support for modules.
12 | WORKDIR /src
13 | 
14 | # Fetch dependencies first; they are less susceptible to change on every build
15 | # and will therefore be cached for speeding up the next build
16 | COPY ./go.mod ./go.sum ./
17 | RUN go mod download
18 | 
19 | # Import the code from the context.
20 | COPY ./ ./
21 | 
22 | # Build the executable to `/app`. Mark the build as statically linked.
23 | RUN CGO_ENABLED=0 go build \
24 |     -installsuffix 'static' \
25 |     -o /app .
26 | 
27 | # Final stage: the running container.
28 | FROM scratch AS final
29 | 
30 | # Import the compiled executable from the first stage.
31 | COPY --from=builder /app /app
32 | # Import the root ca-certificates (required for Let's Encrypt)
33 | COPY --from=builder /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
34 | 
35 | # Expose both 443 and 80 to our application
36 | EXPOSE 443
37 | EXPOSE 80
38 | 
39 | # Mount the certificate cache directory as a volume, so it remains even after
40 | # we deploy a new version
41 | VOLUME ["/cert-cache"]
42 | 
43 | # Run the compiled binary.
44 | ENTRYPOINT ["/app"]
45 | 


--------------------------------------------------------------------------------
/go.mod:
--------------------------------------------------------------------------------
1 | module github.com/bmon/go-web-base
2 | 
3 | require golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869
4 | 


--------------------------------------------------------------------------------
/go.sum:
--------------------------------------------------------------------------------
1 | golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869 h1:kkXA53yGe04D0adEYJwEVQjeBppL01Exg+fnMjfUraU=
2 | golang.org/x/crypto v0.0.0-20181112202954-3d3f9f413869/go.mod h1:6SG95UA2DQfeDnfUPMdvaQW0Q7yPrPDi9nlGo2tz2b4=
3 | 


--------------------------------------------------------------------------------
/main.go:
--------------------------------------------------------------------------------
 1 | package main
 2 | 
 3 | import (
 4 | 	"crypto/tls"
 5 | 	"net/http"
 6 | 
 7 | 	"golang.org/x/crypto/acme/autocert"
 8 | )
 9 | 
10 | func main() {
11 | 	mux := http.NewServeMux()
12 | 	mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
13 | 		w.Write([]byte("Hello world"))
14 | 	})
15 | 
16 | 	certManager := autocert.Manager{
17 | 		Prompt: autocert.AcceptTOS,
18 | 		Cache:  autocert.DirCache("/cert-cache"),
19 | 		// Put your domain here:
20 | 		HostPolicy: autocert.HostWhitelist("kappa.serv.brendanr.net"),
21 | 	}
22 | 
23 | 	server := &http.Server{
24 | 		Addr:    ":443",
25 | 		Handler: mux,
26 | 		TLSConfig: &tls.Config{
27 | 			GetCertificate: certManager.GetCertificate,
28 | 		},
29 | 	}
30 | 
31 | 	go http.ListenAndServe(":80", certManager.HTTPHandler(nil))
32 | 	server.ListenAndServeTLS("", "")
33 | }
34 | 


--------------------------------------------------------------------------------