Using Caddy as Go package/library for HTTPS certification

(Xpt) #1

Following on Import Caddy in go code and auto-agree to LetsEncrypt terms, I now know that https://godoc.org/github.com/mholt/caddy contains a small example showing how to use this caddy package, via a Caddyfile.

Now, would it be possible to use Caddy package/library just for HTTPS certification? I.e., to setup the HTTPS service and automatically acquired certification from LetsEncrypt? Just that, without any Caddyfile processing handling.

I need my program as minimalist as possible, because its only purpose is to sever an 1x1 pixel, via either HTTP or HTTPS.

I skimmed thought the functions in https://godoc.org/github.com/mholt/caddy, and seems to me such functionality is not exposed. Am I right? If so, would you expose such functionality please @matt?

Thanks

(Xpt) #2

I.e., make the following haddles HTTPS as well, automatically deal with certification accquire/renew from LetsEncrypt.

package main

import (
        "net/http"
)

func sayHello(w http.ResponseWriter, r *http.Request) {
        w.Write([]byte(<my 1x1 pixel>))
}

func main() {
        http.HandleFunc("/", sayHello)
        println("Starting server on port 80")
        if err := http.ListenAndServe(":80", nil); err != nil {
                panic(err)
        }
}

thanks

(Xpt) #3

Found https://godoc.org/github.com/mholt/caddy/caddytls:

This package is meant to be used by Caddy server types. To use the tls directive, a server type must import this package and call RegisterConfigGetter(). The server type must make and keep track of the caddytls.Config structs that this package produces. It must also add tls to its list of directives. When it comes time to make the server instances, the server type can call MakeTLSConfig() to convert a []caddytls.Config to a single tls.Config for use in tls.NewListener(). It is also recommended to call RotateSessionTicketKeys() when starting a new listener.

UPDATE: I guess the “used by Caddy server types” means the https://godoc.org/github.com/mholt/caddy#ServerType.

Now UTSL (since ServerType don’t have any examples) to continue investing…

(Matthew Fay) #4

Hi @xpt,

You can certainly import Caddy in your main file and, for example, feed it a simple Caddyfile to proxy to your app on an internal port, maybe.

I think you want to look at CertMagic instead, though. This is the guts of Caddy’s Automatic HTTPS, provided as a library that Caddy now uses and you should be able to, as well.

https://github.com/mholt/certmagic

1 Like
(Matt Holt) #5

I too get the strong feeling you should be using CertMagic instead…

(Xpt) #6

< smile >, for sure. thank you both!

And I found it very easy to get it working. Wonderful!

Just one added question -

Do I need to care/worry about “no OCSP stapling”?

2019/05/12 22:19:00 [INFO] [my.domain.name] Server responded with a certificate.
2019/05/12 22:19:00 [WARNING] Stapling OCSP: no OCSP stapling for [my.domain.name]: parsing OCSP response: ocsp: error from server: unauthorized
2019/05/12 22:19:00 [my.domain.name] Serving HTTP->HTTPS on [::]:80 and [::]:443

Sorry for being lazy not to find out what OCSP is. I did try a quick search though and landed here -
https://godoc. org/github. com/mholt/certmagic#KeyBuilder.OCSPStaple

I’m merely using the recommended, certmagic.HTTPS([]string{"my.domain.name"}, mux), and am able to visit my site just fine though.

Thx

(Xpt) #7

Oh, just noticed that two of my posts were

as spam.

Is it done but a bot or some real human?
Both are just fine to me, I don’t know why they are triggered as spam.

(Matthew Fay) #8

It’s a bot. Looks like your posts have been manually approved, but it was occurring because you’re a new user - so I’ve set your trust level up (you’re clearly not a bot :smiley: )

(Xpt) #9

thanks @Whitestrake, :slight_smile: