
實在有點懶得用中文來寫了… 讓我用英文寫這篇吧…
Before this..
I am learning about golang on server backend side programming via martini. I want to write a RESTful server communicate via JSON. Currently my framework as follow:
Here is the note about how I add martini-secure HTTPS in martini.
Working step with martini-secure
1. Create a SSL key using generate_cert.go
You need create your localhost SSL key (or purchase one from CA) using generate_cert.go. I am not sure how to get this package, so I just download this source code and run it locally.
go run generate_cert.go --host="localhost"
You will get file “key.pem” and “cert.pem”, just put in your web side source code.
2. Apply martini-secure in martini program.
It is very easy to add SSL as a plugin in martini, here is some code. At first I would like to host two services as follow:
- HTTP: port 8080
- HTTPS: port 8443
m := martini.Classic()
// Make sure this enable, or it will get failed.
martini.Env = martini.Prod
    
m.Use(secure.Secure(secure.Options{
	SSLRedirect: false,
	SSLHost:     "localhost:8443",
}))
m.Get("/foo", func() string {
	return "bar"
})
go func() {
	if err := http.ListenAndServe(":8080", m); err != nil {
		fmt.Println(err)
	}
}()
// HTTPS, make sure "cert.pem" and "key.pem" files are exist.
if err := http.ListenAndServeTLS(":8443", "cert.pem", "key.pem", m); err != nil {
	fmt.Println(err)
}
3. Write a client to verity it.
If it build with luck, let’s verify with some simple client code as follow:
- TLSClientConfig: true : Because we use custom SSL key, not signed by CA.
package main
import (
	"crypto/tls"
	"fmt"
	"io/ioutil"
	"net/http"
	"os"
)
func HttpsVerity(address string) {
	tr := &http.Transport{
		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
	}
	client := &http.Client{Transport: tr}
	response, err := client.Get(address)
	if err != nil {
		fmt.Printf("%s", err)
		os.Exit(1)
	} else {
		defer response.Body.Close()
		contents, err := ioutil.ReadAll(response.Body)
		if err != nil {
			fmt.Printf("%s", err)
			os.Exit(1)
		}
		fmt.Printf("%s\n", string(contents))
	}
}
func HttpVerity(address string) {
	client := &http.Client{}
	response, err := client.Get(address)
	if err != nil {
		fmt.Printf("%s", err)
		os.Exit(1)
	} else {
		defer response.Body.Close()
		contents, err := ioutil.ReadAll(response.Body)
		if err != nil {
			fmt.Printf("%s", err)
			os.Exit(1)
		}
		fmt.Printf("%s\n", string(contents))
	}
}
func main() {
	fmt.Println("HTTP")
	HttpVerity("http://localhost:8080/foo")
	fmt.Println("HTTPS")
	HttpsVerity("https://localhost:8443/foo")
}
Problems you might occur
tls: oversized record received with length 20527
- Root cause:
    - Server side SSL configuration failed, might related to key files.
 
- Solution:
    - You forget to add “http.ListenAndServeTLS” in your server side also check SSL key files if missing.
 
Cannot connect original HTTP protocol
- Root cause:
    - martini-secure default enable SSL redirect, so original HTTP protocol will redirect to HTTPS.
 
- Solution:
    - Add following code in your server side.
 
m.Use(secure.Secure(secure.Options{
	SSLRedirect: false,
}))               	
Show your web side is not secure when using web browser
- Root cause:
    - We are using custom SSL key which don’t signed by CA. So it will show error when you using browser to browse your server.
 
- Solution:
    - Buy a offcial SSL key.
 
How to deploy HTTPS on heroku using martini
It is very easy to deploy HTTPS on Heroku, using SSL Endpoint. All you need as follow:
- Enable SSL Endpoint in Heroku ($20/per month)
- Purchase a valid srt from a legal CA, and apply to Heroku.
- Assign your domain name to HTTPS host (such as XXXX..herokussl.com)
- Your application just handle HTTP request as well.
- And.. That’s done. :)
Hope you can enjoy martini as well.
