It is good practice to run your go web server in a non-root environment.  However, if your web server isn’t root then it can’t bind to port 80.  One solution is to use nginx as a proxy to listen on ports 80 and 443 for http/https traffic and forward them to your go server running on a higher port such has 8000, 8080 or 9000.

 

Digital Ocean has a good tutorial on how to install Nginx.  It also has a good tutorial on setting up your SSL certificates.  I recommend using namecheap to purchase your SSL certificates.

 

Once you install Nginx you’ll need to find the http configuration file at /etc/nginx/sites-enabled/default.

 

Edit the file with the below configuration to listen to http traffic on port 80, and redirect it to port 443 for ssl.  The ssl server will then proxy the traffic to your go server running locally.  Don’t forget to replace example.com with your server name and the final location port 8080 with your server’s port.  Reload the configuration with

sudo nginx -s reload

 

You should also adjust your firewall to allow incoming traffic on port 80 and 443.  You can restrict incoming traffic to your go server to localhost:8080.  This tutorial gives a basic intro to using iptables as a firewall.

 

This configuration will also work with other web servers other than golang.

server {
	listen 80 default_server;
	listen [::]:80 default_server;

	server_name example.com www.example.com;
	return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl;

        server_name example.com www.example.com;

        ssl_certificate /root/example.com.chained.crt;
        ssl_certificate_key /root/example.com.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        location / {
                proxy_pass http://127.0.0.1:8080;
        }
}

 

Save $10 when you sign up for Digital Ocean with this link.

Nginx configuration for secure go server behind a proxy
Translate »