ARTICLES

Nginx configuration for secure go server behind a proxy

It is good practice to run your go web server in a non-root environment.  However, if your web server isn’t root then it can’t bind to port 80.  One solution is to use nginx as a proxy to listen on ports 80 and 443 for http/https traffic and forward them to your go server running on a higher port such has 8000, 8080 or 9000.

 

Digital Ocean has a good tutorial on how to install Nginx.  It also has a good tutorial on setting up your SSL certificates.  I recommend using namecheap to purchase your SSL certificates.

 

Once you install Nginx you’ll need to find the http configuration file at /etc/nginx/sites-enabled/default.

 

Edit the file with the below configuration to listen to http traffic on port 80, and redirect it to port 443 for ssl.  The ssl server will then proxy the traffic to your go server running locally.  Don’t forget to replace example.com with your server name and the final location port 8080 with your server’s port.  Reload the configuration with

sudo nginx -s reload

 

You should also adjust your firewall to allow incoming traffic on port 80 and 443.  You can restrict incoming traffic to your go server to localhost:8080.  This tutorial gives a basic intro to using iptables as a firewall.

 

This configuration will also work with other web servers other than golang.

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name example.com www.example.com;
    return 301 https://$server_name$request_uri;
}

server {
        listen 443 ssl;

        server_name example.com www.example.com;

        ssl_certificate /root/example.com.chained.crt;
        ssl_certificate_key /root/example.com.key;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

        location / {
                proxy_pass http://127.0.0.1:8080;
        }
}

 

Save $10 when you sign up for Digital Ocean with this link.



Our Products

Kitemetrics
Keyword level attribution for Apple Search Ads. Optimize your bids and increase your revenue. Sign up for free at kitemetrics.com.

White Noise and Deep Sleep Sounds
Calming and relaxing sounds that will help you sleep like a baby tonight.
Download for free from the App Store.
Get it on Google Play.




Our Sponsors

Get Sleepy
Get Sleepy
The free podcast that puts you to sleep with meditative bedtime stories. Listen at getsleepy.com.