Skip to content

🔥 feat: Add support for AutoTLS / ACME #3201

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 23 commits into from
Dec 10, 2024
Merged

🔥 feat: Add support for AutoTLS / ACME #3201

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
69fe09f
feat: add a simple support for app.Listen
wangjq4214 Nov 12, 2024
bd6041d
fix: fix the nil access error
wangjq4214 Nov 12, 2024
1313d58
chore: add test case for simple tls
wangjq4214 Nov 12, 2024
41e00c2
fix: align the struct
wangjq4214 Nov 12, 2024
8c0542e
chore: change the test case
wangjq4214 Nov 13, 2024
76ccb96
fix: use TLS1.2 min
wangjq4214 Nov 13, 2024
8481c5f
Merge branch 'main' into master
gaby Nov 29, 2024
bd3e06d
Fix lint issues
gaby Nov 29, 2024
a54cdf7
Fix call to os.MkdirTemp
gaby Nov 29, 2024
8228e2c
Fix test check order
gaby Nov 30, 2024
f37d22e
Merge branch 'gofiber:main' into master
wangjq4214 Dec 4, 2024
43f158b
Merge branch 'main' into master
gaby Dec 4, 2024
5a0c1cd
Merge branch 'main' into master
gaby Dec 7, 2024
2996935
Update unit-tests for ACME
gaby Dec 8, 2024
b594117
Update docs
gaby Dec 8, 2024
13cf2c1
Fix identation of whats_new examples
gaby Dec 8, 2024
90bd4cc
More updates to docs
gaby Dec 8, 2024
c3b07e9
Remove ACME tests. Add check for tlsConfig
gaby Dec 9, 2024
c80b1a2
Add ACME section to whats_new docs
gaby Dec 9, 2024
13f7aeb
Merge branch 'main' into master
gaby Dec 9, 2024
e684e1a
Update docs/whats_new.md
gaby Dec 9, 2024
12e65ec
Update fiber.md
gaby Dec 9, 2024
dc11469
Update whats_new.md
gaby Dec 9, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions go.mod
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ require (
github.com/tinylib/msgp v1.2.4
github.com/valyala/bytebufferpool v1.0.0
github.com/valyala/fasthttp v1.57.0
golang.org/x/crypto v0.28.0
)

require (
Expand Down
2 changes: 2 additions & 0 deletions go.sum
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
Expand Down
13 changes: 13 additions & 0 deletions listen.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
"github.com/gofiber/fiber/v3/log"
"github.com/mattn/go-colorable"
"github.com/mattn/go-isatty"
"golang.org/x/crypto/acme/autocert"
)

// Figlet text to show Fiber ASCII art on startup message
Expand All @@ -39,7 +40,7 @@
// ListenConfig is a struct to customize startup of Fiber.
//
// TODO: Add timeout for graceful shutdown.
type ListenConfig struct {

Check failure on line 43 in listen.go

View workflow job for this annotation

GitHub Actions / lint 

fieldalignment: struct with 128 pointer bytes could be 120 (govet)
// GracefulContext is a field to shutdown Fiber by given context gracefully.
//
// Default: nil
Expand Down Expand Up @@ -70,6 +71,7 @@
//
// Default: nil
OnShutdownSuccess func()

// Known networks are "tcp", "tcp4" (IPv4-only), "tcp6" (IPv6-only)
// WARNING: When prefork is set to true, only "tcp4" and "tcp6" can be chosen.
//
Expand All @@ -94,6 +96,12 @@
// Default : ""
CertClientFile string `json:"cert_client_file"`

// AutoCertManager is a acme manager for go crypto package.
// If you want to use acme, you have to provide it.
//
// Default : nil
AutoCertManager *autocert.Manager

// When set to true, it will not print out the «Fiber» ASCII art and listening address.
//
// Default: false
Expand Down Expand Up @@ -176,6 +184,11 @@

// Attach the tlsHandler to the config
app.SetTLSHandler(tlsHandler)
} else if cfg.AutoCertManager != nil {
tlsConfig = &tls.Config{

Check failure on line 188 in listen.go

View workflow job for this annotation

GitHub Actions / lint 

G402: TLS MinVersion too low. (gosec)
GetCertificate: cfg.AutoCertManager.GetCertificate,
NextProtos: []string{"http/1.1", "acme-tls/1"},
}
}

if cfg.TLSConfigFunc != nil {
Expand Down
70 changes: 70 additions & 0 deletions listen_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,8 @@ import (
"github.com/stretchr/testify/require"
"github.com/valyala/fasthttp"
"github.com/valyala/fasthttp/fasthttputil"
"golang.org/x/crypto/acme"
"golang.org/x/crypto/acme/autocert"
)

// go test -run Test_Listen
Expand Down Expand Up @@ -145,6 +147,38 @@ func Test_Listen_TLS(t *testing.T) {
}))
}

// go test -run Test_Listen_Acme_TLS
func Test_Listen_Acme_TLS(t *testing.T) {
// Certificate manager
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
// Replace with your domain
HostPolicy: autocert.HostWhitelist("example.com"),
// Folder to store the certificates
Cache: autocert.DirCache("./certs"),
// Define the Client for test
Client: &acme.Client{
DirectoryURL: "https://acme-staging-v02.api.letsencrypt.org/directory",
},
}

app := New()

// invalid port
require.Error(t, app.Listen(":99999", ListenConfig{
AutoCertManager: m,
}))

go func() {
time.Sleep(1000 * time.Millisecond)
assert.NoError(t, app.Shutdown())
}()

require.NoError(t, app.Listen(":0", ListenConfig{
AutoCertManager: m,
}))
}

// go test -run Test_Listen_TLS_Prefork
func Test_Listen_TLS_Prefork(t *testing.T) {
testPreforkMaster = true
Expand Down Expand Up @@ -172,6 +206,42 @@ func Test_Listen_TLS_Prefork(t *testing.T) {
}))
}

// go test -run Test_Listen_Acme_TLS_Prefork
func Test_Listen_Acme_TLS_Prefork(t *testing.T) {
// Certificate manager
m := &autocert.Manager{
Prompt: autocert.AcceptTOS,
// Replace with your domain
HostPolicy: autocert.HostWhitelist("example.com"),
// Folder to store the certificates
Cache: autocert.DirCache("./certs"),
// Define the Client for test
Client: &acme.Client{
DirectoryURL: "https://acme-staging-v02.api.letsencrypt.org/directory",
},
}

app := New()

// invalid port
require.Error(t, app.Listen(":0", ListenConfig{
DisableStartupMessage: true,
EnablePrefork: true,
AutoCertManager: m,
}))

go func() {
time.Sleep(1000 * time.Millisecond)
assert.NoError(t, app.Shutdown())
}()

require.NoError(t, app.Listen(":99999", ListenConfig{
DisableStartupMessage: true,
EnablePrefork: true,
AutoCertManager: m,
}))
}

// go test -run Test_Listen_MutualTLS
func Test_Listen_MutualTLS(t *testing.T) {
app := New()
Expand Down
Loading