欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

beego https服务重启、多证书支持

程序员文章站 2022-07-12 21:55:40
...

 app.go 

type App struct {
	Handlers *ControllerRegister
	Server   *http.Server
	HttpsServer   *http.Server
}



// NewApp returns a new beego application.
func NewApp() *App {
	cr := NewControllerRegister()
	app := &App{Handlers: cr, Server: &http.Server{},HttpsServer:&http.Server{}}
	return app
}

func ListenAndServeTLSSNI() error {
	addr := ":https"
	certs := BConfig.Listen.Certs
	BeeApp.HttpsServer = &http.Server{}
	srv :=  BeeApp.HttpsServer
	srv.Handler = BeeApp.Handlers
	config := &tls.Config{}
	if srv.TLSConfig != nil {
		*config = *srv.TLSConfig
	}
	if config.NextProtos == nil {
		config.NextProtos = []string{"http/1.1"}
	}

	var err error

	config.Certificates = make([]tls.Certificate, len(certs))
	for i, v := range certs {
		config.Certificates[i], err = tls.LoadX509KeyPair(v.CertFile, v.KeyFile)
		if err != nil {
			return err
		}
	}

	config.BuildNameToCertificate()

	conn, err := net.Listen("tcp", addr)
	if err != nil {
		return err
	}

	tlsListener := tls.NewListener(conn, config)
	err = srv.Serve(tlsListener)
	if err!=nil {
		return err
	}
	return nil
}

Config.go 

// Listen holds for http and https related config
type Listen struct {
	Graceful          bool // Graceful means use graceful module to start the server
	ServerTimeOut     int64
	ListenTCP4        bool
	EnableHTTP        bool
	HTTPAddr          string
	HTTPPort          int
	AutoTLS           bool
	Domains           []string
	TLSCacheDir       string
	EnableHTTPS       bool
	EnableMutualHTTPS bool
	HTTPSAddr         string
	HTTPSPort         int
	HTTPSCertFile     string
	HTTPSKeyFile      string
	TrustCaFile       string
	EnableAdmin       bool
	AdminAddr         string
	AdminPort         int
	EnableFcgi        bool
	EnableStdIo       bool // EnableStdIo works with EnableFcgi Use FCGI via standard I/O
	EnableCRTS		  bool
	Certs			  []Certificates
}

type Certificates struct {
	CertFile	string
	KeyFile		string
}

main.go

beego.BConfig.Listen.Certs = [
    {CertFile: "static/a.crt",KeyFile: "static/a.key"},
    {CertFile: "static/b.crt",KeyFile: "static/b.key"},
    {CertFile: "static/c.crt",KeyFile: "static/c.key"},
]
beego.Run()

//开启https 服务
beego.ListenAndServeTLSSNI();
//停止https 服务
beego.BeeApp.HttpsServer.Shutdown(nil)