aah Server
aah server is built using Go provided http.Server
. It supports HTTP, HTTPS, UNIX Socket, Let’s Encrypt cert and TLS Config. It gives a flexible way to configure server { ... }
in aah.conf
.
Learn Server Config, Server Extension, Access Log, Dump Request and Response.
Table of Contents
HTTP
aah starts the HTTP server based on the address
and port
configured.
HTTPS
aah starts the server if server.ssl.enable
is set to true
with the given SSL cert and key. In HTTPS mode, aah sets the header Strict-Transport-Security
with max-age=31536000; includeSubDomains
. Know more about STS.
Let’s Encrypt Auto Cert
aah supports automatic Let’s Encrypt certs. To enable this functionality, set config server.ssl.lets_encrypt.enable
to true
. For more options, have a look at the configuration.
Note: Let's Encrypt CA does not provide certificates for localhost.
UNIX Socket
To start the aah server on UNIX
socket, set server.address
to socket file.
Example:
address = "unix:/tmp/myapp.sock"
TLS Config
aah HTTPS server mode is amenable in customizing TLS configuration via aah.SetTLSConfig()
.
func init() {
aah.App().SetTLSConfig(/* TLS config comes here */)
}
How to?
The TLS config can be added by using either of the following two ways-
aah.App().OnInit
event - This way is better sinceaah.App().Config()
values are readily accessible.func init() { ... }
// On file <app-base-dir>/app/init.go
func init() {
app := aah.App()
// Using `aah.App().OnInit(...)` event
app.OnInit(func(e *aah.Event) {
// `aah.App().Config()` values are readily accessible
app.SetTLSConfig(&tls.Config{
// configure TLS
})
})
}
// Without using `aah.App().OnInit(...)` event
func init() {
aah.App().SetTLSConfig(&tls.Config{
// configure TLS
})
}
Example: Hardening SSL Ciphers
// On file <app-base-dir>/app/init.go
func init() {
aah.App().OnInit(func(e *aah.Event) {
// `aah.App().Config()` values are readily accessible
// Customizing a TLS config
tlsCfg := &tls.Config{
MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
PreferServerCipherSuites: true,
CipherSuites: []uint16{
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
},
}
aah.App().SetTLSConfig(tlsCfg)
})
}