aah Server

aah server is built using Go provided http.Server. It supports HTTP, HTTPS, UNIX Socket, Let’s Encrypt cert and TLS Config. It gives a flexible way to configure server { ... } in aah.conf.

Learn Server Config, Server Extension, Access Log, Dump Request and Response.

Table of Contents


aah starts the HTTP server based on the address and port configured.


aah starts the server if server.ssl.enable is set to true with the given SSL cert and key. In HTTPS mode, aah sets the header Strict-Transport-Security with max-age=31536000; includeSubDomains. Know more about STS.

Let’s Encrypt Auto Cert

aah supports automatic Let’s Encrypt certs. To enable this functionality, set config server.ssl.lets_encrypt.enable to true. For more options, have a look at the configuration.

Note: Let's Encrypt CA does not provide certificates for localhost.

UNIX Socket

To start the aah server on UNIX socket, set server.address to socket file.


address = "unix:/tmp/myapp.sock"

TLS Config

aah HTTPS server mode is amenable in customizing TLS configuration via aah.SetTLSConfig().

func init()  {
  aah.App().SetTLSConfig(/* TLS config comes here */)

How to?

The TLS config can be added by using either of the following two ways-

  • aah.App().OnInit event - This way is better since aah.App().Config() values are readily accessible.
  • func init() { ... }
// On file <app-base-dir>/app/init.go
func init() {
  app := aah.App()

  // Using `aah.App().OnInit(...)` event
  app.OnInit(func(e *aah.Event) {
    // `aah.App().Config()` values are readily accessible

      // configure TLS

// Without using `aah.App().OnInit(...)` event
func init() {
    // configure TLS

Example: Hardening SSL Ciphers

// On file <app-base-dir>/app/init.go
func init() {
  aah.App().OnInit(func(e *aah.Event) {
    // `aah.App().Config()` values are readily accessible

    // Customizing a TLS config
    tlsCfg := &tls.Config{
      MinVersion:               tls.VersionTLS12,
      CurvePreferences:         []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},
      PreferServerCipherSuites: true,
      CipherSuites: []uint16{