dongyan4157 2016-02-26 01:42
浏览 151
已采纳

是否可以使用net / http在golang中托管多个域TLS?

I have multiple domain (let's say abc.com and xyz.org) with diffrent certificate. Is it possible to use key and certificate based on hostname without going deep low level and net.Listen, etc. Just using simple http.ListenAndServeTLS(...) or similar ? Basically like what nginx does.

  • 写回答

1条回答 默认 最新

  • doulu8847 2016-02-26 02:23
    关注

    BuildNameToCertificate() will sniff the hostname from the cert. If none match the SNI info it serves the [0]. https://golang.org/src/crypto/tls/common.go?s=18204:18245#L947

    package main
    
    import (
        "crypto/tls"
        "net/http"
        "time"
    
        "log"
    )
    
    func myHandler(w http.ResponseWriter, r *http.Request) {
        w.Write([]byte("tls"))
    }
    
    func main() {
        t := log.Logger{}
        var err error
        tlsConfig := &tls.Config{}
        tlsConfig.Certificates = make([]tls.Certificate, 3)
        // go http server treats the 0'th key as a default fallback key
        tlsConfig.Certificates[0], err = tls.LoadX509KeyPair("test0.pem", "key.pem")
        if err != nil {
            t.Fatal(err)
        }
        tlsConfig.Certificates[1], err = tls.LoadX509KeyPair("test1.pem", "key.pem")
        if err != nil {
            t.Fatal(err)
        }
        tlsConfig.Certificates[2], err = tls.LoadX509KeyPair("test2.pem", "key.pem")
        if err != nil {
            t.Fatal(err)
        }
        tlsConfig.BuildNameToCertificate()
    
        http.HandleFunc("/", myHandler)
        server := &http.Server{
            ReadTimeout:    10 * time.Second,
            WriteTimeout:   10 * time.Second,
            MaxHeaderBytes: 1 << 20,
            TLSConfig:      tlsConfig,
        }
    
        listener, err := tls.Listen("tcp", ":8443", tlsConfig)
        if err != nil {
            t.Fatal(err)
        }
        log.Fatal(server.Serve(listener))
    }
    
    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?