CODEWITHSUNDEEP
gohttpsserverwildcard-subdomainautocert
hemanth koganti
hemanth koganti

Reputation: 103

wildcard certificate support using Autocert (golang)

implementing a https go server with wildcard certificate support.

package main

import (
    "crypto/tls"
    "log"
    "net/http"
    "golang.org/x/crypto/acme/autocert"
)

func main() {
    certManager := autocert.Manager{
        Prompt:     autocert.AcceptTOS,
        HostPolicy: autocert.HostWhitelist("example.com"), //Your domain here
        Cache:      autocert.DirCache("certs"),            //Folder for storing certificates
    }

    http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
        w.Write([]byte("Hello world"))
    })

    server := &http.Server{
        Addr: ":https",
        TLSConfig: &tls.Config{
            GetCertificate: certManager.GetCertificate,
        },
    }

    go http.ListenAndServe(":http", certManager.HTTPHandler(nil))

    log.Fatal(server.ListenAndServeTLS("", "")) //Key and cert are coming from Let's Encrypt
}

couldn't figure out how to add a wildcard pattern to the hostwhitelist.

need support for "*.example.com"

Upvotes: 1

Views: 1137

Answers (1)

nikc.org
nikc.org

Reputation: 16982

The HostWhitelist doesn't support wildcards, but because a HostPolicy is merely a function, you can implement your own HostPolicy, using e.g. a regular expression:

var (
    allowedHosts      = regexp.MustCompile(`^[^.]+\.example\.com$`)
    errPolicyMismatch = errors.New("the host did not match the allowed hosts")
)

func CustomHostPolicy(_ context.Context, host string) error {
    if matches := allowedHosts.MatchString(host); !matches {
        return errPolicyMismatch
    }
    return nil
}

See demo on https://go.dev/play/p/8gGIpnl1NLs

Upvotes: 0

Related Questions