Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

📝 [Proposal]: Add support for AutoTLS / ACME #3155

Open
3 tasks done
gaby opened this issue Oct 3, 2024 · 5 comments · May be fixed by #3201
Open
3 tasks done

📝 [Proposal]: Add support for AutoTLS / ACME #3155

gaby opened this issue Oct 3, 2024 · 5 comments · May be fixed by #3201
Labels
✏️ Feature 📝 Proposal v3
Milestone
v3

Comments

@gaby
Copy link
Member

gaby commented Oct 3, 2024

Feature Proposal Description

Reduce the boilerplate of setting up AutoTLS / ACME by adding built-in support into Fiber. Similar to what Gin and Echo currently offer. We currently support this via a recipe, but we had users ask how to do this. Ideally we should integrate the code from the recipe into a new function under app similar to app.Listen() or app.Listener().

Alignment with Express API

N/a

HTTP RFC Standards Compliance

RFC 8555 - https://datatracker.ietf.org/doc/html/rfc8555/

API Stability

N/a

Feature Examples

We currently have a recipe for doing this:


package main

import (
	"crypto/tls"
	"log"

	"github.com/gofiber/fiber/v2"
	"golang.org/x/crypto/acme/autocert"
)

func main() {
	// Fiber instance
	app := fiber.New()

	// Routes
	app.Get("/", func(c *fiber.Ctx) error {
		return c.SendString("This is a secure server 👮")
	})

	// Let’s Encrypt has rate limits: https://letsencrypt.org/docs/rate-limits/
	// It's recommended to use it's staging environment to test the code:
	// https://letsencrypt.org/docs/staging-environment/

	// Certificate manager
	m := &autocert.Manager{
		Prompt: autocert.AcceptTOS,
		// Replace with your domain
		HostPolicy: autocert.HostWhitelist("example.com"),
		// Folder to store the certificates
		Cache: autocert.DirCache("./certs"),
	}

	// TLS Config
	cfg := &tls.Config{
		// Get Certificate from Let's Encrypt
		GetCertificate: m.GetCertificate,
		// By default NextProtos contains the "h2"
		// This has to be removed since Fasthttp does not support HTTP/2
		// Or it will cause a flood of PRI method logs
		// http://webconcepts.info/concepts/http-method/PRI
		NextProtos: []string{
			"http/1.1", "acme-tls/1",
		},
	}
	ln, err := tls.Listen("tcp", ":443", cfg)
	if err != nil {
		panic(err)
	}

	// Start server
	log.Fatal(app.Listener(ln))
}

Checklist:

  • I agree to follow Fiber's Code of Conduct.
  • I have searched for existing issues that describe my proposal before opening this one.
  • I understand that a proposal that does not meet these guidelines may be closed without explanation.
@gaby gaby added this to the v3 milestone Oct 3, 2024
@luk3skyw4lker
Copy link
Contributor

I've checked out gin to see how do they support this and it seems like they have a separate module to run everything smoothly according to the docs. Not sure if this is the same thing we want to support in here. Could you confirm or correct me if I'm wrong?

@gaby
Copy link
Member Author

gaby commented Oct 12, 2024

@luk3skyw4lker , @efectn is working on this. Plan is to have it built into gofiber/fiber. The golang team already provides a module for this.

@gaby
Copy link
Member Author

gaby commented Oct 12, 2024

But yes, similar to what gin/echo/hertz and other frameworks are doing. But integrated instead of a separate module. Almost any user in production or with a server exposed to the internet will use ACME, may as well support it out of the box.

@JIeJaitt
Copy link

Is ACME more likely to be used on personal websites? Corporate websites may generally not use this feature

@gaby
Copy link
Member Author

gaby commented Oct 13, 2024

@JIeJaitt Corporations and most public websites use ACME for TLS certs usually throught their Cloud provider.

LetsEncrypt is currently generating certs for over +300 million websites as of their last report in 2023

@wangjq4214 wangjq4214 linked a pull request Nov 12, 2024 that will close this issue
Draft
20 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
✏️ Feature 📝 Proposal v3
Projects
v3
Status: Todo
Milestone
v3
Development

Successfully merging a pull request may close this issue.

🔥 feat: Add support for AutoTLS / ACME wangjq4214/fiber
3 participants
@gaby @luk3skyw4lker @JIeJaitt