GOMODULES
/
fiber
mirror of https://github.com/gofiber/fiber.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

🔥 feat: Add support for AutoTLS / ACME (#3201) 

* feat: add a simple support for app.Listen

* fix: fix the nil access error

* chore: add test case for simple tls

* fix: align the struct

* chore: change the test case

can't passed and not chack the file yet

* fix: use TLS1.2 min

* Fix lint issues

* Fix call to os.MkdirTemp

* Fix test check order

* Update unit-tests for ACME

* Update docs

* Fix identation of whats_new examples

* More updates to docs

* Remove ACME tests. Add check for tlsConfig

* Add ACME section to whats_new docs

* Update docs/whats_new.md

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* Update fiber.md

* Update whats_new.md

---------

Co-authored-by: Juan Calderon-Perez <835733+gaby@users.noreply.github.com>
Co-authored-by: Juan Calderon-Perez <jgcalderonperez@protonmail.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
pull/3228/head^2
Jinquan Wang 2024-12-10 17:12:33 +08:00 committed by GitHub
parent 70a06c5887
commit 27cfd3c8cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
5 changed files with 262 additions and 209 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
docs/api/fiber.md
View File

@ -116,6 +116,7 @@ app.Listen(":8080", fiber.ListenConfig{
| <Reference id="onshutdownerror">OnShutdownError</Reference> | `func(err error)` | Allows to customize error behavior when gracefully shutting down the server by given signal. Prints error with `log.Fatalf()` | `nil` |
| <Reference id="onshutdownsuccess">OnShutdownSuccess</Reference> | `func()` | Allows customizing success behavior when gracefully shutting down the server by given signal. | `nil` |
| <Reference id="tlsconfigfunc">TLSConfigFunc</Reference> | `func(tlsConfig *tls.Config)` | Allows customizing `tls.Config` as you want. | `nil` |
| <Reference id="autocertmanager">AutoCertManager</Reference> | `func(tlsConfig *tls.Config)` | Manages TLS certificates automatically using the ACME protocol. Enables integration with Let's Encrypt or other ACME-compatible providers. | `nil` |
### Listen
@ -166,6 +167,25 @@ app.Listen(":443", fiber.ListenConfig{CertClientFile: "./ca-chain-cert.pem"})
app.Listen(":443", fiber.ListenConfig{CertFile: "./cert.pem", CertKeyFile: "./cert.key", CertClientFile: "./ca-chain-cert.pem"})
```
#### TLS AutoCert support (ACME / Let's Encrypt)
Provides automatic access to certificates management from Let's Encrypt and any other ACME-based providers.
```go title="Examples"
// Certificate manager
certManager := &autocert.Manager{
Prompt: autocert.AcceptTOS,
// Replace with your domain name
HostPolicy: autocert.HostWhitelist("example.com"),
// Folder to store the certificates
Cache: autocert.DirCache("./certs"),
}
app.Listen(":444", fiber.ListenConfig{
AutoCertManager: certManager,
})
```
### Listener
You can pass your own [`net.Listener`](https://pkg.go.dev/net/#Listener) using the `Listener` method. This method can be used to enable **TLS/HTTPS** with a custom tls.Config.

32
docs/whats_new.md
View File

@ -130,6 +130,25 @@ In this example, a custom context `CustomCtx` is created with an additional meth
</details>
#### TLS AutoCert support (ACME / Let's Encrypt)
We have added native support for automatic certificates management from Let's Encrypt and any other ACME-based providers.
```go
// Certificate manager
certManager := &autocert.Manager{
Prompt: autocert.AcceptTOS,
// Replace with your domain name
HostPolicy: autocert.HostWhitelist("example.com"),
// Folder to store the certificates
Cache: autocert.DirCache("./certs"),
}
app.Listen(":444", fiber.ListenConfig{
AutoCertManager: certManager,
})
```
## 🗺 Router
We have slightly adapted our router interface
@ -340,7 +359,7 @@ testConfig := fiber.TestConfig{
### SendStreamWriter
In v3, we added support for buffered streaming by providing the new method `SendStreamWriter()`.
In v3, we introduced support for buffered streaming with the addition of the `SendStreamWriter` method:
```go
func (c Ctx) SendStreamWriter(streamWriter func(w *bufio.Writer))
@ -553,7 +572,6 @@ func main() {
app.Listen(":3000")
}
```
```sh
@ -590,7 +608,6 @@ func main() {
```
```sh
curl "http://localhost:3000/query?age=25"
# Output: 25
@ -902,9 +919,9 @@ app.Route("/api").Route("/user/:id?")
### 🗺 RebuildTree
We have added a new method that allows the route tree stack to be rebuilt in runtime, with it, you can add a route while your application is running and rebuild the route tree stack to make it registered and available for calls.
We introduced a new method that enables rebuilding the route tree stack at runtime. This allows you to add routes dynamically while your application is running and update the route tree to make the new routes available for use.
You can find more reference on it in the [app](./api/app.md#rebuildtree):
For more details, refer to the [app documentation](./api/app.md#rebuildtree):
#### Example Usage
@ -920,10 +937,9 @@ app.Get("/define", func(c Ctx) error { // Define a new route dynamically
})
```
In this example, a new route is defined and then `RebuildTree()` is called to make sure the new route is registered and available.
In this example, a new route is defined, and `RebuildTree()` is called to ensure the new route is registered and available.
**Note:** Use this method with caution. It is **not** thread-safe and calling it can be very performance-intensive, so it should be used sparingly and only in
development mode. Avoid using it concurrently.
Note: Use this method with caution. It is **not** thread-safe and can be very performance-intensive. Therefore, it should be used sparingly and primarily in development mode. It should not be invoke concurrently.
### 🧠 Context

1
go.mod
View File

@ -12,6 +12,7 @@ require (
github.com/tinylib/msgp v1.2.5
github.com/valyala/bytebufferpool v1.0.0
github.com/valyala/fasthttp v1.57.0
golang.org/x/crypto v0.28.0
)
require (

2
go.sum
View File

@ -35,6 +35,8 @@ github.com/x448/float16 v0.8.4 h1:qLwI1I70+NjRFUR3zs1JPUCgaCXSh3SW62uAKT1mSBM=
github.com/x448/float16 v0.8.4/go.mod h1:14CWIYCyZA/cWjXOioeEpHeN/83MdbZDRQHoFcYsOfg=
github.com/xyproto/randomstring v1.0.5 h1:YtlWPoRdgMu3NZtP45drfy1GKoojuR7hmRcnhZqKjWU=
github.com/xyproto/randomstring v1.0.5/go.mod h1:rgmS5DeNXLivK7YprL0pY+lTuhNQW3iGxZ18UQApw/E=
golang.org/x/crypto v0.28.0 h1:GBDwsMXVQi34v5CCYUm2jkJvu4cbtru2U4TN2PSyQnw=
golang.org/x/crypto v0.28.0/go.mod h1:rmgy+3RHxRZMyY0jjAJShp2zgEdOqj2AO7U0pYmeQ7U=
golang.org/x/net v0.30.0 h1:AcW1SDZMkb8IpzCdQUaIq2sP4sZ4zw+55h6ynffypl4=
golang.org/x/net v0.30.0/go.mod h1:2wGyMJ5iFasEhkwi13ChkO/t1ECNC4X4eBKkVFyYFlU=
golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=

16
listen.go
View File

@ -23,6 +23,7 @@ import (
"github.com/gofiber/fiber/v3/log"
"github.com/mattn/go-colorable"
"github.com/mattn/go-isatty"
"golang.org/x/crypto/acme/autocert"
)
// Figlet text to show Fiber ASCII art on startup message
@ -69,6 +70,13 @@ type ListenConfig struct {
//
// Default: nil
OnShutdownSuccess func()
// AutoCertManager manages TLS certificates automatically using the ACME protocol,
// Enables integration with Let's Encrypt or other ACME-compatible providers.
//
// Default: nil
AutoCertManager *autocert.Manager `json:"auto_cert_manager"`
// Known networks are "tcp", "tcp4" (IPv4-only), "tcp6" (IPv6-only)
// WARNING: When prefork is set to true, only "tcp4" and "tcp6" can be chosen.
//
@ -183,9 +191,15 @@ func (app *App) Listen(addr string, config ...ListenConfig) error {
// Attach the tlsHandler to the config
app.SetTLSHandler(tlsHandler)
} else if cfg.AutoCertManager != nil {
tlsConfig = &tls.Config{
MinVersion: tls.VersionTLS12,
GetCertificate: cfg.AutoCertManager.GetCertificate,
NextProtos: []string{"http/1.1", "acme-tls/1"},
}
}
if cfg.TLSConfigFunc != nil {
if tlsConfig != nil && cfg.TLSConfigFunc != nil {
cfg.TLSConfigFunc(tlsConfig)
}