I'm trying to figure out how to get my golang app build with ìris`and the https://iris-go.com/v10/recipe#Secure57 library to achieve that. The application is hosted on GCE with a working ssl loadbalancer.
Here is my app:
s := secure.New(secure.Options{
AllowedHosts: []string{"mydomain.io"},
SSLRedirect: true,
SSLTemporaryRedirect: false,
SSLHost: "",
SSLProxyHeaders: map[string]string{"X-Forwarded-Proto": "https"},
STSSeconds: 315360000,
STSIncludeSubdomains: true,
STSPreload: true,
ForceSTSHeader: false,
FrameDeny: true,
CustomFrameOptionsValue: "SAMEORIGIN",
ContentTypeNosniff: true,
BrowserXSSFilter: true,
ContentSecurityPolicy: "default-src *; style-src *; https://fonts.googleapis.com/css?family=Roboto+Mono:400,100,300italic,300,100italic,400italic,500,500italic,700,700italic&subset=latin,cyrillic",
PublicKey: ``,
IsDevelopment: false,
})
app := iris.New()
app.Use(s.Serve)
app.Use(recover.New())
When I type mydomain.io into the browser it won't forward it to https. What is missing?
there is no case to use the secure middleware here, you just want a second web server to redirect all :80 to :443, Iris has example for that as well, take a look at: https://github.com/kataras/iris/blob/master/_examples/http-listening/listen-tls/main.go#L22
// to start a new server listening at :80 and redirects
// to the secure address, then:
target, _ := url.Parse("https://127.0.1:443")
go host.NewProxy("127.0.0.1:80", target).ListenAndServe()
// start the server (HTTPS) on port 443, this is a blocking func,
// you can use iris.AutoTLS for letsencrypt if you want so.
app.Run(iris.TLS("127.0.0.1:443", "mycert.cert", "mykey.key"))
Have fun!