A word of warning guys, I've had a look through the code and unless I've missed the obvious, there's nothing in there to change user ID; which means this would either need to be run as root, or would need to listen on a port > 1024.<p>In the case of the former, that's a huge step backwards in terms of security.<p>In the case of the latter, that would mean you'd need another reverse proxy hooked up - which would negate the need for this web server to begin with.<p>This can easily be fixed within Go though:<p><pre><code> import (
"log"
"syscall"
)
const (
user_id int = 1000
group_id int = 1000
)
func secureDaemon() {
// set group id first as you need to be root to change group
err := syscall.Setgid(group_id)
if err != nil {
log.Fatalln(err)
}
err = syscall.Setuid(user_id)
if err != nil {
log.Fatalln(err)
}
}
</code></pre>
You can also add chroot to your code if you want to be ultra paranoid:<p><pre><code> import (
"os"
)
const (
chroot_dir string = "/opt/go-webserver"
)
func chrootDaemon() {
err := os.Chdir(chroot_dir)
if err != nil {
log.Fatalln(err)
}
err = syscall.Chroot(chroot_dir)
if err != nil {
log.Fatalln(err)
}
}
</code></pre>
This will need to be done before you change your user ID (as you need root permissions to chroot) and you may need to compile the Go without CGO because some of the standard Go libraries will have SO dependencies (I found this to be the case with domain name lookups).<p>(the above code is adapted from my own Go web framework that I'm in the processes of building)
I remain not-entirely-convinced (1) by Go, but things like this are turning the tide. If it is indeed slower than nginx, it is not dramatically so. Considering the amount of time that went in to writing each, the Go version clearly "wins" from the point of view of anyone thinking of writing new code.<p>(1) I find error handling just too tedious to get right (Edit: "I find error handling _in Go_ just too tedious...")
So it's a reverse HTTP proxy, which can also serve files locally? That's an interesting thing, no doubt, but it doesn't feel like a web-server.<p>I wrote a flexible reverse proxy[0] using node.js, a year or so ago, and haven't missed the ability to serve static files directly - so I'm wondering what the use-case for that is? I guess proxying to rails, or similar?<p>0- <a href="http://steve.org.uk/Software/node-reverse-proxy/" rel="nofollow">http://steve.org.uk/Software/node-reverse-proxy/</a>
I'm very interested in this because this is the kind of web server I was planning to write for my work, but from a quick glance I didn't find HTTPS support.<p>Is HTTPS supported or planned?
Code organization question: is this a common convention in Go, to nest the main package in a subdirectory and put all of the 'modules' in different files but with the same package name?<p>(I'm more used to the Clojure namespace/filesystem symmetry, so this is somewhat new to me. I like the more shallow project tree but it's not immediately apparent where things are defined.)
json format is too limited for a web server configuration if you want to be the nginx alternative. Think about how you would represent conditional statements, how to include and reuse external configurations and how to have comments in json.