KalyanChakravarthy.net

Thoughts, stories and ideas.

TLS webserver server in Go

Simple HTTP Server

Getting a go webserver is incredibly simple. All it takes is this

mux := http.NewServeMux()
mux.HandleFunc("/", func(w http.ResponseWriter, r *http.Request)
s := &http.Server{
    Addr: ":8080",
    Handle: mux,
}
s.ListenAndServe()

TLS Server

If all you wanted was to run it with single certificate pair, its straight forward

s.ListenAndServeTLS("certFile", "keyFile")

TLS Server with multiple certificates

Default server.ListenAndServe is not good for running an http server with multiple certificates.

This was a particular use case I needed to solve

Now why would you want to do that?

  • Its needed for running single server for multiple domains having different certificates.
  • Public certificate for user and other private set of certificates for external or third-party services.
  • A secondary certificate as backup when primary one expires.

Achieving this with custom certificates is a bit more tricky. Here are the steps:

First, setup TLS config

tlsConfig := &tls.Config{
    NextProtos:               []string{"http/1.1"},
    MinVersion:               tls.VersionTLS10,
    SessionTicketsDisabled:   true,
    PreferServerCipherSuites: true,
}

Load certificate pairs

certPair, err := tls.LoadX509KeyPair("cert", "key")
tlsConfig.Certificates = []tlsConfig.Certificates{ certPair }

Build name to certificate mapping

tlsConfig.BuildNameToCertificate()

Create the server object and start it

tlsServer := &http.Server{
Addr:         "0.0.0.0:8080",
	Handler:      myHandler,
	TLSConfig:    tlsConfig,
	TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),
}

tlsServer.ListenAndServe()

TLS with letsencrypt

Go's nifty crypto library is built with letsencrypt's ACME (Automated Certificate Management Environment) protocol in mind.

more information about it is here - https://kalyanchakravarthy.net/blog/https-server-with-go-letsencrypt/

HTTPS server with Go + LetsEncrypt

Getting a HTTPS server started in Go using certificates from letsencrypt is incredibly easy. Just takes 3 lines of code.

Usage

The package autocert does this for you.

go get -d golang.org/x/crypto/acme/autocert 

Use it to constructs a new listener and start a server

l := autocert.NewListener("www.example.com)
s := &http.Server{}
s.Serve(l)

Full Source

package main

import (
	"fmt"
	"net/http"

	"github.com/gorilla/mux"
	"golang.org/x/crypto/acme/autocert"
)

func main() {
	// 1. proxy requests
	// 2. letsencrypt based https
	// 3. read-only mode

	addr := "kalyanchakravarthy.net"

	m := mux.NewRouter()
	m.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
		w.WriteHeader(200)
		fmt.Fprintf(w, "Hello world")
	})

	s := &http.Server{
		Handler: m,
	}

	l := autocert.NewListener(addr)

	s.Serve(l)
}

Books in 2016

A better part of 2016 was spent reading books. This obsession took shape from the company of people who liked to read, in a country where there was nothing much I could do offline without getting overwhelmed; nor could I wander around online without ultra-slow-vpns (aka China). One goal for 2016 was to finish reading atleast 25 book and I managed to reach it. A major chunk was filled by Sci-Fi.

Here are those in reverse chronological order

  1. The Martian
    Andy Weir
  2. Beacon 23: The complete Novel
    Hugh Howey
  3. Rendezvous with Rama
    Arthur C Clarke
  4. Speaker For The Dead (Ender Saga - Book 2)
    Orson Scott Card
  5. Enders Game (Ender Saga - Book 1)
    Orson Scott Card
  6. Redshirts
    John Scalzi
  7. The Last Colony (Old Man's War - Book 3)
    John Scalzi
  8. Earth Rising (Earthrise Book 3)
    Daniel Arenson
  9. Earth Lost (Earthrise Book 2)
    Daniel Arenson
  10. Earth Alone (Earthrise Book 1)
    Daniel Arenson
  11. Half Way Home
    Hugh Howey
  12. The Ghost Brigades (Old Man's War - Book 2)
    John Scalzi
  13. Old Man's War (Book 1)
    John Scalzi
  14. The Checklist Manifesto
    Atul Gawande
  15. Dust (Silo Series - Book 3)
    Hugh Howey
  16. Shift(Silo Series - Book 2)
    Hugh Howey
  17. Wool (Silo Series - Book 1)
    Hugh Howey
  18. Green Mars (Mars Trilogy - Book 3)
    Kim Stanley Robinson
  19. The Rosie Project: Don Tillman
    Graeme Simsion
  20. Blue Mars (Mars Trilogy - Book 2)
    Kim Stanley Robinson
  21. Thunder Below: The USS Barb
    Eugene B. Fluckey
  22. Red Mars ( Mars Trilogy - Book 1)
    Kim Stanley Robinson
  23. Elon Musk
    Ashlee Vance
  24. Not A Penny More, Not A Penny Less
    Jeffrey Archer
  25. The Hitchhiker's Guide to the Galaxy
    Douglas Adams

Xcode: Keyboard shortcuts for assistant editor

Most of the time I just need 2 code panes on my main monitor, for which using ⌥⌘↩ or Option-Command-↩ usually does the job. Sometimes I need to see more than 2 files on the same screen and I always keep forgetting how to do that in Xcode. Here is it on record for posterity.

There are 2 ways

  1. View -> Assistant Editor -> Add Assistant editor
  2. Command-Shift-O -> Select file -> Command+J

FFMPEG: Simple video editing

As I started shooting videos from my drone, a pattern I repeatedly see is that I want to extract bits of a video for posting. Since I can't be bothered to install dedicated video editing tools to do that, am learning how to do that in ffmpeg. Turns out it is pretty straight forward

Cut video

:::shell
$ ffmpeg -i <InputVideo.mp4>\ 
	-ss <start_from_seconds>\
	-t <end_at_seconds>\
	-c copy 
	<OutputVideo.mp4>
  • -ss start_from_seconds - this is the start time point in original video
  • -t end_at_seconds - end time point in the original video

Add Audio

This works by selecting 2 inputs and composing the output with stream selection using -map. Eg: -map 0:v selects video stream from first input. -shortest makes the output length be the shortest of the two inputs (which usually is the case for my videos). Finally we specify the OutputFile.mp4 where we want it to go.

:::shell
$ ffmpeg -i VideoInput.mp4\
	-i AudioInput.mp3\
	-map 0:v\
	-map 1:a\ 
	-c copy\
	-shortest\
	OutputFile.mp4

Adding Fadeout

Once I have the video slice with audio added, the last part to add a nice fade out effect. I prefer to start reducing the volume of audio first and then start fading video out to black. Here is a small piece of shell code that helps with that.

:::shell
# Video Fade duration in seconds
v_fade_duration=2 

# Audio fade duration
a_fade_duration=4 

# Obtain from shell or set for actual values
input_file=$1 
output_file=$2

# probe the duration to help compute actual start point in video
duration=$(ffprobe -select_streams v -show_streams "$1" 2>/dev/null |
    awk -F= '$input_file == "duration"{print $2}')
v_final_cut=$(bc -l <<< "$duration - $v_fade_duration")
a_final_cut=$(bc -l <<< "$duration - $a_fade_duration")

# magic
ffmpeg -i "$1" \
    -filter:v "fade=out:st=$v_final_cut:d=$v_fade_duration" \
    -af "afade=t=out:st=$a_final_cut:d=$a_fade_duration" \
    -c:v libx264 -crf 22 -preset veryfast -strict -2 "$output_file"

Result