SinTan1729
/
privtracker
mirror of https://github.com/SinTan1729/privtracker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

improve ssl labs rating

This commit is contained in:
Michał Adamski 2022-03-22 18:14:58 +01:00
parent a5b81eaa2a
commit e7a7db57a5
No known key found for this signature in database
GPG Key ID: 4875C0EC4DE5B18A
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
main.go
View File

@ -32,6 +32,7 @@ func main() {
app := fiber.New(config) app := fiber.New(config)
app.Use(recover.New()) app.Use(recover.New())
app.Use(myLogger()) app.Use(myLogger())
app.Use(hsts)
app.Get("/", docs) app.Get("/", docs)
app.Static("/", "docs", fiber.Static{MaxAge: 3600 * 24 * 7}) app.Static("/", "docs", fiber.Static{MaxAge: 3600 * 24 * 7})
app.Get("/dashboard", monitor.New()) app.Get("/dashboard", monitor.New())
@ -41,7 +42,7 @@ func main() {
if tls { if tls {
go redirect80(config) go redirect80(config)
split := strings.Split(domains, ",") split := strings.Split(domains, ",")
log.Fatal(app.Listener(newListener(split...))) log.Fatal(app.Listener(myListener(split...)))
} else { } else {
port := os.Getenv("PORT") port := os.Getenv("PORT")
if port == "" { if port == "" {
@ -51,7 +52,7 @@ func main() {
} }
} }
func newListener(domains ...string) net.Listener { func myListener(domains ...string) net.Listener {
homeDir, err := os.UserHomeDir() homeDir, err := os.UserHomeDir()
if err != nil { if err != nil {
panic(err) panic(err)
@ -67,6 +68,18 @@ func newListener(domains ...string) net.Listener {
NextProtos: []string{ NextProtos: []string{
"http/1.1", "acme-tls/1", "http/1.1", "acme-tls/1",
}, },
MinVersion: tls.VersionTLS12,
CipherSuites: []uint16{
tls.TLS_AES_128_GCM_SHA256,
tls.TLS_AES_256_GCM_SHA384,
tls.TLS_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,
tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
},
} }
ln, err := tls.Listen("tcp", ":443", cfg) ln, err := tls.Listen("tcp", ":443", cfg)
if err != nil { if err != nil {
@ -90,6 +103,11 @@ func myLogger() fiber.Handler {
return logger.New(loggerConfig) return logger.New(loggerConfig)
} }
func hsts(c *fiber.Ctx) error {
c.Set("Strict-Transport-Security", "max-age=31536000")
return c.Next()
}
func docs(c *fiber.Ctx) error { func docs(c *fiber.Ctx) error {
if c.Hostname() != "privtracker.com" { if c.Hostname() != "privtracker.com" {
return c.Redirect("https://privtracker.com/", fiber.StatusMovedPermanently) return c.Redirect("https://privtracker.com/", fiber.StatusMovedPermanently)