The best way (currently) to do http->https redirects is to use HSTS: https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security You may want to investigate HPKP as well. —dho On Fri, Dec 29, 2017 at 5:10 AM anmol via golang-nuts < golang-nuts@googlegroups.com> wrote: > Here is a better way to redirect from HTTPS to HTTP: > https://github.com/nhooyr/redirecthttp/blob/d87881e4fbfddb1614c9d0934ea97c4163903301/main.go#L10-L19 > > Also, you don't need a secure variable in the handler, just check for > r.TLS. > > > On Thursday, December 28, 2017 at 12:10:16 PM UTC-5, jzs wrote: >> >> For those interested in hosting multiple golang apps on the same host >> without using nginx/apache/[insert reverse proxy here]. >> >> Shameless plug. I'm the author. But without >> golang.org/x/crypto/acme/autocert it wouldn't have been possible. >> >> >> https://journal.sketchground.dk/entry/2017-11-25-minimal-reverse-proxy-in-go >> >> Any feedback is more than welcome, >> >> Thanks, >> Jens. >> > -- > You received this message because you are subscribed to the Google Groups > "golang-nuts" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to golang-nuts+unsubscr...@googlegroups.com. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
