Seeking information about redirecting HTTP to HTTPS about secure HOT 4 CLOSED

Hey @amankapoor, it's definitely safe to have a single middleware with all your additional options set. The http.ListenAndServe will always redirect to the HTTPS... check out the code in secure.go. The Process(w http.ResponseWriter, r *http.Request) function does the SSL check first and will exit early if the connection is NOT secure.

One suggestion I would make is to remove the SSLProxyHeaders: map[string]string{"X-Forwarded-Proto": "https"}, option from your implementation. That is used when nginx or a load balancer is in front of your app. But since you are setting up Go to handle the SSL termination, you won't need that line. This will also prevent outsiders from trying to include the X-Forwarded-Proto header in requests in an attempt to trick your app into thinking it is on a secure connection.

If you remove that one line, your implementation looks very close to what I use in production! Let me know if this helps!

from secure.

Hi, thank you very much for the information, it really helped. Also, I would like to share that I am new to deploying, and I want to deploy my small apps on one t2.micro. So my research taught me that I need a reverse proxy like nginx to do this job. Although I have not yet started using nginx because I am spending time writing the app, but I think if I will keep X-Forwarded-Proto header intact, then it won't harm.

from secure.

Sounds good! Should this issue be closed now?

from secure.

Yeah. Thank you for the help.

from secure.