acme, letsencrypt and different HTTPS ports

[Sankar]

Hi

I have an EC2 vm where I want to run two go https servers on different ports.

I am using letsencrypt for the certificates and the code is like:

server1.go: log.Fatal(http.Serve(autocert.NewListener("api1.example.com"), http.DefaultServeMux))

server2.go: log.Fatal(http.Serve(autocert.NewListener("api2.example.com"), http.DefaultServeMux))

I want api1 to listen on port 443 and want api2 to listed on port 8080. Is it possible to achieve this via autocert at all ? If not, are there any other hacks to get multiple ports exposed from the same machine using letsencrypt ? I am deploying server1.go manually (via a systemd script) and server2 via a docker container, if it matters.

Any help ?

Thanks.

[Jakob Borg]

The challenge method used by autocert only supports port 80 and 443. To use a different port you will need to use the dns-01 challenge method and the ACME client manually.

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Shulhan]

Usually people use proxy in the front, and direct the traffic based on
hostname. The proxy will listen on port 80 and 443 with valid
certificate, and your backend is listened on other non root port (e.g.
9001 for api1 and 9002 for api2).

Upon receiving the incoming connection proxy will check the hostname,
if hostname is `api1.example.com`, proxy will forward the traffic to
backend at port 9001.
If hostname is `api2.example.com`, proxy will forward the traffic to
backend at port 9002.

Your server
+----------+ +-------------+ (1) +-----------+
| internet | <===> | proxy | <====> | api1:9001 |
+----------+ +-------------+ +-----------+
^^
|| +-----------+
+========> | api2:9002 |
+-----------+

Some noticeable proxy application: haproxy.

--
Shulhan