ref: 25353fa9605f9291ba526ad43cec0c074c9e7786
parent: 9365efb67d07b1c7047f5b4a527912f0c97b10cb
author: EC2 Default User <ec2-user@ip-172-31-32-134.us-east-2.compute.internal>
date: Thu Dec 5 17:31:16 PST 2019
Get ACM working correctly
--- a/router/cert.go
+++ b/router/cert.go
@@ -11,17 +11,22 @@
)
func getTlsConfig() *tls.Config {- cl := aws.NewConfig().WithRegion("us-east-2")- sess := session.Must(session.NewSession(cl))
+ sess := session.Must(session.NewSessionWithOptions(session.Options{+ Config: aws.Config{+ Region: aws.String("us-east-2"),+ },
+ Profile: "default",
+ }))
svc := acm.New(sess)
- arn := "arn:aws:acm:us-east-2:824263434500:certificate/aa0ae6e7-075a-466c-bcb5-8d7874447bcb"
- ca, err := svc.GetCertificate(&acm.GetCertificateInput{- CertificateArn: &arn,
- })
+ gci := &acm.GetCertificateInput{}+ gci.SetCertificateArn("arn:aws:acm:us-east-2:824263434500:certificate/aa0ae6e7-075a-466c-bcb5-8d7874447bcb")+ ca, err := svc.GetCertificate(gci)
+ if err != nil {+ log.Fatal(err)
+ }
caCertPool := x509.NewCertPool()
caCertPool.AppendCertsFromPEM([]byte(*ca.CertificateChain))
- // Setup HTTPS client
tlsConfig := &tls.Config{MinVersion: tls.VersionTLS12,
CurvePreferences: []tls.CurveID{tls.CurveP521, tls.CurveP384, tls.CurveP256},@@ -31,6 +36,7 @@
tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+ },
RootCAs: caCertPool,
}
tlsConfig.BuildNameToCertificate()
--- a/router/run.go
+++ b/router/run.go
@@ -34,7 +34,7 @@
mux.HandleFunc("/", d.normal)//from https://github.com/denji/golang-tls (creative commons)
srv := &http.Server{- Addr: ":4443",
+ Addr: ":8443",
Handler: mux,
TLSConfig: getTlsConfig(),
TLSNextProto: make(map[string]func(*http.Server, *tls.Conn, http.Handler), 0),