Hello, could anyone help me list vulnerabilities which we have to take in mind when creating web servers with go? In simple ,host on digital ocean when running executable file" scenario. Do hosting platforms like these help developers to deal with ddos or other security problems or everything is up to dev?
They offer some security, but you may add your own firewall (close all not needed ports) and add Cloudflare support in order to increase security (and speed). And you can set Nginx in front of Go to proxy. goTask3
You don’t need any other servers in front of your Go application. Also, Go web applications are secure as your web handlers are. That means if you design carefully your web handlers basically you should not worrie.
Nope. But when serving several Go executables Nginx can be an option. https://go4webdev.org (6 Go executables)
also see https://blog.cloudflare.com/exposing-go-on-the-internet/
and https://github.com/google/go-safeweb
My first post if going to be this one haha.
You do not need anything in front of a golang web server to host but you should if you are going to use privileged ports. Reason for this is because on both Windows and Linux, you need higher rights to open ports below 1000. So if you plan on serving on port 80 or 443, your app needs to run under an account with special privileges added to it like admin/root. A safer way is to do what others have posted above, put it behind a proxy like nginx. That way your golang server can run at “least needed privilege” on any ports above 1000 while the proxy server open 80/443 to the public but proxies requests to those ports to the open corresponding ports on the server running your golang server.
This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.