Tuesday, September 29, 2015

Day 20 - A go http/2 server example

I was really excited when i read that support for http2 is now on golang.org! I was thinking about checking out SPDY in go for a long time, but now HTTP/2 support moved one important step further.

I think its one of the "Next big Things" on the interweb (the last change to http was 18! years ago)


So i skip SPDY and go directly for HTTP/2 - this post is about how to get a first grip and test it serverside as a go html server example.

Test preparations clientside:
  1. Get a browser that has http/2 support enabled by default: Chrome Canary
  2. Download the http2 and spdy indicator addon for chrome 
  3. Test your browsers http2 support at: https://http2.akamai.com/demo
 Serverside::
  1. Cd into your GOPATH/src
  2. Run go get golang.org/x/net/http2
  3. Check if the package has been downloaded
Create, build and run:
  1. Create a new go project, name it eg. testHttp2Server
  2. Create a ssl certificate (localhost.cert and localhost.key)
    You can ether generate a self signed cert: selfsignedcertificate
    or use mine: testHttp2Server
    This two files must be in the same directory as the server binary.
  3. Code for http2Server.go:


    package main
    
    
    import (
        "fmt"
        "golang.org/x/net/http2"
        "html"
        "log"
        "net/http"
    )
    
    
    func main() {
        var srv http.Server
        http2.VerboseLogs = true
        srv.Addr = ":8080"
    
    
        // This enables http2 support
        http2.ConfigureServer(&srv, nil)
    
    
        // Plain text test handler
        // Open https://localhost:8080/randomtest
        // in your Chrome Canary browser
        http.HandleFunc("/", func(w http.ResponseWriter, r *http.Request) {
            fmt.Fprintf(w, "Hi tester %q\n", html.EscapeString(r.URL.Path))
            ShowRequestInfoHandler(w, r)
        })
    
    
        // Listen as https ssl server
        // NOTE: WITHOUT SSL IT WONT WORK!!
        // To self generate a test ssl cert/key you could go to
        // http://www.selfsignedcertificate.com/
        // or read the openssl manual
        log.Fatal(srv.ListenAndServeTLS("localhost.cert", "localhost.key"))
    }
    
    
    func ShowRequestInfoHandler(w http.ResponseWriter, r *http.Request) {
        w.Header().Set("Content-Type", "text/plain")
        fmt.Fprintf(w, "Method: %s\n", r.Method)
        fmt.Fprintf(w, "Protocol: %s\n", r.Proto)
        fmt.Fprintf(w, "Host: %s\n", r.Host)
        fmt.Fprintf(w, "RemoteAddr: %s\n", r.RemoteAddr)
        fmt.Fprintf(w, "RequestURI: %q\n", r.RequestURI)
        fmt.Fprintf(w, "URL: %#v\n", r.URL)
        fmt.Fprintf(w, "Body.ContentLength: %d (-1 means unknown)\n", r.ContentLength)
        fmt.Fprintf(w, "Close: %v (relevant for HTTP/1 only)\n", r.Close)
        fmt.Fprintf(w, "TLS: %#v\n", r.TLS)
        fmt.Fprintf(w, "\nHeaders:\n")
        r.Header.Write(w)
    }
    
    
    
    
    
    
    
    
  4. Compile:  go build http2Server.go
  5. Run the http2Server binary

Test it:
  1. Open in Chrome Canary: https://localhost:8080/kim
  2. Accept the certificate security error, continue to localhost
  3. Check if Protocol is HTTP/2.0, example output should be like:

    Hello tester "/kim"
    Method: GET
    Protocol: HTTP/2.0
    Host: localhost:8080
    ... 

NOTE: http/2 in go ONLY WORKS WITH SSL/TLS! (currently)
I not sure why, but i did not got the server to support http/2 without TLS!
This could be a clientside or serverside issue - i dont know currently.

Some discussions about this:
why-wouldnt-it-be-great-if-http-2-would-only-allow-communication-via-tls
daniel.haxx.se tls-in-http2
arstechnica http2-finished-coming-to-browsers-within-weeks

As far as i have understood it, the spec says it "should be" possible to use it without the need to buy SSL certificates:
https://http2.github.io/http2-spec/
rfc7540 - html2



Saturday, September 19, 2015

Day 19 - Upgrading to Go 1.5.1 on Win7 64

I upgraded to Go 1.5.1 from 1.4.2 today

0:) Deinstall old version of Go (doc/install)

1:) Download https://storage.googleapis.com/golang/go1.5.1.windows-amd64.msi

2:) Get worried by this message from chrome:


It says that there is something fishy with the download and could be harmful.

3:) Go on and accept it - its from google, so what ...

4:) Go to the download folder and run your virus scanner over the msi:

5:) UhOh - WTF is an Archive Bomb?









6:) Google for Archive Bomb, read Wiki about Zip_bomb

7:) Looks like its detected because of special compression used by bzip2, i feel brave today and go on installing the msi.

8.) Checking again the c:\go folder for viruses - all ok

9:)
D:\>go version
go version go1.5.1 windows/amd64 


Yeah, it works

10:) Recompiling and running some of my most important projects - no problems whatsoever.