{"id":207113,"date":"2025-07-08T08:40:47","date_gmt":"2025-07-08T00:40:47","guid":{"rendered":"https:\/\/server.hk\/cnblog\/207113\/"},"modified":"2025-07-08T08:40:47","modified_gmt":"2025-07-08T00:40:47","slug":"%e6%97%a0%e9%9c%80%e4%bd%bf%e7%94%a8-http-serve-%e5%8d%b3%e5%8f%af%e6%bf%80%e6%b4%bb-go-tls-socket-%e6%9c%8d%e5%8a%a1%e5%99%a8%e6%9c%8d%e5%8a%a1","status":"publish","type":"post","link":"https:\/\/server.hk\/cnblog\/207113\/","title":{"rendered":"\u65e0\u9700\u4f7f\u7528 http.Serve \u5373\u53ef\u6fc0\u6d3b Go TLS Socket \u670d\u52a1\u5668\u670d\u52a1"},"content":{"rendered":"

<\/b> <\/p>\n

\u5f53\u524d\u4f4d\u7f6e\uff1a ><\/span> ><\/span> ><\/span> ><\/span> \u65e0\u9700\u4f7f\u7528 http.Serve \u5373\u53ef\u6fc0\u6d3b Go TLS Socket \u670d\u52a1\u5668\u670d\u52a1<\/span><\/p>\n

\u6765\u6e90\uff1astackoverflow<\/span>
\n2024-04-20 09:06:16<\/span>
\n<\/i>0\u6d4f\u89c8<\/span>
\n<\/i>\u6536\u85cf<\/span> <\/p>\n

IT\u884c\u4e1a\u76f8\u5bf9\u4e8e\u4e00\u822c\u4f20\u7edf\u884c\u4e1a\uff0c\u53d1\u5c55\u66f4\u65b0\u901f\u5ea6\u66f4\u5feb\uff0c\u4e00\u65e6\u505c\u6b62\u4e86\u5b66\u4e60\uff0c\u5f88\u5feb\u5c31\u4f1a\u88ab\u884c\u4e1a\u6240\u6dd8\u6c70\u3002\u6240\u4ee5\u6211\u4eec\u9700\u8981\u8e0f\u8e0f\u5b9e\u5b9e\u7684\u4e0d\u65ad\u5b66\u4e60\uff0c\u7cbe\u8fdb\u81ea\u5df1\u7684\u6280\u672f\uff0c\u5c24\u5176\u662f\u521d\u5b66\u8005\u3002\u4eca\u5929\u7ed9\u5927\u5bb6\u6574\u7406\u4e86\u300a\u65e0\u9700\u4f7f\u7528 http.Serve \u5373\u53ef\u6fc0\u6d3b Go TLS Socket \u670d\u52a1\u5668\u670d\u52a1\u300b\uff0c\u804a\u804a\uff0c\u6211\u4eec\u4e00\u8d77\u6765\u770b\u770b\u5427\uff01<\/p>\n

\u95ee\u9898\u5185\u5bb9
\n <\/p>\n

\u6211\u6709\u4ee5\u4e0b\u4ee3\u7801\u548c systemd \u5355\u5143\u6587\u4ef6\u3002\u6211\u60f3\u505a\u7684\u662f\u6fc0\u6d3b\u76d1\u542c\u5668\uff0c\u800c\u4e0d\u5fc5\u4f7f\u7528 http.serve \u6765\u63a5\u53d7\u548c\u63a5\u6536\u4f20\u5165\u8fde\u63a5\u3002\u5982\u679c\u6211\u5c06 ln, err := tls.listen(“tcp”, listen, config) \u66f4\u6539\u4e3a ln, err := activate.tlslistener(config) \uff0c\u6211\u8ba4\u4e3a\u53ef\u4ee5\u63a5\u6536\u6570\u636e\u7684\u552f\u4e00\u65b9\u6cd5\u662f\u4f7f\u7528 http.serve\u3002\u4f7f\u7528 ln, err := activate.tlslisteners.(config) \u65f6\u9047\u5230\u7684\u9519\u8bef\u662f ln.accept undefined (type []net.listener has no field or method accept)<\/p>\n

package main\n\nimport (\n    \"crypto\/tls\"\n    \"crypto\/x509\"\n    \"fmt\"\n    \"io\"\n    \"io\/ioutil\"\n    \"log\"\n    \"net\"\n    \"time\"\n\n    \"github.com\/coreos\/go-systemd\/daemon\"\n    \"github.com\/coreos\/go-systemd\/journal\"\n    \"github.com\/coreos\/go-systemd\/activation\"\n)\n\nfunc createServerConfig(ca, crt, key string) (*tls.Config, error) {\n    caCertPEM, err := ioutil.ReadFile(ca)\n    if err != nil {\n        return nil, err\n    }\n\n    roots := x509.NewCertPool()\n    ok := roots.AppendCertsFromPEM(caCertPEM)\n    if !ok {\n        panic(\"failed to parse root certificate\")\n    }\n\n    cert, err := tls.LoadX509KeyPair(crt, key)\n    if err != nil {\n        return nil, err\n    }\n    return &tls.Config{\n        Certificates: []tls.Certificate{cert},\n        ClientAuth:   tls.RequireAndVerifyClientCert,\n        ClientCAs:    roots,\n    }, nil\n}\n\nconst (\n    ca  = \"\/home\/ajames\/Shortcuts\/Link to MainGoFolder\/Workspace\/servicecode\/tls-server\/certs\/ca-chain.cert.pem\"\n    crt = \"\/home\/ajames\/Shortcuts\/Link to MainGoFolder\/Workspace\/servicecode\/tls-server\/certs\/tls-server2-SAN.pem\"\n    key = \"\/home\/ajames\/Shortcuts\/Link to MainGoFolder\/Workspace\/servicecode\/tls-server\/certs\/tls-server2-SAN.key\"\n    listen = \"127.0.0.1:4433\"\n)\n\nfunc main() {\n\n    if journal.Enabled() {\n        journal.Print(journal.PriInfo, \"all systems ready...\")\n    }\n\n    p := fmt.Println\n    now := time.Now()\n    p(now)\n\n    config, err := createServerConfig(ca, crt, key)\n    if err != nil {\n        log.Fatal(\"config failed: %s\", err.Error())\n    }\n\n    ln, err := tls.Listen(\"tcp\", listen, config)\n    if err != nil {\n        log.Fatal(\"listen failed: %s\", err.Error())\n    }\n    daemon.SdNotify(false, \"READY=1\")\n    log.Printf(\"listen on %s\", listen)\n\n    go func() {\n        interval, err := daemon.SdWatchdogEnabled(false)\n        if err != nil || interval == 0 {\n            return\n        }\n        for {\n            daemon.SdNotify(false, \"WATCHDOG=1\")\n            time.Sleep(interval \/ 3)\n        }\n    }()\n\n    for {\n        conn, err := ln.Accept()\n        if err != nil {\n            log.Fatal(\"accept failed: %s\", err.Error())\n            break\n        }\n        log.Printf(\"connection open: %s\", conn.RemoteAddr())\n        \/\/printConnState(conn.(*tls.Conn))\n\n        go func(c net.Conn) {\n            wr, _ := io.Copy(c, c)\n            c.Close()\n            log.Printf(\"connection close: %s, written: %d\", conn.RemoteAddr(), wr)\n        }(conn)\n    }\n}\n\n\n[Unit]\nDescription=tls server service\nAfter=network.target tls-server.socket\nRequires=tls-server.socket\n\n[Service]\nType=notify\nWatchdogSec=30s\nStandardInput=socket\nStandardError=journal\nExecStart=\/usr\/local\/bin\/tls-server\nNonBlocking=true\nRestart=on-failure\n\n[Install]\nWantedBy=multi-user.target\n\n\n[Unit]\nDescription=tls server socket\nStartLimitIntervalSec=10\nPartOf=tls-server.service\nAfter=network.target\n\n[Socket]\nListenStream=127.0.0.1:4433\nNoDelay=true\nAccept=true\nReusePort=true\nMaxConnections=200\nWritable=true\n\n[Install]\nWantedBy=sockets.target<\/pre>\n
 <\/p>\n
\u89e3\u51b3\u65b9\u6848<\/h2>\n
 <\/p>\n
I found a solution that works. The answer came from https:\/\/www.darkcoding.net\/software\/systemd-socket-activation-in-go\/.\n\nMy new code looks like this\n\npackage main\n\nimport (\n    \"crypto\/tls\"\n    \"crypto\/x509\"\n    \"fmt\"\n    \"io\"\n    \"io\/ioutil\"\n    \"log\"\n    \"net\"\n    \"os\"\n    \"strconv\"\n    \"time\"\n\n    \"github.com\/coreos\/go-systemd\/journal\"\n)\n\nfunc createServerConfig(ca, crt, key string) (*tls.Config, error) {\n    caCertPEM, err := ioutil.ReadFile(ca)\n    if err != nil {\n        return nil, err\n    }`enter code here`\n\n    roots := x509.NewCertPool()\n    ok := roots.AppendCertsFromPEM(caCertPEM)\n    if !ok {\n        panic(\"failed to parse root certificate\")\n    }\n\n    cert, err := tls.LoadX509KeyPair(crt, key)\n    if err != nil {\n        return nil, err\n    }\n    return &tls.Config{\n        Certificates: []tls.Certificate{cert},\n        ClientAuth:   tls.RequireAndVerifyClientCert,\n        ClientCAs:    roots,\n    }, nil\n}\n\nconst (\n    ca          = \"\/usr\/local\/bin\/certs\/ca-chain.cert.pem\"\n    crt         = \"\/usr\/local\/bin\/certs\/tls-server2-SAN.pem\"\n    key         = \"\/usr\/local\/bin\/certs\/tls-server2-SAN.key\"\n    BUFFER_SIZE = 1024`enter code here`\n)\n\nfunc main() {\n    if journal.Enabled() {\n        journal.Print(journal.PriInfo, \"all systems ready...\")\n    }\n\n    p := fmt.Println\n    now := time.Now()\n    p(now)\n\n    config, err := createServerConfig(ca, crt, key)\n    if err != nil {\n        log.Fatal(\"config failed: %s\", err.Error())\n    }\n    if os.Getenv(\"LISTEN_PID\") == strconv.Itoa(os.Getpid()) {\n        \/\/ systemd run\n        f := os.NewFile(3, \"from systemd\")\n        ln, err := net.FileListener(f)\n        if err != nil {\n            log.Fatal(err)\n        }\n        tlsListener := tls.NewListener(ln, config)\n        for {\n            conn, err := tlsListener.Accept()\n            if err != nil {\n                log.Fatal(\"accept failed: %s\", err.Error())\n                break\n            }\n            log.Printf(\"connection open: %s\", conn.RemoteAddr())\n            \/\/printConnState(conn.(*tls.Conn))\n            go func(c net.Conn) {\n                wr, _ := io.Copy(c, c)\n                c.Close()\n                log.Printf(\"connection close: %s, written: %d\", conn.RemoteAddr(), wr)\n            }(conn)\n        }`enter code here`\n    }\n}<\/pre>\n
\u672c\u7bc7\u5173\u4e8e\u300a\u65e0\u9700\u4f7f\u7528 http.Serve \u5373\u53ef\u6fc0\u6d3b Go TLS Socket \u670d\u52a1\u5668\u670d\u52a1\u300b\u7684\u4ecb\u7ecd\u5c31\u5230\u6b64\u7ed3\u675f\u5566\uff0c\u4f46\u662f\u5b66\u65e0\u6b62\u5883\uff0c\u60f3\u8981\u4e86\u89e3\u5b66\u4e60\u66f4\u591a\u5173\u4e8eGolang\u7684\u76f8\u5173\u77e5\u8bc6\uff0c\u8bf7\u5173\u6ce8\u516c\u4f17\u53f7\uff01<\/p>\n","protected":false},"excerpt":{"rendered":"
\u5f53\u524d\u4f4d\u7f6e\uff1a > > ...<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4925],"tags":[],"class_list":["post-207113","post","type-post","status-publish","format-standard","hentry","category-4925"],"_links":{"self":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/207113","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/comments?post=207113"}],"version-history":[{"count":0,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/posts\/207113\/revisions"}],"wp:attachment":[{"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/media?parent=207113"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/categories?post=207113"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/server.hk\/cnblog\/wp-json\/wp\/v2\/tags?post=207113"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}