3

I am currently writing a GoLang website and would like to add SSL soon. My question is what are the advantages/disadvantages of using the built-in Golang SSL packages or should/can I just do SSL with the nginx when I use it for the reverse proxy?

Neeku
  • 3,646
  • 8
  • 33
  • 43
biw
  • 3,000
  • 4
  • 23
  • 40
  • 1
    Downvote without a comment? I love stackexchange :( – topskip Jul 16 '14 at 07:45
  • Duplicate: http://stackoverflow.com/questions/17776584/webserver-for-go-golang-webservices-using-nginx-or-not – topskip Jul 16 '14 at 07:46
  • 2
    It's not a duplicate question.. I am asking about using SSL on the server. That page asks about benefits of using nginx. I know the benefits, I was wondering if I needed to run the golang SSL package with nginx or if running ssl on nginx would do the same thing. – biw Jul 16 '14 at 07:49
  • 1
    OK, you're right. See also: http://dennisforbes.ca/index.php/2013/08/07/ten-reasons-you-should-still-use-nginx/ – topskip Jul 16 '14 at 07:50

1 Answers1

6

It is ultimately up to you, but nginx's SSL configuration is extremely configurable, battle-tested and performant.

  • nginx can provide an SSL session cache to boost performance - ssl_session_cache
  • Good cipher compatibility
  • I believe that nginx's SSL implementation is faster (more req/s and less CPU) than Go's, but have not tested this myself. This would not be surprising given maturity of the nginx project.
  • Other benefits like response caching for both proxied and static content.

The downside, of course, is that it's another moving part that requires configuration. If you are already planning to use nginx as a reverse proxy however I would use it for SSL as well.

elithrar
  • 23,364
  • 10
  • 85
  • 104
  • So I can write my go server without SSL and then just add nginx SSL and it will be just a secure as if I wrote the SSL in golang? – biw Jul 16 '14 at 07:52
  • 1
    Provided your Go service is on the same machine and is bound to localhost only (127.0.0.1, *not* 0.0.0.0) then it will be "as secure". I would look into adding Strict Transport Security headers and Content Security Policy headers to further lock things down. – elithrar Jul 16 '14 at 07:54
  • @elithrar would you be so kind in helping me to fix the nginx configuration in order to exchange data between a golang-web-server and vue.js frontend? https://stackoverflow.com/questions/61520048/how-to-exchange-data-between-go-web-server-and-vue-js-frontend-http-post-404?noredirect=1#comment108856119_61520048 – user2315094 May 13 '20 at 08:29