}
s.api = api
- s.api.Logger = log.Printf
s.handler = configureAPI(api)
}
go handleInterrupt(once, s)
servers := []*http.Server{}
- wg.Add(1)
- go s.handleShutdown(wg, &servers)
if s.hasScheme(schemeUnix) {
domainSocket := new(http.Server)
// https://github.com/golang/go/tree/master/src/crypto/elliptic
CurvePreferences: []tls.CurveID{tls.CurveP256},
// Use modern tls mode https://wiki.mozilla.org/Security/Server_Side_TLS#Modern_compatibility
- NextProtos: []string{"http/1.1", "h2"},
+ NextProtos: []string{"h2", "http/1.1"},
// https://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet#Rule_-_Only_Support_Strong_Protocols
MinVersion: tls.VersionTLS12,
// These ciphersuites support Forward Secrecy: https://en.wikipedia.org/wiki/Forward_secrecy
// call custom TLS configurator
configureTLS(httpsServer.TLSConfig)
- if len(httpsServer.TLSConfig.Certificates) == 0 {
+ if len(httpsServer.TLSConfig.Certificates) == 0 && httpsServer.TLSConfig.GetCertificate == nil {
// after standard and custom config are passed, this ends up with no certificate
if s.TLSCertificate == "" {
if s.TLSCertificateKey == "" {
}(tls.NewListener(s.httpsServerL, httpsServer.TLSConfig))
}
+ wg.Add(1)
+ go s.handleShutdown(wg, &servers)
+
wg.Wait()
return nil
}
ctx, cancel := context.WithTimeout(context.TODO(), s.GracefulTimeout)
defer cancel()
+ // first execute the pre-shutdown hook
+ s.api.PreServerShutdown()
+
shutdownChan := make(chan bool)
for i := range servers {
server := servers[i]