Back when crypto/tls was slow and net/http young, the general wisdom was to always put Go servers behind a reverse proxy like NGINX. That’s not necessary anymore!
At Cloudflare we recently experimented with exposing pure Go services to the hostile wide area network. With the Go 1.8 release, net/http and crypto/tls proved to be stable, performant and flexible.
However, the defaults are tuned for local services. In this articles we’ll see how to tune and harden a Go server for Internet exposure.
https://blog.gopheracademy.com/advent-2016/exposing-go-on-the-internet/
thoughts... 