crypto/tls was slow and
net/http young, the general wisdom was to always put Go servers behind a reverse proxy like NGINX. That’s not necessary anymore!
At Cloudflare we recently experimented with exposing pure Go services to the hostile wide area network. With the Go 1.8 release,
crypto/tls proved to be stable, performant and flexible.
However, the defaults are tuned for local services. In this articles we’ll see how to tune and harden a Go server for Internet exposure.