Skip to main content

32 posts tagged with "fiber"

View All Tags

Reverse Proxy Setup

ยท 5 min read
Fiber Team
Maintainers

You deploy your Fiber app behind Nginx. Everything works - until you check the logs. Every request comes from 127.0.0.1. Your rate limiter thinks all traffic is from one user. Your HTTPS redirect loop crashes the browser. And your geo-IP middleware thinks every visitor is in the same data center as your server.

The problem is three settings you did not configure. Fiber, by default, does not trust proxy headers - and it should not. But when you deploy behind a reverse proxy, you need to explicitly tell Fiber which headers to read and which proxies to trust.

Security Middleware Stack

ยท 6 min read
Fiber Team
Maintainers

You add helmet.New(), cors.New(), and csrf.New() to your Fiber app. Three lines of code, three middleware, done. Your app is secure.

Except it is not. The default Helmet config does not set HSTS. The default CORS config allows every origin. The default CSRF config uses insecure cookies. And the order you register them in? That matters more than you think.

Most Fiber applications in production run with at least one of these misconfigured. Here is how to set them up so they actually protect your users.

Graceful Shutdown

ยท 5 min read
Fiber Team
Maintainers

Every Go tutorial ends the same way: log.Fatal(app.Listen(":3000")). The server starts, the tutorial is done. Nobody talks about what happens when the server stops.

Here is what happens: a deploy rolls out, the process gets SIGTERM, and every request that was mid-flight - a database write, a file upload, a payment confirmation - gets killed instantly. The client sees a connection reset. The database row is half-written. The payment went through but the confirmation never reached the user.

Graceful shutdown is not a nice-to-have. It is the difference between "the deploy went fine" and "we lost three transactions during the rollout."