It was 3 o’clock in the morning, and I looked at the screen of my computer, trying to find out why our GO application continued to go astray. Our small startup of e -commerce has just experienced its first large surge in traffic, and our hosting tuning was not ready for this. That night I changed how I thought about the deployment of GO applications forever.
The problem we have encountered
Our team has created a simple but powerful reserve management system using GO. It worked perfectly on our local cars, but when we launched it in production, we were faced with several problems:
- Random malfunctions during peak hours
- Security vulnerability that we did not consider
- Scaling problems that cost us customers
- The accounting data is accidentally disclosed in our code.
Enter Google Cloud Platform (GCP)
After this difficult night, we decided to restore our deployment process using GCP. Here is a story about how we turned our application deployment from a source of stress into a smooth, safe work.
Safe base setting
Firstly, let’s see how we structured our GO application for safe deployment. Here is the main example of our initial configuration:
`Main package
import (
“log”
“OS”
“Net/http”
“github.com/joho/godotenv”
)
FUNC Main () {
// download environmental variables
If err: = godotenv.load (); Err! = nil {
log.printf (“No .env File found”)
}
// Get a port from a variable environment
Port: = os.getenv (“port”)
If the port == “” {
Port = “8080”
}
http.handlefunc (“https://dev.to/”, handlehome)
log.printf (“initial server on Port %S”, port)
log.fatal (http.listenandServse (“:” + port, nil))
}
FUNC HANDLEHOME (W h http.responsewriter, r *http.request) {
// implement safe headlines
W.header (). SET (“X-FRAME-OPTIONS”, “DENY”)
W.header (). SET (“X-Content-Type-Options”, “Nosniff”)
W.header (). SET (“Content-Security-Policy”, “Default-SRC ‘Self'”)
W.Write ([]byte (“Welcome to our Secure Go application!”)
} `
Secret protection using the secret manager GCP
One of our biggest problems was secret management. Instead of storing confidential data in environmental variables, we switched to the head of the GCP Secret Manager:
`
import (
Secretmanager “Cloud.google.com/go/secretmanager/apiv1”
SecretManagerpb “Google.golang.org/genproto/googleapis/cloud/secretmanager/v1”
)
FUNC GetSecret (Projectid, Secret line) (line, error) {
CTX: = context.background ()
Client, ERR: = SecretManager.newclient (CTX)
If a mistake! = nil {
Return “”, a mistake
}
Defe Client.close ()
Name: = FMT.Sprintf (“Projects/%S/secrets/%S/version/last”, Projectid, Secretid)
REQ: = & SecretManagerpb.accessecretversionrequest {
Name: Name,
}
Result, ERR: = Client.accessecretversion (CTX, REQ)
If a mistake! = nil {
Return “”, a mistake
}
Return String (result.payload.data), zero
} `
Deployment in Cloud Run
We chose Cloud Run for deployment because he suggested:
- Automatic scaling
- Permanent prices for use
- Built -in security functions
- A simple deployment process
Here are our doCkerfile, which we use for deployment:
`
From the golang: 1,21-alpine
Workdir /App
Copy Go.mod Go.sum ./
Run go mod download
A copy of the field
Run Go Build -o Main.
From the alpine: The last
Workdir /App
Copy – from = 0 /App /Main.
Launch Adduser -d Appuser
Appuser user
CMD [“./main”]`
Implementation of the best security practices
We have learned to follow these key security methods:
- Always use https
- Introduce bets restriction
- Use the correct registration
- Regular safety scan
- Implement the correct authentication
Here is an example of how we realized the restriction of bets:
import (
"golang.org/x/time/rate"
"sync"
)
type IPRateLimiter struct {
ips map[string]*rate.Limiter
mu *sync.RWMutex
r rate.Limit
b int
}
func NewIPRateLimiter(r rate.Limit, b int) *IPRateLimiter {
return &IPRateLimiter{
ips: make(map[string]*rate.Limiter),
mu: &sync.RWMutex{},
r: r,
b: b,
}
}
func (i *IPRateLimiter) AddIP(ip string) *rate.Limiter {
i.mu.Lock()
defer i.mu.Unlock()
limiter := rate.NewLimiter(i.r, i.b)
i.ips[ip] = limiter
return limiter
}
func (i *IPRateLimiter) GetLimiter(ip string) *rate.Limiter {
i.mu.Lock()
limiter, exists := i.ips[ip]
if !exists {
i.mu.Unlock()
return i.AddIP(ip)
}
i.mu.Unlock()
return limiter
}
Results
After the implementation of these changes:
- Our application smoothly processed traffic
- Security vulnerability were significantly reduced
- The deployment has become a simple process
- Our team could sleep better at night!
Where can you use this?
This installation is ideal for:
- Electronic commerce platforms
- API Services
- Web appes
- Microservice
- Data processing systems
- Business automation tools
Conclusion
This incident at 3 a.m. taught us valuable lessons about the reliable deployment of applications on GO. Using GCP functions and after the best safety practices, we converted our deployment process from a stress source into a reliable system.
Remember: safety is not a one -time setting, but a continuous trip. Continue to study, continue to improve, and, most importantly, keep your applications safe.
Want to know more? Check out the official GO documentation and the GCP management for the best safety practice for more detailed information.