Advanced Echo Server Logo

Advanced Echo Server

Go-powered testing, load simulation & chaos engineering

Security & Protocols

Configure HTTPS (TLS), Cross-Origin Resource Sharing (CORS), and HTTP/2 (including H2C) behavior for the server.

TLS / HTTPS

Enable TLS to serve HTTPS directly. When enabled, a self-signed certificate may be generated if none is provided.

Variable Description Default
ENABLE_TLSEnable HTTPS listenerfalse
CERT_FILEPath to TLS certificate (PEM)server.crt
KEY_FILEPath to TLS private key (PEM)server.key
 
# Run with TLS (self-signed or provided certs)
ENABLE_TLS=true CERT_FILE=/path/to/server.crt KEY_FILE=/path/to/server.key \
  ./advanced-echo-server

# Test HTTPS (ignore self-signed in curl)
curl -k https://localhost:8080/health

Generate Self-Signed Certificates

Option A — OpenSSL (PEM)

# 1) Create a private key
openssl genrsa -out server.key 2048

# 2) Create a certificate signing request (CSR)
openssl req -new -key server.key -out server.csr \
  -subj "/C=US/ST=CA/L=Local/O=Dev/OU=Echo/CN=localhost"

# 3) Self-sign the certificate (valid 365 days) with SAN for localhost
cat >san.cnf <<'EOF'
subjectAltName=DNS:localhost,IP:127.0.0.1,IP:::1
EOF
openssl x509 -req -in server.csr -signkey server.key -out server.crt \
  -days 365 -extfile san.cnf -extensions SAN

# Verify
openssl x509 -in server.crt -text -noout | sed -n '1,20p'

Minimal OpenSSL SAN config

# Create a minimal openssl.cnf with SAN section
cat >openssl-san.cnf <<'EOF'
[ req ]
default_bits       = 2048
distinguished_name = req_distinguished_name
req_extensions     = v3_req
prompt             = no

[ req_distinguished_name ]
C  = US
ST = CA
L  = Local
O  = Dev
OU = Echo
CN = localhost

[ v3_req ]
subjectAltName = @alt_names

[ alt_names ]
DNS.1 = localhost
IP.1  = 127.0.0.1
IP.2  = ::1
EOF

# Generate key and self-signed cert using the config
openssl req -x509 -nodes -days 365 -newkey rsa:2048 \
  -keyout server.key -out server.crt -config openssl-san.cnf -extensions v3_req

Option B — mkcert (trusted locally)

mkcert installs a local CA and generates certs trusted by your system/browser. See mkcert docs for install instructions.

# Install mkcert (macOS example)
brew install mkcert nss  # nss for Firefox trust
mkcert -install

# Generate certs for localhost
mkcert localhost 127.0.0.1 ::1
# Outputs files like: localhost+2.pem, localhost+2-key.pem

# Use with server
ENABLE_TLS=true CERT_FILE=./localhost+2.pem KEY_FILE=./localhost+2-key.pem \
  ./advanced-echo-server

CORS

CORS allows browsers to make cross-origin requests during local testing and demos.

Variable Description Default
ENABLE_CORSEnable permissive CORS: * origin, methods, headerstrue
 
# Preflight
curl -i -X OPTIONS http://localhost:8080/ \
  -H "Origin: https://example.com" \
  -H "Access-Control-Request-Method: POST"

# Actual request
curl -i http://localhost:8080/ \
  -H "Origin: https://example.com"

Note: In production, place a reverse proxy (e.g., NGINX/Envoy) in front to enforce stricter CORS and TLS policies.

HTTP/2 and H2C

The server supports HTTP/2. When TLS is off, it upgrades handlers using H2C (cleartext HTTP/2) for local testing.

# Example: test H2C with curl (uses HTTP/1.1 by default)
curl -v http://localhost:8080/health

# Example: test HTTP/2 over TLS
curl -vk https://localhost:8080/ready