Add support for self-signed certs

[alexjacobson95]

Sorry I realized I should have opened a discussion before filing this issue: #205

I will repost the contents here:

I am trying to deploy this on my local infrastructure, I have my own CA which I use to host awesome tools like this at my house. I deployed this behind a TLS offloading proxy and everything loaded up perfectly right up until I hit run and:

fail to send request to playground server POST "<internal-url>/fmt": x509: certificate signed by unknown authority

Looking through the code I am guessing since the front-end is using WASM, even though my browser trusts my CA (I can load the root page without any TLS errors), the WASM binary doesn't have access to the CA file to verify the request.

Not sure the best solution here. I am not familiar enough with WASM to know how to fix this. Normally I would say just make an environment variable that you can load the CA bundle in via docker, but I think the CA bundle actually needs to be compiled into the WASM binary during the image build. Not sure the best way to accomplish that.

If someone points me in the right direction I would be more than happy to try and put a PR up. Thanks for the awesome project!

[x1unix]

@alexjacobson95 before executing any code or compiling a WASM binary on server side, you code runs through goimports.

Go imports is handled by a back-end which sends request to original Go playground (see pkg/goplay/client.go:78 ).

By default, Go playground server is https://play.golang.org, but you can try to use http protocol or spin up a custom Go playground server.

You can specify a custom Go playground server URL with APP_PLAYGROUND_URL environment variable (see the wiki)

[alexjacobson95]

Thanks @x1unix, I misunderstood what that env variable did. I set it to the same url that I deployed this tool on. If I setup my instance of go's go playground, I will likely run into the same cert issue (I don't have my proxy bound to port 80 so http isn't going to work). I am trying to avoid sending any data outside my network if possible.

What data gets sent to play.golang.org, just the import list, or the whole golang file? If it's just the import I guess I am ok with using the public go playground.

[x1unix]

@alexjacobson95 it depends on what mode you're using.

My playground supports 2 compilation modes

• Standard - Your code is formatted and executed on Go playground server
• WebAssembly - Code is formatted by Go playground server but compiled on your server as WASM binary

I'm also working on third mode that will compile and run code entirely inside web browser, but third-party dependencies will be obtained from Go modules proxy server.

Also please mention that that shared code snippets are also hosted on Go playground server. That's done intentionally to keep snippets shared on Go Playground accessible in Better Go Playground (and vice-versa).

[x1unix]

@alexjacobson95 you can specify arbitrary port in APP_PLAYGROUND_URL environment variable.

Example:

APP_PLAYGROUND_URL=http://localhost:8808

[alexjacobson95]

Very cool, that third option seems like what I am looking for. In the interim it sounds like I want to use your tool in the second mode. When you say "Code if formatted by Go playground server", that's this right: https://play.golang.org/ and not this repo?

So in mode 2, if I wanted nothing to leave my network, I would need to run this repo and play.golang.org's repo but on an http, so this repo can access it without getting an invalid tls error?

Thanks for taking the time to spell this out for me.

[x1unix]

@alexjacobson95 as a standalone solution, I would recommend you to deploy 2 Docker containers:

• Go Playground container which handle server-side code execution for default mode and snippets store.
• Better Go Playground - frontend which will use a first container as a backend.

This should be an isolated solution.

Here is an abstract docker-compose.yml example that illustrate the concept:

version: '3'
services:
  backend:
    build:
      # Dockerfile from "https://github.com/golang/playground/blob/master/Dockerfile"
      dockerfile: playground.Dockerfile
    networks:
      - go-playground
    expose:
    # Not sure what port it uses, but I believe it's 8080
      - "8080"

  frontend:
    image: x1unix/go-playground:latest
    ports:
      - "80:8000"
    env:
      - "APP_PLAYGROUND_URL=http://backend:8080"
    networks:
      - go-playground
    depends_on:
      - backend

networks:
  go-playground:
    driver: bridge