Golang private modules conf: meta tags, git+ssh, nginx

From wikinotes

This configuration abstracts golang module path,
to provide access to private go modules over git+ssh,
by setting dynamic html meta tags using nginx.

Go builds your executable on download, you don't need to build binaries in advance!


Setup

  • private package module-paths set to example.com/x/${pkg}
  • nginx builds html meta-tag pointing to git repository when handling a request at ^example.com/x/[^]+$
  • git repository ip-address, user, identityfile all managed under the label foo in your ~/.ssh/config
  • assuming you've already setup git+ssh access to your git repositories somewhere on the internet. (see git ssh)

Workstation

Add Private URL

First, add the target URL to your $GOPRIVATE environment variable using one of the following methods: 

# ~/.config/go/env

# you could also dump this in your ~/.zshrc
GOPRIVATE="example.com/x/*"

Create Repo

// main.go

package main
import "fmt"
func main() {
	fmt.Println("hello")
}

// go.mod

module example.com/x/hello
go 1.18

git commit -m 'init'
git push

WebServer

# /usr/local/etc/nginx/nginx.conf

http {
    location / {
      root /usr/local/www/example.com;
      index index.html;
    }

    location ~ ^/x/(?<go_project>[^/]+)$ {
      root /usr/local/www/example.com;
      rewrite ^ /gopkg.html;
      sub_filter '{TARGET_PROJECT}' '$go_project'
      sub_filter_once off;
    }
}

<!-- /usr/local/www/example.com/gopkg.html -->

<html>
  <head>
    <meta name="go-import" content="example.com/x/{TARGET_PROJECT} git git+ssh://foo:/repos/{TARGET_PROJECT}">
  </head>
</html>

Package Consumers

If your package is not configured as private, you'll HTTP-410 because the checksum was never added. 

# ~/.config/go/env

GOPRIVATE="example.com/x/*"

# ~/.ssh/config

Host foo
  Hostname example.com
  IdentityFile ~/.ssh/user
  User user

go install example.com/x/hello

Troubleshooting

# is 'example/x/*' in your GOPRIVATE envvar?
go env | grep -e GOPRIVATE -e 'example/x'

# can you clone the project over ssh normally?
git clone foo:/repos/hello

# does the package/path look correct in your meta-tag?
curl https://example.com/x/foo

# debug logging
go install -v example/x/foo@latest

# debug logging for go, git+ssh
GIT_SSH_COMMAND='ssh -vvv' \
  go install -v example/x/foo@latest
Retrieved from "http://willpittman.net:8080/index.php?title=Golang_private_modules_conf:_meta_tags,_git%2Bssh,_nginx&oldid=30481"