A high-performance SignalR server implementation in Go for real-time communication and messaging.
- Real-time Messaging: WebSocket and Server-Sent Events (SSE) support
- Group Management: Subscribe and broadcast messages to client groups
- Structured Logging: Comprehensive logging with multiple adapters (console, file, MongoDB, etc.)
- Health Monitoring: Built-in health check endpoint and heartbeat mechanism
- CORS Support: Configurable Cross-Origin Resource Sharing
- Secure Authentication: API key-based authentication with constant-time comparison
- Docker Support: Containerized deployment with multi-stage builds
- Go 1.21.4 or higher
- Docker (optional, for containerized deployment)
# Clone the repository
git clone https://github.com/mdaxf/iac-signalr.git
cd iac-signalr
# Install dependencies
go mod download
# Build the application
go build -o iac-signalrCreate a signalrconfig.json file (or copy from signalrconfig.json.example):
{
"address": "0.0.0.0:8222",
"clients": "http://127.0.0.1:8080,https://127.0.0.1:8080",
"insecureSkipVerify": false,
"appserver": {
"url": "http://127.0.0.1:8080",
"apikey": "your-secret-api-key"
},
"log": {
"adapter": "console",
"level": "info"
}
}Important: Never commit your actual configuration files with sensitive data. Use environment variables for production deployments.
The server supports the following environment variables (which override configuration file values):
SIGNALR_CONFIG: Path to configuration file (default:signalrconfig.json)SIGNALR_ADDRESS: Server listen address (e.g.,0.0.0.0:8222)SIGNALR_CLIENTS: Allowed client origins (comma-separated)SIGNALR_API_KEY: API key for authentication (recommended over config file)SIGNALR_INSECURE_SKIP_VERIFY: Set totrueto disable origin verification (not recommended for production)
# Using the binary
./iac-signalr
# Or with Go
go run .
# With environment variables
SIGNALR_API_KEY=your-secret-key SIGNALR_ADDRESS=0.0.0.0:8222 ./iac-signalr# Build the Docker image
docker build -t iac-signalr:latest .
# Run the container
docker run -d \
-p 8222:8222 \
-e SIGNALR_API_KEY=your-secret-key \
-e SIGNALR_CLIENTS=http://your-frontend.com \
--name iac-signalr \
iac-signalr:latestEndpoint: GET /health
Headers:
Authorization:apikey <your-api-key>
Response:
{
"Node": {
"Name": "iac-signalr",
"AppID": "uuid",
"Host": "hostname",
"IPAddress": "192.168.1.1",
"OS": "linux",
"Version": "1.0.0",
"Status": "Running"
},
"Result": {
"status": "healthy"
},
"timestamp": "2025-01-15T12:00:00Z"
}The IAC Message Bus hub supports the following methods:
Subscribe to a topic for receiving messages.
connection.invoke("Subscribe", topic, connectionId);Send a message to all subscribers of a topic.
connection.invoke("Send", topic, message, connectionId);Send a message specifically to backend listeners.
connection.invoke("SendToBackEnd", topic, message, connectionId);Broadcast a message to all connected clients.
connection.invoke("Broadcast", message);The server supports multiple logging adapters:
- Console: Standard output logging
- File: File-based logging with rotation
- MultiFile: Separate log files per level
- DocumentDB: MongoDB logging
- SMTP: Email notifications for critical errors
Configure logging in signalrconfig.json:
{
"log": {
"adapter": "console",
"level": "info"
}
}Log levels (from most to least severe):
emergencyalertcriticalerrorwarningnoticeinfodebug
- Always use environment variables for sensitive data (API keys, connection strings)
- Enable HTTPS in production environments
- Set
insecureSkipVerify: falsein production - Restrict CORS origins to only trusted domains
- Use strong API keys (at least 32 characters, random)
- Keep dependencies updated regularly
# Run all tests
go test ./...
# Run tests with coverage
go test -cover ./...
# Run specific package tests
go test ./signalr/...# Linux
GOOS=linux GOARCH=amd64 go build -o iac-signalr-linux
# Windows
GOOS=windows GOARCH=amd64 go build -o iac-signalr.exe
# macOS
GOOS=darwin GOARCH=amd64 go build -o iac-signalr-darwiniac-signalr/
├── signalr/ # Core SignalR protocol implementation
├── middleware/ # HTTP middleware (CORS, logging)
├── logger/ # Logging infrastructure
├── router/ # HTTP router implementations
├── public/ # Static file serving
├── client/ # Client implementations
├── chatsample/ # Example chat application
└── server.go # Main server entry point
- Check firewall rules allow traffic on the configured port
- Verify CORS settings match your client origin
- Ensure WebSocket support is enabled in your proxy/load balancer
- Verify API key is correctly set in environment or config
- Check Authorization header format:
apikey <your-key> - Ensure no whitespace or special characters in the API key
- Monitor log level - debug logging can impact performance
- Check connection limits and system resources
- Consider using load balancing for high traffic
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch
- Commit your changes with clear messages
- Add tests for new functionality
- Submit a pull request
Licensed under the Apache License, Version 2.0. See LICENSE.md for details.
For issues and questions:
- Open an issue on GitHub
- Check existing documentation and examples
- Review the chat sample application for implementation guidance
- Replaced hardcoded API keys with environment variable support
- Implemented constant-time string comparison for authentication
- Made
InsecureSkipVerifyconfigurable (defaults to false)
- Replaced verbose header logging with structured logging
- Implemented SignalRLogAdapter for go-kit compatibility
- Removed excessive debug output from production code
- Replaced deprecated
ioutilwithioandospackages - Fixed potential nil pointer dereference in GetHostandIPAddress
- Improved error handling in main() and server initialization
- Added comprehensive .gitignore
- Added complete README with examples
- Documented all configuration options
- Included security best practices
- Added troubleshooting guide