Networking demystified with Go: foundations, HTTP & TLS

🔍 Workshop overview

Networking is the invisible glue that connects services, users, and data — and for Go developers, knowing how networks actually behave makes your application servers & clients more reliable, secure, and debuggable.

In this hands-on 3-hour workshop, participants (who already know Go) will learn core computer-networking concepts and map them directly to Go’s networking primitives. We’ll build a simple HTTP server-client application with structured logging, optimize it with sane configuration, and add TLS using real PKI concepts (root/intermediate CAs, signing, and client auth). Expect short theory blocks followed immediately by practical, copy-able code and live demos.

Note:

• Duration: 3 hours
• Format: In-person, hands-on
• Preferred audience: Go developers familiar with Go syntax and basic tooling, but new to network internals and PKI
• Level: Intermediate (hands-on knowledge of Go is required) - beginner-friendly on networking/PKI concepts

🧭 Agenda (3 hours)

Welcome, goal setting & environment check (10 mins)

Quick intro, repo/materials link, confirm everyone can run Go and access the example code.

1 - Networking fundamentals mapped to practice (25 mins)

• TCP/IP: what matters in practice for programmers (Application, Transport & Internet)
• Connection Tuple (protocol, src IP, src port, dst IP, dst port) — how an actual packet travels end-to-end
• What is a server vs client; egress vs ingress traffic
• Sockets vs ports vs listeners — lifetime & ephemeral port allocation

Outcome: Participants will understand the networking fundamentals.

2 - Go’s standard library for network programming (15 mins)

• net, net/http, net.Dial / net.Listen, net.Conn — what they represent relative to the networking concepts
• crypto/tls basics and how TLS maps to TCP connections
• context and slog packages and how they help debug network flows

Outcome: Clear mental model of how Go’s standard network libraries correspond to TCP/IP concepts.

Break / Quick Stretch (10 mins)

3 - Build a simple HTTP server & client (40 mins)

• Develop a minimal HTTP server and client with net.Listen, Accept, Read/Write
• Add structured logging for connections, bytes transferred, remote addresses, and connection lifecycle events
• Bind addresses, port selection, ephemeral port handling
• Sane timeouts (ReadDeadline / WriteDeadline / Idle), connection limits, graceful shutdown
• Error handling: transient vs fatal, retry/backoff

Demo: start server, connect multiple clients, show logs, demonstrate a stale connection and how timeouts solve it.

Outcome: Working HTTP server/client participants can reuse and extend.

Break / Quick Stretch (10 mins)

4 - PKI fundamentals + Add TLS to the HTTP server to make it HTTPS (40 mins)

• PKI basics: Root CA, Intermediate CA, signing flow, certificate validation, chain of trust, revocation concepts
• TLS Server vs Client authentication — when to use mTLS
• Hands-on a small ephemeral CA and sign server & client certs (demonstration using openssl CLI for simplicity)
• Integrate crypto/tls into the previously built HTTP server & client
• Build tls.Config, load certificate chains, set client cert verification mode
• Configure VerifyPeerCertificate or VerifyConnection hooks for custom validation if needed
• Best practices: TLS versions, cipher suites, session resumption considerations (practical defaults)

Demo: run the HTTPS server and connect TLS clients, show certificate errors, enable mutual TLS and validate client certs.

Outcome: Participants will integrate TLS on the HTTP server to make it HTTPS, understand cert chains, and be able to enable mTLS.

Buffer/Q&A/Troubleshooting live demos (30 mins)

Handle environment issues, dive deeper into areas attendees request, help fix local problems, recap critical code snippets.

💻 Prerequisites

• Hands-on with Go (can read & write basic Go programs; go run, go build)
• Laptop (preferably Linux / Mac or Windows WSL) with Go (1.25.2 recommended) installed and working
• Basic terminal and Git familiarity
• Optional (recommended for PKI demo): openssl or willingness to follow provided scripts that generate CA/certs

👥 Who should attend

• Backend Go developers who want to build robust networked services
• SREs / platform engineers who write small daemons or tools in Go
• Engineers who ship services behind proxies/load-balancers and want a deeper understanding of networking and TLS

📚 What participants will learn

By the end of this workshop, participants will be able to:

• Explain network fundamentals and how packets travel between hosts
• Map Go’s net and crypto/tls packages to concrete networking concepts
• Implement a simple, production-minded HTTP server and client in Go with structured logs
• Configure sensible timeouts and connection handling to avoid resource exhaustion and “stale” connections
• Generate a small PKI, sign certificates, and enable TLS and optional mutual TLS on a Go HTTP service to make it HTTPS
• Diagnose common network/TLS issues

About the instructor

Gowtham Sadasivam is Senior Staff Engineer at Acceldata with over 13 years of experience in Linux, cloud, and systems engineering. A Go enthusiast who loves working close to the metal, he enjoys demystifying complex technologies and helping developers build resilient, production-grade systems.

How to attend this workshop

This workshop is open for participation to Rootconf annual members.
This workshop is open to 30 participants only. Seats will be available on first-come-first-serve basis. 🎟️

Contact information ☎️

For inquiries about the workshop, contact +91-7676332020 or write to info@hasgeek.com