listen: localhost:9335

tls {
  cert_file = "./configs/certs/sans/server.pem"
  key_file = "./configs/certs/sans/server-key.pem"
  ca_file = "./configs/certs/sans/ca.pem"
  verify = true
  verify_and_map = true
}

authorization {
  # Default permissions
  permissions {
    publish {
      allow = ["public.>"]
    }
    subscribe {
      allow = ["public.>"]
    }
  }

  users [
    # CN used by default if there are no SANs
    { user = "CN=www.nats.io" }

    # All permissions
    { user = "app.nats.prod", permissions = {
	publish {
	  allow = [">"]
	}
	subscribe {
	  allow = [">"]
	}
      }
    }

    # Dev certs are isolated to own sandbox but can
    # also publish to public.
    { user = "app.nats.dev", permissions = {
	publish {
	  allow = ["public.>", "sandbox.>"]
	}
	subscribe {
	  allow = ["public.>", "sandbox.>"]
	}
      }
    }
  ]
}