gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-02 03:38:42 -07:00
Code Issues Packages Projects Releases Wiki Activity
Files
4df6c9aeb8e3d028b5ab4cfa519492aa3c594156
nats-server/test/configs/tls_cert_san_emails.conf
Waldemar Quevedo c3ee84a543 Support using SANs present in TLS cert for auth. 
Also try multiple email and SANs found in cert until one valid
otherwise, default to the subject in the cert.

```
authorization {
  users [
    { user = "app.nats.dev", permissions = {
	publish {
	  allow = ["sandbox.>"]
	}
	subscribe {
	  allow = ["sandbox.>"]
	}
      }
    }
  ]
}
```

Signed-off-by: Waldemar Quevedo <wally@synadia.com>
2019-04-20 00:59:45 +09:00

51 lines
866 B
Plaintext
Raw Blame History

listen: localhost:9336
tls {
cert_file = "./configs/certs/sans/server.pem"
key_file = "./configs/certs/sans/server-key.pem"
ca_file = "./configs/certs/sans/ca.pem"
verify = true
verify_and_map = true
}
authorization {
# Default permissions
permissions {
publish {
allow = ["public.>"]
}
subscribe {
allow = ["public.>"]
}
}
users [
# CN used by default if there are no SANs
{ user = "CN=www.nats.io" }
# All permissions
{ user = "*.app.nats.prod", permissions = {
publish {
allow = [">"]
}
subscribe {
allow = [">"]
}
}
}
# Dev certs are isolated to own sandbox but can
# also publish to public.
{ user = "root@app.nats.dev", permissions = {
publish {
allow = ["public.>", "sandbox.>"]
}
subscribe {
allow = ["public.>", "sandbox.>"]
}
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink