mirror of
https://github.com/taigrr/nats.docs
synced 2025-01-18 04:03:23 -08:00
Some updates taken from Alberto's closed PR.
Signed-off-by: Ivan Kozlovic <ivan@synadia.com>
This commit is contained in:
Ivan Kozlovic
parent
4f428bce64
commit
2e36c79791
@ -12,18 +12,22 @@ block in the server's configuration file like the following:
|
|||||||
```
|
```
|
||||||
websocket {
|
websocket {
|
||||||
# Specify a host and port to listen for websocket connections
|
# Specify a host and port to listen for websocket connections
|
||||||
|
#
|
||||||
# listen: "host:port"
|
# listen: "host:port"
|
||||||
|
|
||||||
# It can also be configured with individual parameters,
|
# It can also be configured with individual parameters,
|
||||||
# namely host and port.
|
# namely host and port.
|
||||||
|
#
|
||||||
# host: "hostname"
|
# host: "hostname"
|
||||||
port: 443
|
port: 443
|
||||||
|
|
||||||
# This will optionally specify what host:port for websocket
|
# This will optionally specify what host:port for websocket
|
||||||
# connections to be advertised in the cluster
|
# connections to be advertised in the cluster.
|
||||||
|
#
|
||||||
# advertise: "host:port"
|
# advertise: "host:port"
|
||||||
|
|
||||||
# TLS configuration is required by default
|
# TLS configuration is required by default
|
||||||
|
#
|
||||||
tls {
|
tls {
|
||||||
cert_file: "/path/to/cert.pem"
|
cert_file: "/path/to/cert.pem"
|
||||||
key_file: "/path/to/key.pem"
|
key_file: "/path/to/key.pem"
|
||||||
@ -31,17 +35,19 @@ websocket {
|
|||||||
|
|
||||||
# For test environments, you can disable the need for TLS
|
# For test environments, you can disable the need for TLS
|
||||||
# by explicitly setting this option to `true`
|
# by explicitly setting this option to `true`
|
||||||
|
#
|
||||||
# no_tls: true
|
# no_tls: true
|
||||||
|
|
||||||
# If same_origin is true, then the Origin header of the
|
# [Cross-origin resource sharing option](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS). When set to `true`, the HTTP origin header must match the request’s hostname.
|
||||||
# client request must match the request's Host.
|
# The default is `false`.
|
||||||
|
#
|
||||||
# same_origin: true
|
# same_origin: true
|
||||||
|
|
||||||
# This list specifies the only accepted values for
|
# [Cross-origin resource sharing option](https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS). List of accepted origins. When empty, and `same_origin` is `false`, clients from any origin are allowed to connect.
|
||||||
# the client's request Origin header. The scheme,
|
# This list specifies the only accepted values for the client's request Origin header. The scheme,
|
||||||
# host and port must match. By convention, the
|
# host and port must match. By convention, the absence of TCP port in the URL will be port 80
|
||||||
# absence of TCP port in the URL will be port 80
|
|
||||||
# for an "http://" scheme, and 443 for "https://".
|
# for an "http://" scheme, and 443 for "https://".
|
||||||
|
#
|
||||||
# allowed_origins [
|
# allowed_origins [
|
||||||
# "http://www.example.com"
|
# "http://www.example.com"
|
||||||
# "https://www.other-example.com"
|
# "https://www.other-example.com"
|
||||||
@ -50,19 +56,24 @@ websocket {
|
|||||||
# This enables support for compressed websocket frames
|
# This enables support for compressed websocket frames
|
||||||
# in the server. For compression to be used, both server
|
# in the server. For compression to be used, both server
|
||||||
# and client have to support it.
|
# and client have to support it.
|
||||||
|
#
|
||||||
# compression: true
|
# compression: true
|
||||||
|
|
||||||
# This is the total time allowed for the server to
|
# This is the total time allowed for the server to
|
||||||
# read the client request and write the response back
|
# read the client request and write the response back
|
||||||
# to the client. This includes the time needed for the
|
# to the client. This includes the time needed for the
|
||||||
# TLS handshake.
|
# TLS handshake.
|
||||||
|
#
|
||||||
# handshake_timeout: "2s"
|
# handshake_timeout: "2s"
|
||||||
|
|
||||||
# Name of the cookie, which if present in WebSocket upgrade headers,
|
# Name for an HTTP cookie, that if present will be used as a client JWT.
|
||||||
# will be treated as the JWT during CONNECT phase as long as
|
# If the client specifies a JWT in the CONNECT protocol, this option is ignored.
|
||||||
# the "jwt" field specified in the CONNECT protocol is missing or empty.
|
# The cookie should be set by the HTTP server as described [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#restrict_access_to_cookies).
|
||||||
# Note that the server needs to be running in operator mode for this
|
# This setting is useful when generating NATS `Bearer` client JWTs as the
|
||||||
# option to be used.
|
# result of some authentication mechanism. The HTTP server after correct
|
||||||
|
# authentication can issue a JWT for the user, that is set securely preventing
|
||||||
|
# access by unintended scripts. Note these JWTs must be [NATS JWTs](https://docs.nats.io/nats-server/configuration/securing_nats/jwt).
|
||||||
|
#
|
||||||
# jwt_cookie: "my_jwt_cookie_name"
|
# jwt_cookie: "my_jwt_cookie_name"
|
||||||
|
|
||||||
# If no user name is provided when a websocket client connects, will default
|
# If no user name is provided when a websocket client connects, will default
|
||||||
@ -70,6 +81,7 @@ websocket {
|
|||||||
# override, for websocket clients, any `no_auth_user` value defined in the
|
# override, for websocket clients, any `no_auth_user` value defined in the
|
||||||
# main configuration file.
|
# main configuration file.
|
||||||
# Note that this is not compatible with running the server in operator mode.
|
# Note that this is not compatible with running the server in operator mode.
|
||||||
|
#
|
||||||
# no_auth_user: "my_username_for_apps_not_providing_credentials"
|
# no_auth_user: "my_username_for_apps_not_providing_credentials"
|
||||||
|
|
||||||
# See below to know what is the normal way of limiting websocket clients
|
# See below to know what is the normal way of limiting websocket clients
|
||||||
@ -77,6 +89,7 @@ websocket {
|
|||||||
# If there are no users specified in the configuration, this simple authorization
|
# If there are no users specified in the configuration, this simple authorization
|
||||||
# block allows you to override the values that would be configured in the
|
# block allows you to override the values that would be configured in the
|
||||||
# equivalent block in the main section.
|
# equivalent block in the main section.
|
||||||
|
#
|
||||||
# authorization {
|
# authorization {
|
||||||
# # If this is specified, the client has to provide the same username
|
# # If this is specified, the client has to provide the same username
|
||||||
# # and password to be able to connect.
|
# # and password to be able to connect.
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user