taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

updating docs

Browse Source
This commit is contained in:
ainsley
2019-06-07 10:00:40 -05:00
parent 6958cc239e
commit 548b48b06f
156 changed files with 306 additions and 374 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/developer/security/tls.html
View File

@@ -2354,14 +2354,15 @@
<section class="normal markdown-section">
<h1 id="encrypting-connections-with-tls"><a name="encrypting-connections-with-tls" class="plugin-anchor" href="#encrypting-connections-with-tls"><i class="fa fa-link" aria-hidden="true"></i></a>Encrypting Connections with TLS</h1>
<p>While authentication limits which clients can connect, TLS can be used to check the server&#x2019;s identity and the client&#x2019;s identity and will encrypt the traffic between the two. The most secure version of TLS with NATS is to use verified client certificates. In this mode, the client can check that it trusts the certificate sent by <code>nats-server</code> but the server will also check that it trusts the certificate sent by the client. From an application&apos;s perspective connecting to a server that does not verify client certificates may appear identical. Under the covers, disabling TLS verification removes the server side check on the client&#x2019;s certificate. When started in TLS mode, <code>nats-server</code> will require all clients to connect with TLS. Moreover, if configured to connect with TLS, client libraries will fail to connect to a server without TLS.</p>
<p>While authentication limits which clients can connect, TLS can be used to check the server&#x2019;s identity and optionally the client&#x2019;s identity and will encrypt all traffic between the two. The most secure version of TLS with NATS is to use verified client certificates. In this mode, the client can check that it trusts the certificate sent by NATS system but the individual server will also check that it trusts the certificate sent by the client. From an application&apos;s perspective connecting to a server that does not verify client certificates may appear identical. Under the covers, disabling TLS verification removes the server side check on the client&#x2019;s certificate. When started in TLS mode, a <code>nats-server</code> will require all clients to connect with TLS. Moreover, if configured to connect with TLS, client libraries will fail to connect to a server without TLS.</p>
<p>The <a href="https://github.com/nats-io/java-nats-examples/tree/master/src/main/resources" target="_blank">Java examples repository</a> contains certificates for starting the server in TLS mode.</p>
<pre class="language-"><code class="lang-sh"><span class="token operator">&gt;</span> nats-server -c /src/main/resources/tls.conf
or
<span class="token operator">&gt;</span> nats-server -c /src/main/resources/tls_verify.conf
</code></pre>
<h2 id="connecting-with-tls"><a name="connecting-with-tls" class="plugin-anchor" href="#connecting-with-tls"><i class="fa fa-link" aria-hidden="true"></i></a>Connecting with TLS</h2>
<p>Connecting to a server with TLS is primarily an exercise in setting up the certificate and trust managers. For example:</p>
<p>Connecting to a server with TLS is straightforward. Most clients will automatically use TLS when connected to a NATS system using TLS. Setting up a NATS system to use TLS is primarily an exercise in setting up the certificate and trust managers.
Clients may also need additional information, for example:</p>
<div class="tab-wrap">
@@ -2808,7 +2809,7 @@ nc<span class="token punctuation">.</span><span class="token function">close</sp
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"Encrypting Connections with TLS","level":"3.4.5","depth":2,"next":{"title":"Receiving Messages","level":"3.5","depth":1,"path":"developer/receiving/intro.md","ref":"developer/receiving/intro.md","articles":[{"title":"Synchronous Subscriptions","level":"3.5.1","depth":2,"path":"developer/receiving/sync.md","ref":"developer/receiving/sync.md","articles":[]},{"title":"Asynchronous Subscriptions","level":"3.5.2","depth":2,"path":"developer/receiving/async.md","ref":"developer/receiving/async.md","articles":[]},{"title":"Unsubscribing","level":"3.5.3","depth":2,"path":"developer/receiving/unsubscribing.md","ref":"developer/receiving/unsubscribing.md","articles":[]},{"title":"Unsubscribing After N Messages","level":"3.5.4","depth":2,"path":"developer/receiving/unsub_after.md","ref":"developer/receiving/unsub_after.md","articles":[]},{"title":"Replying to a Message","level":"3.5.5","depth":2,"path":"developer/receiving/reply.md","ref":"developer/receiving/reply.md","articles":[]},{"title":"Wildcard Subscriptions","level":"3.5.6","depth":2,"path":"developer/receiving/wildcards.md","ref":"developer/receiving/wildcards.md","articles":[]},{"title":"Queue Subscriptions","level":"3.5.7","depth":2,"path":"developer/receiving/queues.md","ref":"developer/receiving/queues.md","articles":[]},{"title":"Draining Messages Before Disconnect","level":"3.5.8","depth":2,"path":"developer/receiving/drain.md","ref":"developer/receiving/drain.md","articles":[]},{"title":"Structured Data","level":"3.5.9","depth":2,"path":"developer/receiving/structure.md","ref":"developer/receiving/structure.md","articles":[]}]},"previous":{"title":"Authenticating with a Credentials File","level":"3.4.4","depth":2,"path":"developer/security/creds.md","ref":"developer/security/creds.md","articles":[]},"dir":"ltr"},"config":{"plugins":["prism","-sharing","-highlight","include-html","toggle-chapters","anchors"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{"lang":{"ascii":"markup","text":"markup"}},"include-html":{},"toggle-chapters":{},"anchors":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"developer/security/tls.md","mtime":"2019-05-31T18:06:28.938Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-06-05T22:32:29.333Z"},"basePath":"../..","book":{"language":""}});
gitbook.page.hasChanged({"page":{"title":"Encrypting Connections with TLS","level":"3.4.5","depth":2,"next":{"title":"Receiving Messages","level":"3.5","depth":1,"path":"developer/receiving/intro.md","ref":"developer/receiving/intro.md","articles":[{"title":"Synchronous Subscriptions","level":"3.5.1","depth":2,"path":"developer/receiving/sync.md","ref":"developer/receiving/sync.md","articles":[]},{"title":"Asynchronous Subscriptions","level":"3.5.2","depth":2,"path":"developer/receiving/async.md","ref":"developer/receiving/async.md","articles":[]},{"title":"Unsubscribing","level":"3.5.3","depth":2,"path":"developer/receiving/unsubscribing.md","ref":"developer/receiving/unsubscribing.md","articles":[]},{"title":"Unsubscribing After N Messages","level":"3.5.4","depth":2,"path":"developer/receiving/unsub_after.md","ref":"developer/receiving/unsub_after.md","articles":[]},{"title":"Replying to a Message","level":"3.5.5","depth":2,"path":"developer/receiving/reply.md","ref":"developer/receiving/reply.md","articles":[]},{"title":"Wildcard Subscriptions","level":"3.5.6","depth":2,"path":"developer/receiving/wildcards.md","ref":"developer/receiving/wildcards.md","articles":[]},{"title":"Queue Subscriptions","level":"3.5.7","depth":2,"path":"developer/receiving/queues.md","ref":"developer/receiving/queues.md","articles":[]},{"title":"Draining Messages Before Disconnect","level":"3.5.8","depth":2,"path":"developer/receiving/drain.md","ref":"developer/receiving/drain.md","articles":[]},{"title":"Structured Data","level":"3.5.9","depth":2,"path":"developer/receiving/structure.md","ref":"developer/receiving/structure.md","articles":[]}]},"previous":{"title":"Authenticating with a Credentials File","level":"3.4.4","depth":2,"path":"developer/security/creds.md","ref":"developer/security/creds.md","articles":[]},"dir":"ltr"},"config":{"plugins":["prism","-sharing","-highlight","include-html","toggle-chapters","anchors"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{"lang":{"ascii":"markup","text":"markup"}},"include-html":{},"toggle-chapters":{},"anchors":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"developer/security/tls.md","mtime":"2019-06-07T14:58:27.246Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-06-07T14:58:58.173Z"},"basePath":"../..","book":{"language":""}});
});
</script>
</div>