taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity

Gramarly

Browse Source
This commit is contained in:
Alberto Ricart
2019-05-20 17:51:27 -05:00
parent a1c12370c2
commit 5da9b66f5e
133 changed files with 246 additions and 249 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
docs/nats_server/tls.html
View File

@@ -1857,7 +1857,7 @@
<section class="normal markdown-section">
<h2 id="tls-configuration">TLS Configuration</h2>
<p>The NATS server uses modern TLS semantics to encrypt client, route and monitoring connections.
<p>The NATS server uses modern TLS semantics to encrypt client, route, and monitoring connections.
Server configuration revolves around a <code>tls</code> map, which has the following properties:</p>
<table>
<thead>
@@ -1877,15 +1877,15 @@ Server configuration revolves around a <code>tls</code> map, which has the follo
</tr>
<tr>
<td style="text-align:left"><code>cipher_suites</code></td>
<td style="text-align:left">When set, only the specified TLS cipher suites will be allowed. Values must match golang version used to build the server.</td>
<td style="text-align:left">When set, only the specified TLS cipher suites will be allowed. Values must match the golang version used to build the server.</td>
</tr>
<tr>
<td style="text-align:left"><code>curve_preferences</code></td>
<td style="text-align:left">List of TLS cypher curves to use in order.</td>
<td style="text-align:left">List of TLS cipher curves to use in order.</td>
</tr>
<tr>
<td style="text-align:left"><code>insecure</code></td>
<td style="text-align:left">Skip certificate verfication.</td>
<td style="text-align:left">Skip certificate verification.</td>
</tr>
<tr>
<td style="text-align:left"><code>key_file</code></td>
@@ -1923,9 +1923,9 @@ Server configuration revolves around a <code>tls</code> map, which has the follo
[22242] 2019/05/16 11:22:20.216539 [DBG] 127.0.0.1:51383 - cid:1 - Starting TLS client connection handshake
[22242] 2019/05/16 11:22:20.367275 [DBG] 127.0.0.1:51383 - cid:1 - TLS handshake complete
[22242] 2019/05/16 11:22:20.367291 [DBG] 127.0.0.1:51383 - cid:1 - TLS version 1.2, cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
</code></pre><p>When a <code>tls</code> section is specified at the root of the configuration it also affects the monitoring port if <code>https_port</code> option is specified. Other sections such as <code>cluster</code> can specify a <code>tls</code> block.</p>
</code></pre><p>When a <code>tls</code> section is specified at the root of the configuration, it also affects the monitoring port if <code>https_port</code> option is specified. Other sections such as <code>cluster</code> can specify a <code>tls</code> block.</p>
<h3 id="tls-timeout">TLS Timeout</h3>
<p>The <code>timeout</code> setting enables you to control the amount of time that a client is allowed to upgrade its connection to tls. If your clients are experiencing disconnects during TLS handshake, you&apos;ll want to increase the value. However if you do be aware that a long <code>timeout</code> exposes your server to attacks where a client doesn&apos;t upgrade to TLS and thus consumes resources. Conversely, if you reduce the TLS <code>timeout</code> too much, you are likely to experience handshake errors.</p>
<p>The <code>timeout</code> setting enables you to control the amount of time that a client is allowed to upgrade its connection to tls. If your clients are experiencing disconnects during TLS handshake, you&apos;ll want to increase the value, however, if you do be aware that an extended <code>timeout</code> exposes your server to attacks where a client doesn&apos;t upgrade to TLS and thus consumes resources. Conversely, if you reduce the TLS <code>timeout</code> too much, you are likely to experience handshake errors.</p>
<pre class="language-"><code>tls: {
cert_file: &quot;./server-cert.pem&quot;
key_file: &quot;./server-key.pem&quot;
@@ -1975,7 +1975,7 @@ Server configuration revolves around a <code>tls</code> map, which has the follo
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"Enabling TLS","level":"2.5.1.1","depth":3,"next":{"title":"Authentication","level":"2.5.1.2","depth":3,"path":"nats_server/auth_intro.md","ref":"nats_server/auth_intro.md","articles":[{"title":"Tokens","level":"2.5.1.2.1","depth":4,"path":"nats_server/tokens.md","ref":"nats_server/tokens.md","articles":[]},{"title":"Username/Password","level":"2.5.1.2.2","depth":4,"path":"nats_server/username_password.md","ref":"nats_server/username_password.md","articles":[]},{"title":"TLS Authentication","level":"2.5.1.2.3","depth":4,"path":"nats_server/tls_mutual_auth.md","ref":"nats_server/tls_mutual_auth.md","articles":[]},{"title":"NKeys","level":"2.5.1.2.4","depth":4,"path":"nats_server/nkey_auth.md","ref":"nats_server/nkey_auth.md","articles":[]},{"title":"Accounts","level":"2.5.1.2.5","depth":4,"path":"nats_server/jwt_auth.md","ref":"nats_server/jwt_auth.md","articles":[]},{"title":"Authentication Timeout","level":"2.5.1.2.6","depth":4,"path":"nats_server/auth_timeout.md","ref":"nats_server/auth_timeout.md","articles":[]}]},"previous":{"title":"Securing NATS","level":"2.5.1","depth":2,"path":"nats_server/securing_nats.md","ref":"nats_server/securing_nats.md","articles":[{"title":"Enabling TLS","level":"2.5.1.1","depth":3,"path":"nats_server/tls.md","ref":"nats_server/tls.md","articles":[]},{"title":"Authentication","level":"2.5.1.2","depth":3,"path":"nats_server/auth_intro.md","ref":"nats_server/auth_intro.md","articles":[{"title":"Tokens","level":"2.5.1.2.1","depth":4,"path":"nats_server/tokens.md","ref":"nats_server/tokens.md","articles":[]},{"title":"Username/Password","level":"2.5.1.2.2","depth":4,"path":"nats_server/username_password.md","ref":"nats_server/username_password.md","articles":[]},{"title":"TLS Authentication","level":"2.5.1.2.3","depth":4,"path":"nats_server/tls_mutual_auth.md","ref":"nats_server/tls_mutual_auth.md","articles":[]},{"title":"NKeys","level":"2.5.1.2.4","depth":4,"path":"nats_server/nkey_auth.md","ref":"nats_server/nkey_auth.md","articles":[]},{"title":"Accounts","level":"2.5.1.2.5","depth":4,"path":"nats_server/jwt_auth.md","ref":"nats_server/jwt_auth.md","articles":[]},{"title":"Authentication Timeout","level":"2.5.1.2.6","depth":4,"path":"nats_server/auth_timeout.md","ref":"nats_server/auth_timeout.md","articles":[]}]},{"title":"Authorization","level":"2.5.1.3","depth":3,"path":"nats_server/authorization.md","ref":"nats_server/authorization.md","articles":[]}]},"dir":"ltr"},"config":{"plugins":["prism","-highlight","include-html","toggle-chapters"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{"lang":{"ascii":"markup","text":"markup"}},"include-html":{},"toggle-chapters":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"nats_server/tls.md","mtime":"2019-05-20T14:42:04.094Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-05-20T22:00:46.477Z"},"basePath":"..","book":{"language":""}});
gitbook.page.hasChanged({"page":{"title":"Enabling TLS","level":"2.5.1.1","depth":3,"next":{"title":"Authentication","level":"2.5.1.2","depth":3,"path":"nats_server/auth_intro.md","ref":"nats_server/auth_intro.md","articles":[{"title":"Tokens","level":"2.5.1.2.1","depth":4,"path":"nats_server/tokens.md","ref":"nats_server/tokens.md","articles":[]},{"title":"Username/Password","level":"2.5.1.2.2","depth":4,"path":"nats_server/username_password.md","ref":"nats_server/username_password.md","articles":[]},{"title":"TLS Authentication","level":"2.5.1.2.3","depth":4,"path":"nats_server/tls_mutual_auth.md","ref":"nats_server/tls_mutual_auth.md","articles":[]},{"title":"NKeys","level":"2.5.1.2.4","depth":4,"path":"nats_server/nkey_auth.md","ref":"nats_server/nkey_auth.md","articles":[]},{"title":"Accounts","level":"2.5.1.2.5","depth":4,"path":"nats_server/jwt_auth.md","ref":"nats_server/jwt_auth.md","articles":[]},{"title":"Authentication Timeout","level":"2.5.1.2.6","depth":4,"path":"nats_server/auth_timeout.md","ref":"nats_server/auth_timeout.md","articles":[]}]},"previous":{"title":"Securing NATS","level":"2.5.1","depth":2,"path":"nats_server/securing_nats.md","ref":"nats_server/securing_nats.md","articles":[{"title":"Enabling TLS","level":"2.5.1.1","depth":3,"path":"nats_server/tls.md","ref":"nats_server/tls.md","articles":[]},{"title":"Authentication","level":"2.5.1.2","depth":3,"path":"nats_server/auth_intro.md","ref":"nats_server/auth_intro.md","articles":[{"title":"Tokens","level":"2.5.1.2.1","depth":4,"path":"nats_server/tokens.md","ref":"nats_server/tokens.md","articles":[]},{"title":"Username/Password","level":"2.5.1.2.2","depth":4,"path":"nats_server/username_password.md","ref":"nats_server/username_password.md","articles":[]},{"title":"TLS Authentication","level":"2.5.1.2.3","depth":4,"path":"nats_server/tls_mutual_auth.md","ref":"nats_server/tls_mutual_auth.md","articles":[]},{"title":"NKeys","level":"2.5.1.2.4","depth":4,"path":"nats_server/nkey_auth.md","ref":"nats_server/nkey_auth.md","articles":[]},{"title":"Accounts","level":"2.5.1.2.5","depth":4,"path":"nats_server/jwt_auth.md","ref":"nats_server/jwt_auth.md","articles":[]},{"title":"Authentication Timeout","level":"2.5.1.2.6","depth":4,"path":"nats_server/auth_timeout.md","ref":"nats_server/auth_timeout.md","articles":[]}]},{"title":"Authorization","level":"2.5.1.3","depth":3,"path":"nats_server/authorization.md","ref":"nats_server/authorization.md","articles":[]}]},"dir":"ltr"},"config":{"plugins":["prism","-highlight","include-html","toggle-chapters"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{"lang":{"ascii":"markup","text":"markup"}},"include-html":{},"toggle-chapters":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"nats_server/tls.md","mtime":"2019-05-20T22:44:08.192Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-05-20T22:49:57.562Z"},"basePath":"..","book":{"language":""}});
});
</script>
</div>