diff --git a/nats_tools/nas/README.md b/nats_tools/nas/README.md index fc48e78..29084fd 100644 --- a/nats_tools/nas/README.md +++ b/nats_tools/nas/README.md @@ -6,11 +6,14 @@ The [NATS Account Server](https://github.com/nats-io/nats-account-server) is an - an [NSC](../nsc/nsc.md) directory - memory (for testing purposes) -The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that JWT in the store have been modified, updating the NATS server with the updated JWT. +The server can operate in a _READ ONLY_ mode where it serves content from a directory, or in notification mode, where it can notify a NATS server that a JWT in the store has been modified, updating the NATS server with the updated JWT. +The server supports replica mode, which allows load balancing, fault tolerance and geographic distribution of servers. Replicas are read-only and copy JWTs from the primary based on cache invalidation or NATS notifications. + +The account server can host activation tokens as well as account JWTs. These tokens are used when one account needs to give permission to another account to access a private export. Tokens can be configured as full tokens, or URLs. By hosting them in the account server you can avoid the copy/paste process of embedding tokens. They can also be updated more easily on expiration. ### Memory Resolver For very simple installations, where JWTs are mostly static, the NATS server also supports a _Memory Resolver_ that can be configured statically in the server's configuration file. -You can learn more about how to configure the [memory resolver here](mem_resolver.md). \ No newline at end of file +You can learn more about how to configure the [memory resolver here](mem_resolver.md). diff --git a/nats_tools/nas/nas_conf.md b/nats_tools/nas/nas_conf.md index ff88e71..e9953f5 100644 --- a/nats_tools/nas/nas_conf.md +++ b/nats_tools/nas/nas_conf.md @@ -108,7 +108,8 @@ Let's take a look at the configuration options: | `operatorjwtpath` | The path to an operator JWT. Required for non-read-only servers. Only JWTs signed by the operator (or one of it's signing keys) are accepted. | | `store` | A `store` configuration block specifying store options. | | `systemaccountjwtpath` | Path to an Account JWT that should be returned as the system account. | - +| `primary` | URL for the primary, `protocol://host:port`. | +| `replicationtimeout` | Timeout, in milliseconds, used by the replica when talking to the primary, defaults to `5000`. | #### `store` Configuration @@ -157,8 +158,3 @@ Let's take a look at the configuration options: | `root` | filepath to the CA certificate. | | `cert` | filepath to the certificate. | | `cert` | filepath to the certificate key. | - - - - -