add websocket configuration

Signed-off-by: Colin Sullivan <colin@synadia.com>
2025-01-18 04:03:23 -08:00 · 2021-02-06 15:54:08 -07:00 · 2021-02-06 15:54:08 -07:00 · a4fb219bb1
commit a4fb219bb1
parent 21588b40d7
2 changed files with 61 additions and 0 deletions
--- a/SUMMARY.md
+++ b/SUMMARY.md
@ -98,6 +98,7 @@
  * [Monitoring](nats-server/configuration/monitoring.md)
  * [System Events](nats-server/configuration/sys_accounts/README.md)
    * [System Events & Decentralized JWT Tutorial](nats-server/configuration/sys_accounts/sys_accounts.md)
+  * [Websockets](nats-server/configuration/websockets.md)
 * [Managing A NATS Server](nats-server/nats_admin/README.md)
  * [Upgrading a Cluster](nats-server/nats_admin/upgrading_cluster.md)
  * [Slow Consumers](nats-server/nats_admin/slow_consumers.md)
--- a/nats-server/configuration/websockets.md
+++ b/nats-server/configuration/websockets.md
@ -0,0 +1,60 @@
+# Websocket Support
+
+*Supported since NATS server version 2.2*
+
+Websocket support can be enabled in the server and may be used alongside the
+traditional TCP socket connections.  TLS, compression and
+Origin Header checking are supported.
+
+To enable websocket support in the server, add a `websockets` configuration
+block in the server's configuration file like the following:
+
+```
+websocket {
+    # Specify a host and port to listen for websocket connections
+    # listen: "host:port"
+
+    # It can also be configured with individual parameters,
+    # namely host and port.
+    # host: "hostname"
+    # port: 4443
+
+    # This will optionally specify what host:port for websocket
+    # connections to be advertised in the cluster
+    # advertise: "host:port"
+
+    # TLS configuration is required
+    tls {
+      cert_file: "/path/to/cert.pem"
+      key_file: "/path/to/key.pem"
+    }
+
+    # If same_origin is true, then the Origin header of the
+    # client request must match the request's Host.
+    # same_origin: true
+
+    # This list specifies the only accepted values for
+    # the client's request Origin header. The scheme,
+    # host and port must match. By convention, the
+    # absence of port for an http:// scheme will be 80,
+    # and for https:// will be 443.
+    # allowed_origins [
+    #    "http://www.example.com"
+    #    "https://www.other-example.com"
+    # ]
+
+    # This enables support for compressed websocket frames
+    # in the server. For compression to be used, both server
+    # and client have to support it.
+    # compression: true
+
+    # This is the total time allowed for the server to
+    # read the client request and write the response back
+    # to the client. This includes the time needed for the
+    # TLS handshake.
+    # handshake_timeout: "2s"
+}
+```
+
+Leaf nodes support outbound websocket connections by specifying the `ws` as the
+scheme component of the remote server URL, for example `ws://hostname:4443`.