Merge pull request #31 from nats-io/nats-server-resolver

added an intro on resolvers with links to other documents and tooling
2025-01-18 04:03:23 -08:00 · 2020-01-06 16:06:44 -06:00 · 2020-01-06 16:06:44 -06:00 · aeab3ad722
commit aeab3ad722
parent a5ebd61e87 370550b31f
2 changed files with 34 additions and 1 deletions
--- a/nats-server/configuration/README.md
+++ b/nats-server/configuration/README.md
@ -127,7 +127,7 @@ authorization: {
 | [`ping_interval`]() | Interval in seconds in which the server checks if a connection is active |
 | `port` | Port for client connections |
 | `reconnect_error_reports` | Number of failed attempt to reconnect a route, gateway or leaf node connection. Default is to report every attempt. |
-| [`resolver`](../../nats-tools/nsc/nsc.md#nats-server-configuration) | Resolver type `MEMORY` or `URL` for account JWTs |
+| [`resolver`]() | Resolver type `MEMORY` or `URL` for account JWTs |
 | [`tls`](securing_nats/tls.md#tls-configuration) | Configuration map for tls for client and http monitoring |
 | `trace` | If `true` enable protocol trace log messages |
 | `write_deadline` | Maximum number of seconds the server will block when writing a to a client \(slow consumer\) |
--- a/nats-server/configuration/resolver.md
+++ b/nats-server/configuration/resolver.md
@ -0,0 +1,33 @@
 # resolver
 The `resolver` configuration option is used in conjunction with [NATS JWT Authentication](securing_nats/auth_intro/jwt_auth.md) and [nsc](../../nats-tools/nsc/nsc). The `resolver` option specifies a URL where the nats-server can retrieve an account JWT. There are two built-in resolver implementations:
 - `URL`
 - `MEMORY`
 ## URL Resolver
 The `URL` resolver specifies a URL where the server can append an account public key to retrieve that account's JWT. Convention for [NATS Account JWT Servers](../../nats-tools/nas) is to serve JWTs at: `http://localhost:9090/jwt/v1/accounts/`. For such a configuration you would specify the resolver as follows:
 ```yaml
 resolver: URL(http://localhost:9090/jwt/v1/accounts/)
 ```
 Note that if you are not using a nats-account-server, the URL can be anything as long as by appending the public key for an account, the requested JWT is returned.
 For more information on how to configure an account server, see [NATS Account JWT Server](../../nats-tools/nas).
 ## MEMORY
 The `MEMORY` resolver is statically configured in the server's configuration file. The memory resolver makes use of the `resolver_preload` directive, which specifies a map of a public key to an account JWT:
 ```yaml
 resolver: MEMORY
 resolver_preload: {
 ACSU3Q6LTLBVLGAQUONAGXJHVNWGSKKAUA7IY5TB4Z7PLEKSR5O6JTGR: eyJ0eXAiOiJqd3QiLCJhbGciOiJlZDI1NTE5In0.eyJqdGkiOiJPRFhJSVI2Wlg1Q1AzMlFJTFczWFBENEtTSDYzUFNNSEZHUkpaT05DR1RLVVBISlRLQ0JBIiwiaWF0IjoxNTU2NjU1Njk0LCJpc3MiOiJPRFdaSjJLQVBGNzZXT1dNUENKRjZCWTRRSVBMVFVJWTRKSUJMVTRLM1lERzNHSElXQlZXQkhVWiIsIm5hbWUiOiJBIiwic3ViIjoiQUNTVTNRNkxUTEJWTEdBUVVPTkFHWEpIVk5XR1NLS0FVQTdJWTVUQjRaN1BMRUtTUjVPNkpUR1IiLCJ0eXBlIjoiYWNjb3VudCIsIm5hdHMiOnsibGltaXRzIjp7InN1YnMiOi0xLCJjb25uIjotMSwibGVhZiI6LTEsImltcG9ydHMiOi0xLCJleHBvcnRzIjotMSwiZGF0YSI6LTEsInBheWxvYWQiOi0xLCJ3aWxkY2FyZHMiOnRydWV9fX0._WW5C1triCh8a4jhyBxEZZP8RJ17pINS8qLzz-01o6zbz1uZfTOJGvwSTS6Yv2_849B9iUXSd-8kp1iMXHdoBA
 }
 ```
 The `MEMORY` resolver is recommended when the server has a small number of accounts that don't change very often.
 For more information on how to configure a memory resolver, see [this tutorial](../../nats-tools/nas/mem_resolver.md).