taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity
nats.docs/docs/nats_server/tls.html
Alberto Ricart 249e072d55 updated generated book
2019-05-15 14:19:51 -05:00

1066 lines
38 KiB
HTML
Raw Blame History

<!DOCTYPE HTML>
<html lang="" >
<head>
<meta charset="UTF-8">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>TLS Security ยท NATS</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="description" content="">
<meta name="generator" content="GitBook 3.2.3">
<meta name="author" content="The NATS Maintainers">
<link rel="stylesheet" href="../gitbook/style.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-prism/prism.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-search/search.css">
<link rel="stylesheet" href="../gitbook/gitbook-plugin-fontsettings/website.css">
<meta name="HandheldFriendly" content="true"/>
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../gitbook/images/apple-touch-icon-precomposed-152.png">
<link rel="shortcut icon" href="../gitbook/images/favicon.ico" type="image/x-icon">
<link rel="next" href="logging.html" />
<link rel="prev" href="clustering.html" />
<link rel="stylesheet" href="https://cdn.materialdesignicons.com/3.6.95/css/materialdesignicons.min.css">
</head>
<body>
<div class="book">
<div class="book-summary">
<div id="book-search-input" role="search">
<input type="text" placeholder="Type to search" />
</div>
<nav role="navigation">
<ul class="summary">
<li class="chapter " data-level="1.1" data-path="../">
<a href="../">
Introduction
</a>
<ul class="articles">
<li class="chapter " data-level="1.1.1" data-path="./">
<a href="./">
NATS Server
</a>
<ul class="articles">
<li class="chapter " data-level="1.1.1.1" data-path="installation.html">
<a href="installation.html">
Installing
</a>
</li>
<li class="chapter " data-level="1.1.1.2" data-path="running.html">
<a href="running.html">
Running
</a>
</li>
<li class="chapter " data-level="1.1.1.3" data-path="clients.html">
<a href="clients.html">
Clients
</a>
</li>
<li class="chapter " data-level="1.1.1.4" data-path="flags.html">
<a href="flags.html">
Flags
</a>
</li>
<li class="chapter " data-level="1.1.1.5" data-path="configuration.html">
<a href="configuration.html">
Configuration File
</a>
<ul class="articles">
<li class="chapter " data-level="1.1.1.5.1" data-path="authentication.html">
<a href="authentication.html">
Authentication
</a>
</li>
<li class="chapter " data-level="1.1.1.5.2" data-path="authorization.html">
<a href="authorization.html">
Authorization
</a>
</li>
<li class="chapter " data-level="1.1.1.5.3" data-path="clustering.html">
<a href="clustering.html">
Clustering
</a>
</li>
<li class="chapter active" data-level="1.1.1.5.4" data-path="tls.html">
<a href="tls.html">
TLS Security
</a>
</li>
<li class="chapter " data-level="1.1.1.5.5" data-path="logging.html">
<a href="logging.html">
Logging
</a>
</li>
<li class="chapter " data-level="1.1.1.5.6" data-path="monitoring.html">
<a href="monitoring.html">
Monitoring
</a>
<ul class="articles">
<li class="chapter " data-level="1.1.1.5.6.1" data-path="natstop.html">
<a href="natstop.html">
Statistics
</a>
<ul class="articles">
<li class="chapter " data-level="1.1.1.5.6.1.1" data-path="nats_top_tutorial.html">
<a href="nats_top_tutorial.html">
NATS Top Tutorial
</a>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="1.1.1.6" data-path="signals.html">
<a href="signals.html">
Signals
</a>
</li>
<li class="chapter " data-level="1.1.1.7" data-path="windows_srv.html">
<a href="windows_srv.html">
Window Service
</a>
</li>
<li class="chapter " data-level="1.1.1.8" data-path="upgrading.html">
<a href="upgrading.html">
Upgrading a Cluster
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="1.2" data-path="../developer/">
<a href="../developer/">
Developing with NATS
</a>
<ul class="articles">
<li class="chapter " data-level="1.2.1" data-path="../developer/connecting.html">
<a href="../developer/connecting.html">
Connecting
</a>
</li>
</ul>
</li>
<li class="divider"></li>
<li>
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
Published with GitBook
</a>
</li>
</ul>
</nav>
</div>
<div class="book-body">
<div class="body-inner">
<div class="book-header" role="navigation">
<!-- Title -->
<h1>
<i class="fa fa-circle-o-notch fa-spin"></i>
<a href=".." >TLS Security</a>
</h1>
</div>
<div class="page-wrapper" tabindex="-1" role="main">
<div class="page-inner">
<div id="book-search-results">
<div class="search-noresults">
<section class="normal markdown-section">
<h2 id="tls-security">TLS Security</h2>
<p>As of Release 0.7.0, the server can use modern TLS semantics for client connections, route connections, and the HTTPS monitoring port. To enable TLS on the client port add the TLS configuration section as follows:</p>
<pre class="language-"><code class="lang-ascii"># Simple TLS config file
listen: 127.0.0.1:4443
tls {
cert_file: &quot;./configs/certs/server-cert.pem&quot;
key_file: &quot;./configs/certs/server-key.pem&quot;
timeout: 2
}
authorization {
user: derek
password: $2a$11$W2zko751KUvVy59mUTWmpOdWjpEm5qhcCZRd05GjI/sSOT.xtiHyG
timeout: 1
}
</code></pre>
<p>Note: This TLS configuration is also used for the monitor port if enabled with the <code>https_port</code> option.</p>
<p>The server <strong>requires</strong> a certificate and private key. Generating self signed certs and intermediary certificate authorities is beyond the scope here, but this document can be helpful in addition to Google Search:
<a href="https://docs.docker.com/engine/articles/https/" target="_blank">https://docs.docker.com/engine/articles/https/</a></p>
<p>The server can be run using command line arguments to enable TLS functionality.</p>
<pre class="language-"><code>--tls Enable TLS, do not verify clients (default: false)
--tlscert FILE Server certificate file
--tlskey FILE Private key for server certificate
--tlsverify Enable TLS, verify client certificates
--tlscacert FILE Client certificate CA for verification
</code></pre><p>Examples using the test certificates which are self signed for localhost and 127.0.0.1.</p>
<pre class="language-"><code class="lang-sh"><span class="token operator">&gt;</span> ./nats-server --tls --tlscert<span class="token operator">=</span>./test/configs/certs/server-cert.pem --tlskey<span class="token operator">=</span>./test/configs/certs/server-key.pem
<span class="token punctuation">[</span>2935<span class="token punctuation">]</span> 2016/04/26 13:34:30.685413 <span class="token punctuation">[</span>INF<span class="token punctuation">]</span> Starting nats-server version 0.8.0.beta
<span class="token punctuation">[</span>2935<span class="token punctuation">]</span> 2016/04/26 13:34:30.685509 <span class="token punctuation">[</span>INF<span class="token punctuation">]</span> Listening <span class="token keyword">for</span> client connections on 0.0.0.0:4222
<span class="token punctuation">[</span>2935<span class="token punctuation">]</span> 2016/04/26 13:34:30.685656 <span class="token punctuation">[</span>INF<span class="token punctuation">]</span> TLS required <span class="token keyword">for</span> client connections
<span class="token punctuation">[</span>2935<span class="token punctuation">]</span> 2016/04/26 13:34:30.685660 <span class="token punctuation">[</span>INF<span class="token punctuation">]</span> Server is ready
</code></pre>
<p>Notice that the log indicates that the client connections will be required to use TLS. If you run the server in Debug mode with -D or -DV, the logs will show the cipher suite selection for each connected client.</p>
<pre class="language-"><code class="lang-sh"><span class="token punctuation">[</span>15146<span class="token punctuation">]</span> 2015/12/03 12:38:37.733139 <span class="token punctuation">[</span>DBG<span class="token punctuation">]</span> ::1:63330 - cid:1 - Starting TLS client connection handshake
<span class="token punctuation">[</span>15146<span class="token punctuation">]</span> 2015/12/03 12:38:37.751948 <span class="token punctuation">[</span>DBG<span class="token punctuation">]</span> ::1:63330 - cid:1 - TLS handshake complete
<span class="token punctuation">[</span>15146<span class="token punctuation">]</span> 2015/12/03 12:38:37.751959 <span class="token punctuation">[</span>DBG<span class="token punctuation">]</span> ::1:63330 - cid:1 - TLS version 1.2, cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
</code></pre>
<h3 id="tls-ciphers">TLS Ciphers</h3>
<p>The server requires TLS version 1.2, and sets preferences for modern cipher suites that avoid those known with vulnerabilities. The
server&apos;s default preferences when building with Go1.5 are as follows.</p>
<pre class="language-"><code class="lang-go"><span class="token keyword">func</span> <span class="token function">defaultCipherSuites</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token builtin">uint16</span> <span class="token punctuation">{</span>
<span class="token keyword">return</span> <span class="token punctuation">[</span><span class="token punctuation">]</span><span class="token builtin">uint16</span><span class="token punctuation">{</span>
<span class="token comment">// The SHA384 versions are only in Go1.5+</span>
tls<span class="token punctuation">.</span>TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256<span class="token punctuation">,</span>
tls<span class="token punctuation">.</span>TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256<span class="token punctuation">,</span>
tls<span class="token punctuation">.</span>TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305<span class="token punctuation">,</span>
tls<span class="token punctuation">.</span>TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305<span class="token punctuation">,</span>
tls<span class="token punctuation">.</span>TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384<span class="token punctuation">,</span>
tls<span class="token punctuation">.</span>TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384<span class="token punctuation">,</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre>
<p>Optionally if your organization requires a specific cipher or list of ciphers, you can configure them with the <code>cipher_suites</code> option as follows:</p>
<pre class="language-"><code class="lang-ascii">tls {
cert_file: &quot;./configs/certs/server.pem&quot;
key_file: &quot;./configs/certs/key.pem&quot;
timeout: 2
cipher_suites: [
&quot;TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384&quot;,
&quot;TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384&quot;,
]
}
</code></pre>
<p>A list of supported cipher suites is <a href="https://github.com/nats-io/nats-server/blob/master/server/ciphersuites.go#L21" target="_blank">located here in the cipherMap variable</a>.</p>
<h3 id="client-tls-mutual-authentication">Client TLS Mutual Authentication</h3>
<p>Optionally the server can require that clients need to present certificates, and the server can be configured with a CA authority to verify the client certificates. Simply add the option <code>verify</code> the TLS configuration section as follows:</p>
<pre class="language-"><code class="lang-ascii">tls {
cert_file: &quot;./configs/certs/server-cert.pem&quot;
key_file: &quot;./configs/certs/server-key.pem&quot;
ca_file: &quot;./configs/certs/ca.pem&quot;
verify: true
}
</code></pre>
<p>If you want the server to enforce and require client certificates as well via the command line, utilize this example.</p>
<pre class="language-"><code class="lang-sh"><span class="token operator">&gt;</span> ./nats-server --tlsverify --tlscert<span class="token operator">=</span>./test/configs/certs/server-cert.pem --tlskey<span class="token operator">=</span>./test/configs/certs/server-key.pem --tlscacert<span class="token operator">=</span>./test/configs/certs/ca.pem
</code></pre>
<p>This option simply verifies the client&apos;s certificate has been signed by the CA specified in the <code>ca_file</code> option. However, it does not map any attribute of the client&apos;s certificate to the user&apos;s identity.</p>
<p>To have TLS Mutual Authentication map certificate attributes to the users identity, replace the option <code>verify</code> with <code>verify_and_map</code> as shown as follows:</p>
<pre class="language-"><code class="lang-ascii">tls {
cert_file: &quot;./configs/certs/server-cert.pem&quot;
key_file: &quot;./configs/certs/server-key.pem&quot;
ca_file: &quot;./configs/certs/ca.pem&quot;
# Require a client certificate and map user id from certificate
verify_and_map: true
}
</code></pre>
<p>There are two options for certificate attributes that can be mapped to user names. The first is the email address in the Subject Alternative Name (SAN) field of the certificate. While generating a certificate with this attribute is outside the scope of this document, we will view this with OpenSSL:</p>
<pre class="language-"><code class="lang-ascii">$ openssl x509 -noout -text -in test/configs/certs/client-id-auth-cert.pem
Certificate:
-------------<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>truncated</span><span class="token punctuation">&gt;</span></span>-------------
X509v3 extensions:
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:127.0.0.1, email:derek@nats.io
X509v3 Extended Key Usage:
TLS Web Client Authentication
-------------<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>truncated</span><span class="token punctuation">&gt;</span></span>-------------
</code></pre>
<p>The configuration to authorize this user would be as follows:</p>
<pre class="language-"><code class="lang-ascii">authorization {
users = [
{user: &quot;derek@nats.io&quot;, permissions: { publish: &quot;foo&quot; }}
]
}
</code></pre>
<p>Note: This configuration only works for the first email address if there are multiple emails in the SAN field.</p>
<p>The second option is to use the RFC 2253 Distinguished Names syntax from the certificate subject as follows:</p>
<pre class="language-"><code class="lang-ascii">$ openssl x509 -noout -text -in test/configs/certs/tlsauth/client2.pem
Certificate:
Data:
-------------<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>truncated</span><span class="token punctuation">&gt;</span></span>-------------
Subject: OU=CNCF, CN=example.com
-------------<span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>truncated</span><span class="token punctuation">&gt;</span></span>-------------
</code></pre>
<p>The configuration to authorize this user would be as follows:</p>
<pre class="language-"><code class="lang-ascii">authorization {
users = [
{user: &quot;CN=example.com,OU=CNCF&quot;, permissions: { publish: &quot;foo&quot; }}
]
}
</code></pre>
<h3 id="cluster-tls-mutual-authentication">Cluster TLS Mutual Authentication</h3>
<p>When setting up clusters all servers in the cluster, if using TLS, will both verify the connecting endpoints and the server responses. So certificates are checked in both directions. Certificates can be configured only for the server&apos;s cluster identity, keeping client and server certificates separate from cluster formation.</p>
<pre class="language-"><code class="lang-ascii">cluster {
listen: 127.0.0.1:4244
tls {
# Route cert
cert_file: &quot;./configs/certs/srva-cert.pem&quot;
# Private key
key_file: &quot;./configs/certs/srva-key.pem&quot;
# Optional certificate authority verifying connected routes
# Required when we have self-signed CA, etc.
ca_file: &quot;./configs/certs/ca.pem&quot;
}
# Routes are actively solicited and connected to from this server.
# Other servers can connect to us if they supply the correct credentials
# in their routes definitions from above.
routes = [
nats-route://127.0.0.1:4246
]
}
</code></pre>
<h3 id="using-bcrypt-to-protect-passwords">Using bcrypt to Protect Passwords</h3>
<p>In addition to TLS functionality, the server now also supports hashing of passwords and authentication tokens using <code>bcrypt</code>. To take advantage of this, simply replace the plaintext password in the configuration with its <code>bcrypt</code> hash, and the server will automatically utilize <code>bcrypt</code> as needed.</p>
<p>A utility for creating <code>bcrypt</code> hashes is included with the nats-server distribution (<code>util/mkpasswd.go</code>). Running it with no arguments will generate a new secure password along with the associated hash. This can be used for a password or a token in the configuration.</p>
<pre class="language-"><code>~/go/src/github.com/nats-io/nats-server/util&gt; go get golang.org/x/crypto/ssh/terminal
~/go/src/github.com/nats-io/nats-server/util&gt; go build mkpasswd.go
~/go/src/github.com/nats-io/nats-server/util&gt; ./mkpasswd
pass: #IclkRPHUpsTmACWzmIGXr
bcrypt hash: $2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
</code></pre><p>If you already have a password selected, you can supply the <code>-p</code> flag on the command line, enter your desired password, and a <code>bcrypt</code> hash will be generated for it:</p>
<pre class="language-"><code>~/go/src/github.com/nats-io/nats-server/util&gt; ./mkpasswd -p
Enter Password: *******
Reenter Password: ******
bcrypt hash: $2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
</code></pre><p>Add the hash into the server configuration file&apos;s authorization section.</p>
<pre class="language-"><code> authorization {
user: derek
password: $2a$11$3kIDaCxw.Glsl1.u5nKa6eUnNDLV5HV9tIuUp7EHhMt6Nm9myW1aS
}
</code></pre>
</section>
</div>
<div class="search-results">
<div class="has-results">
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
<ul class="search-results-list"></ul>
</div>
<div class="no-results">
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
</div>
</div>
</div>
</div>
</div>
</div>
<a href="clustering.html" class="navigation navigation-prev " aria-label="Previous page: Clustering">
<i class="fa fa-angle-left"></i>
</a>
<a href="logging.html" class="navigation navigation-next " aria-label="Next page: Logging">
<i class="fa fa-angle-right"></i>
</a>
</div>
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"TLS Security","level":"1.1.1.5.4","depth":4,"next":{"title":"Logging","level":"1.1.1.5.5","depth":4,"path":"nats_server/logging.md","ref":"nats_server/logging.md","articles":[]},"previous":{"title":"Clustering","level":"1.1.1.5.3","depth":4,"path":"nats_server/clustering.md","ref":"nats_server/clustering.md","articles":[]},"dir":"ltr"},"config":{"plugins":["prism","-highlight","include-html"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{},"include-html":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"sharing":{"facebook":true,"twitter":true,"google":false,"weibo":false,"instapaper":false,"vk":false,"all":["facebook","google","twitter","weibo","instapaper"]},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"nats_server/tls.md","mtime":"2019-05-15T18:44:35.128Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-05-15T19:18:57.723Z"},"basePath":"..","book":{"language":""}});
});
</script>
</div>
<!-- Viz Support -->
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/2.1.2/viz.js"> </script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/2.1.2/lite.render.js"> </script>
<!-- Site code -->
<script>
function flash(elem, text, speed) {
if (!elem) {
return;
}
var s = elem.style;
elem.textContent = text;
s.display = 'block';
s.opacity = 1;
(function fade() {
(s.opacity -= .1) < .1 ? s.display = "none" : setTimeout(fade, speed)
})();
}
function copyToClipboard(text, el) {
var copyTest = document.queryCommandSupported('copy');
var elOriginalText = el.getAttribute('data-original-title');
if (copyTest === true) {
var copyTextArea = document.createElement("textarea");
copyTextArea.value = text;
document.body.appendChild(copyTextArea);
copyTextArea.select();
try {
var successful = document.execCommand('copy');
var msg = successful ? 'Copied!' : 'Whoops, not copied!';
var parent = el.parentNode.parentNode;
var msgElem = parent.querySelector(".copy-msg");
flash(msgElem, msg, 100);
} catch (err) {
console.log('Oops, unable to copy', err);
}
document.body.removeChild(copyTextArea);
el.setAttribute('data-original-title', elOriginalText);
} else {
// Fallback if browser doesn't support .execCommand('copy')
window.prompt("Copy to clipboard: Ctrl+C or Command+C, Enter", text);
}
}
function processGraphVizSections(elements) {
var elements = document.querySelectorAll("[data-viz]");
var viz = new Viz();
Array.prototype.forEach.call(elements, function (x) {
var engine = x.getAttribute("data-viz");
var image = viz.renderImageElement(x.innerText, {
format: "png",
engine: engine
}).then(function (element) {
x.parentNode.insertBefore(element, x);
});
});
};
function updateLanguageParameter(value) {
const param = "lang";
if (window.location.href.indexOf("?") >= 0) {
const regExp = new RegExp(param + "(.+?)(&|$)", "g");
const newUrl = window.location.href.replace(regExp, param + "=" + encodeURIComponent(value) + "$2");
window.history.pushState("", "", newUrl);
} else {
const newUrl = window.location.href + "?" + param + "=" + encodeURIComponent(value);
window.history.pushState("", "", newUrl);
}
}
function getLanguageParameter() {
var match = RegExp('[?&]lang=([^&]*)').exec(window.location.search);
return match && decodeURIComponent(match[1].replace(/\+/g, ' '));
}
function docReady() {
window.gitbook.events.bind("page.change", function () {
pageChanged();
});
}
function pageChanged() {
document.querySelectorAll('.js-copy').forEach(elem => {
elem.addEventListener("click", function () {
var el = this;
var parent = this.parentNode.parentNode;
var code = parent.querySelector('code');
var text = code.textContent || code.innerText;
copyToClipboard(text, el);
})
});
document.querySelectorAll('.api-lang').forEach(elem => {
elem.addEventListener("click", function () {
var curLang = sessionStorage.getItem('nats-api-language');
var lang = this.getAttribute('data-language');
// Stop the infinite loop
if (curLang == lang) {
return;
}
sessionStorage.setItem('nats-api-language', lang); // So we only do this 1x
updateLanguageParameter(lang)
document.querySelectorAll('.api-lang[data-language=' + lang + ']').forEach(elem => {
elem.click();
});
})
});
if (sessionStorage) {
var curLang = sessionStorage.getItem('nats-api-language');
var queryLang = getLanguageParameter();
var lang = curLang;
if (queryLang) { // query takes precedent
lang = queryLang
}
if (lang) {
document.querySelectorAll('.api-lang[data-language=' + lang + ']').forEach(elem => {
elem.click();
});
}
}
setTimeout(function () {
processGraphVizSections();
}, 1);
}
if (document.readyState != 'loading') docReady();
else if (document.addEventListener) document.addEventListener('DOMContentLoaded', docReady);
else document.attachEvent('onreadystatechange', function () {
if (document.readyState == 'complete') docReady();
});
</script>
<!-- Github Buttons -->
<script async defer src="https://buttons.github.io/buttons.js"></script>
<!-- Styles -->
<style>
div.graphviz {
background: transparent;
border: 0;
padding-top: 15px;
padding-right: 15px;
padding-bottom: 15px;
padding-left: 15px;
}
code[data-viz] {
display: none;
}
.tab-wrap {
transition: 0.3s box-shadow ease;
border-radius: 6px;
max-width: 100%;
display: flex;
flex-wrap: wrap;
position: relative;
list-style: none;
background-color: #fff;
margin: 10px 0;
/* box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);*/
}
.tab-wrap:hover {
box-shadow: 0 12px 23px rgba(0, 0, 0, 0.23), 0 10px 10px rgba(0, 0, 0, 0.19);
}
.tab {
display: none;
}
/* Using scss these would be generated, we have to manually create enough for all tabs, start with 8 */
.tab:checked:nth-of-type(1)~.tab__content:nth-of-type(1) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(2)~.tab__content:nth-of-type(2) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(3)~.tab__content:nth-of-type(3) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(4)~.tab__content:nth-of-type(4) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(5)~.tab__content:nth-of-type(5) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(6)~.tab__content:nth-of-type(6) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(7)~.tab__content:nth-of-type(7) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(8)~.tab__content:nth-of-type(8) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:first-of-type:not(:last-of-type)+label {
border-top-right-radius: 0;
border-bottom-right-radius: 0;
}
.tab:not(:first-of-type):not(:last-of-type)+label {
border-radius: 0;
}
.tab:last-of-type:not(:first-of-type)+label {
border-top-left-radius: 0;
border-bottom-left-radius: 0;
}
.tab:checked+label {
background-color: #fff;
box-shadow: 0 -1px 0 #fff inset;
cursor: default;
font-weight: bold;
border: 1px solid #ddd;
border-bottom-color: transparent;
}
.tab:checked+label:hover {
box-shadow: 0 -1px 0 #fff inset;
background-color: #fff;
}
.tab+label {
box-shadow: 0 -1px 0 #eee inset;
border-radius: 6px 6px 0 0;
cursor: pointer;
display: block;
text-decoration: none;
color: #27aae1;
flex-grow: 3;
text-align: center;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
text-align: center;
transition: 0.3s background-color ease, 0.3s box-shadow ease;
height: 50px;
box-sizing: border-box;
padding: 15px;
}
.tab+label:hover {
background-color: #f9f9f9;
box-shadow: 0 1px 0 #f4f4f4 inset;
}
.tab__content {
padding: 2px 2px;
background-color: transparent;
position: absolute;
width: 100%;
z-index: -1;
opacity: 0;
left: 0;
-webkit-transform: translateY(-3px);
transform: translateY(-3px);
border-radius: 6px;
}
.tab__content pre {
margin-bottom: 0px !important;
}
.toolbar-icons {
display: inline-block;
position: relative;
padding-left: 4px;
}
a.toolbar-icons {
text-decoration: none;
}
.toolbar-icons .mdi {
color: #4183c4;
}
.copy-msg {
color: #4183c4;
}
.pull-right {
float: right !important;
}
.pull-left {
float: left !important;
}
</style>
<script src="../gitbook/gitbook.js"></script>
<script src="../gitbook/theme.js"></script>
<script src="../gitbook/gitbook-plugin-search/search-engine.js"></script>
<script src="../gitbook/gitbook-plugin-search/search.js"></script>
<script src="../gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
<script src="../gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
<script src="../gitbook/gitbook-plugin-sharing/buttons.js"></script>
<script src="../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink