taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity
nats.docs/docs/developer/security/tls.html
Stephen Asbury 7164aa2dc8 Pointed logo to nats.io site to use absolute path
2019-05-30 16:28:02 -07:00

3204 lines
130 KiB
HTML
Raw Blame History

<!DOCTYPE HTML>
<html lang="" >
<head>
<meta charset="UTF-8">
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>Encrypting Connections with TLS ยท NATS</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="description" content="">
<meta name="generator" content="GitBook 3.2.3">
<meta name="author" content="The NATS Maintainers">
<link rel="stylesheet" href="../../gitbook/style.css">
<link rel="stylesheet" href="../../gitbook/gitbook-plugin-prism/prism.css">
<link rel="stylesheet" href="../../gitbook/gitbook-plugin-toggle-chapters/toggle.css">
<link rel="stylesheet" href="../../gitbook/gitbook-plugin-anchors/plugin.css">
<link rel="stylesheet" href="../../gitbook/gitbook-plugin-search/search.css">
<link rel="stylesheet" href="../../gitbook/gitbook-plugin-fontsettings/website.css">
<meta name="HandheldFriendly" content="true"/>
<meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=no">
<meta name="apple-mobile-web-app-capable" content="yes">
<meta name="apple-mobile-web-app-status-bar-style" content="black">
<link rel="apple-touch-icon-precomposed" sizes="152x152" href="../../gitbook/images/apple-touch-icon-precomposed-152.png">
<link rel="shortcut icon" href="../../gitbook/images/favicon.ico" type="image/x-icon">
<link rel="next" href="../receiving/intro.html" />
<link rel="prev" href="creds.html" />
<link rel="stylesheet" href="https://cdn.materialdesignicons.com/3.6.95/css/materialdesignicons.min.css">
</head>
<body>
<div class="book">
<div class="book-summary">
<div id="book-search-input" role="search">
<input type="text" placeholder="Type to search" />
</div>
<nav role="navigation">
<ul class="summary">
<li class="chapter " data-level="1.1" data-path="../../">
<a href="../../">
Introduction
</a>
</li>
<li class="chapter " data-level="1.2" data-path="../../whats_new/whats_new_20.html">
<a href="../../whats_new/whats_new_20.html">
What's New in 2.0
</a>
</li>
<li class="header">Concepts</li>
<li class="chapter " data-level="2.1" data-path="../concepts/intro.html">
<a href="../concepts/intro.html">
What is NATS
</a>
</li>
<li class="chapter " data-level="2.2" data-path="../concepts/subjects.html">
<a href="../concepts/subjects.html">
Subject-Based Messaging
</a>
</li>
<li class="chapter " data-level="2.3" data-path="../concepts/pubsub.html">
<a href="../concepts/pubsub.html">
Publish-Subscribe
</a>
</li>
<li class="chapter " data-level="2.4" data-path="../concepts/reqreply.html">
<a href="../concepts/reqreply.html">
Request-Reply
</a>
</li>
<li class="chapter " data-level="2.5" data-path="../concepts/queue.html">
<a href="../concepts/queue.html">
Queue Groups
</a>
</li>
<li class="chapter " data-level="2.6" data-path="../concepts/acks.html">
<a href="../concepts/acks.html">
Acknowledgements
</a>
</li>
<li class="chapter " data-level="2.7" data-path="../concepts/seq_num.html">
<a href="../concepts/seq_num.html">
Sequence Numbers
</a>
</li>
<li class="header">Developing With NATS</li>
<li class="chapter " data-level="3.1" data-path="../">
<a href="../">
Introduction
</a>
</li>
<li class="chapter " data-level="3.2" data-path="../connecting/intro.html">
<a href="../connecting/intro.html">
Connecting
</a>
<ul class="articles">
<li class="chapter " data-level="3.2.1" data-path="../connecting/default_server.html">
<a href="../connecting/default_server.html">
Connecting to the Default Server
</a>
</li>
<li class="chapter " data-level="3.2.2" data-path="../connecting/specific_server.html">
<a href="../connecting/specific_server.html">
Connecting to a Specific Server
</a>
</li>
<li class="chapter " data-level="3.2.3" data-path="../connecting/cluster.html">
<a href="../connecting/cluster.html">
Connecting to a Cluster
</a>
</li>
<li class="chapter " data-level="3.2.4" data-path="../connecting/connect_timeout.html">
<a href="../connecting/connect_timeout.html">
Setting a Connect Timeout
</a>
</li>
<li class="chapter " data-level="3.2.5" data-path="../connecting/pingpong.html">
<a href="../connecting/pingpong.html">
Ping/Pong Protocol
</a>
</li>
<li class="chapter " data-level="3.2.6" data-path="../connecting/protocol.html">
<a href="../connecting/protocol.html">
Controlling the Client/Server Protocol
</a>
</li>
<li class="chapter " data-level="3.2.7" data-path="../connecting/noecho.html">
<a href="../connecting/noecho.html">
Turning Off Echo'd Messages
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.3" data-path="../reconnect/intro.html">
<a href="../reconnect/intro.html">
Automatic Reconnections
</a>
<ul class="articles">
<li class="chapter " data-level="3.3.1" data-path="../reconnect/disable.html">
<a href="../reconnect/disable.html">
Disabling Reconnect
</a>
</li>
<li class="chapter " data-level="3.3.2" data-path="../reconnect/max.html">
<a href="../reconnect/max.html">
Set the Number of Reconnect Attempts
</a>
</li>
<li class="chapter " data-level="3.3.3" data-path="../reconnect/wait.html">
<a href="../reconnect/wait.html">
Pausing Between Reconnect Attempts
</a>
</li>
<li class="chapter " data-level="3.3.4" data-path="../reconnect/random.html">
<a href="../reconnect/random.html">
Avoiding the Thundering Herd
</a>
</li>
<li class="chapter " data-level="3.3.5" data-path="../reconnect/events.html">
<a href="../reconnect/events.html">
Listening for Reconnect Events
</a>
</li>
<li class="chapter " data-level="3.3.6" data-path="../reconnect/buffer.html">
<a href="../reconnect/buffer.html">
Buffering Messages During Reconnect Attempts
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.4" data-path="intro.html">
<a href="intro.html">
Securing Connections
</a>
<ul class="articles">
<li class="chapter " data-level="3.4.1" data-path="userpass.html">
<a href="userpass.html">
Authenticating with a User and Password
</a>
</li>
<li class="chapter " data-level="3.4.2" data-path="token.html">
<a href="token.html">
Authenticating with a Token
</a>
</li>
<li class="chapter " data-level="3.4.3" data-path="nkey.html">
<a href="nkey.html">
Authenticating with an NKey
</a>
</li>
<li class="chapter " data-level="3.4.4" data-path="creds.html">
<a href="creds.html">
Authenticating with a Credentials File
</a>
</li>
<li class="chapter active" data-level="3.4.5" data-path="tls.html">
<a href="tls.html">
Encrypting Connections with TLS
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.5" data-path="../receiving/intro.html">
<a href="../receiving/intro.html">
Receiving Messages
</a>
<ul class="articles">
<li class="chapter " data-level="3.5.1" data-path="../receiving/sync.html">
<a href="../receiving/sync.html">
Synchronous Subscriptions
</a>
</li>
<li class="chapter " data-level="3.5.2" data-path="../receiving/async.html">
<a href="../receiving/async.html">
Asynchronous Subscriptions
</a>
</li>
<li class="chapter " data-level="3.5.3" data-path="../receiving/unsubscribing.html">
<a href="../receiving/unsubscribing.html">
Unsubscribing
</a>
</li>
<li class="chapter " data-level="3.5.4" data-path="../receiving/unsub_after.html">
<a href="../receiving/unsub_after.html">
Unsubscribing After N Messages
</a>
</li>
<li class="chapter " data-level="3.5.5" data-path="../receiving/reply.html">
<a href="../receiving/reply.html">
Replying to a Message
</a>
</li>
<li class="chapter " data-level="3.5.6" data-path="../receiving/wildcards.html">
<a href="../receiving/wildcards.html">
Wildcard Subscriptions
</a>
</li>
<li class="chapter " data-level="3.5.7" data-path="../receiving/queues.html">
<a href="../receiving/queues.html">
Queue Subscriptions
</a>
</li>
<li class="chapter " data-level="3.5.8" data-path="../receiving/drain.html">
<a href="../receiving/drain.html">
Draining Messages Before Disconnect
</a>
</li>
<li class="chapter " data-level="3.5.9" data-path="../receiving/structure.html">
<a href="../receiving/structure.html">
Structured Data
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.6" data-path="../sending/intro.html">
<a href="../sending/intro.html">
Sending Messages
</a>
<ul class="articles">
<li class="chapter " data-level="3.6.1" data-path="../sending/replyto.html">
<a href="../sending/replyto.html">
Including a Reply Subject
</a>
</li>
<li class="chapter " data-level="3.6.2" data-path="../sending/request_reply.html">
<a href="../sending/request_reply.html">
Request-Reply Semantics
</a>
</li>
<li class="chapter " data-level="3.6.3" data-path="../sending/caches.html">
<a href="../sending/caches.html">
Caches, Flush and Ping
</a>
</li>
<li class="chapter " data-level="3.6.4" data-path="../sending/structure.html">
<a href="../sending/structure.html">
Sending Structured Data
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.7" data-path="../events/intro.html">
<a href="../events/intro.html">
Monitoring the Connection
</a>
<ul class="articles">
<li class="chapter " data-level="3.7.1" data-path="../events/events.html">
<a href="../events/events.html">
Listen for Connection Events
</a>
</li>
<li class="chapter " data-level="3.7.2" data-path="../events/slow.html">
<a href="../events/slow.html">
Slow Consumers
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="3.8" data-path="../tutorials/intro.html">
<a href="../tutorials/intro.html">
Tutorials
</a>
<ul class="articles">
<li class="chapter " data-level="3.8.1" data-path="../tutorials/pubsub.html">
<a href="../tutorials/pubsub.html">
Explore NATS Pub/Sub
</a>
</li>
<li class="chapter " data-level="3.8.2" data-path="../tutorials/reqreply.html">
<a href="../tutorials/reqreply.html">
Explore NATS Request/Reply
</a>
</li>
<li class="chapter " data-level="3.8.3" data-path="../tutorials/queues.html">
<a href="../tutorials/queues.html">
Explore NATS Queueing
</a>
</li>
<li class="chapter " data-level="3.8.4" data-path="../tutorials/custom_dialer.html">
<a href="../tutorials/custom_dialer.html">
Advanced Connect and Custom Dialer in Go
</a>
</li>
</ul>
</li>
<li class="header">NATS Server</li>
<li class="chapter " data-level="4.1" data-path="../../nats_server/installation.html">
<a href="../../nats_server/installation.html">
Installing
</a>
</li>
<li class="chapter " data-level="4.2" data-path="../../nats_server/running.html">
<a href="../../nats_server/running.html">
Running
</a>
<ul class="articles">
<li class="chapter " data-level="4.2.1" data-path="../../nats_server/windows_srv.html">
<a href="../../nats_server/windows_srv.html">
Window Service
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.3" data-path="../../nats_server/clients.html">
<a href="../../nats_server/clients.html">
Clients
</a>
</li>
<li class="chapter " data-level="4.4" data-path="../../nats_server/flags.html">
<a href="../../nats_server/flags.html">
Flags
</a>
</li>
<li class="chapter " data-level="4.5" data-path="../../nats_server/configuration.html">
<a href="../../nats_server/configuration.html">
Configuration
</a>
<ul class="articles">
<li class="chapter " data-level="4.5.1" data-path="../../nats_server/securing_nats.html">
<a href="../../nats_server/securing_nats.html">
Securing NATS
</a>
<ul class="articles">
<li class="chapter " data-level="4.5.1.1" data-path="../../nats_server/tls.html">
<a href="../../nats_server/tls.html">
Enabling TLS
</a>
</li>
<li class="chapter " data-level="4.5.1.2" data-path="../../nats_server/auth_intro.html">
<a href="../../nats_server/auth_intro.html">
Authentication
</a>
<ul class="articles">
<li class="chapter " data-level="4.5.1.2.1" data-path="../../nats_server/tokens.html">
<a href="../../nats_server/tokens.html">
Tokens
</a>
</li>
<li class="chapter " data-level="4.5.1.2.2" data-path="../../nats_server/username_password.html">
<a href="../../nats_server/username_password.html">
Username/Password
</a>
</li>
<li class="chapter " data-level="4.5.1.2.3" data-path="../../nats_server/tls_mutual_auth.html">
<a href="../../nats_server/tls_mutual_auth.html">
TLS Authentication
</a>
</li>
<li class="chapter " data-level="4.5.1.2.4" data-path="../../nats_server/nkey_auth.html">
<a href="../../nats_server/nkey_auth.html">
NKeys
</a>
</li>
<li class="chapter " data-level="4.5.1.2.5" data-path="../../nats_server/accounts.html">
<a href="../../nats_server/accounts.html">
Accounts
</a>
</li>
<li class="chapter " data-level="4.5.1.2.6" data-path="../../nats_server/jwt_auth.html">
<a href="../../nats_server/jwt_auth.html">
JWTs
</a>
</li>
<li class="chapter " data-level="4.5.1.2.7" data-path="../../nats_server/auth_timeout.html">
<a href="../../nats_server/auth_timeout.html">
Authentication Timeout
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.5.1.3" data-path="../../nats_server/authorization.html">
<a href="../../nats_server/authorization.html">
Authorization
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.5.2" data-path="../../nats_server/clustering.html">
<a href="../../nats_server/clustering.html">
Clustering
</a>
<ul class="articles">
<li class="chapter " data-level="4.5.2.1" data-path="../../nats_server/cluster_config.html">
<a href="../../nats_server/cluster_config.html">
Configuration
</a>
</li>
<li class="chapter " data-level="4.5.2.2" data-path="../../nats_server/cluster_tls.html">
<a href="../../nats_server/cluster_tls.html">
TLS Authentication
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.5.3" data-path="../../gateways/">
<a href="../../gateways/">
Gateways
</a>
<ul class="articles">
<li class="chapter " data-level="4.5.3.1" data-path="../../gateways/gateway.html">
<a href="../../gateways/gateway.html">
Configuration
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.5.4" data-path="../../leafnodes/">
<a href="../../leafnodes/">
Leaf Nodes
</a>
<ul class="articles">
<li class="chapter " data-level="4.5.4.1" data-path="../../leafnodes/leafnode_conf.html">
<a href="../../leafnodes/leafnode_conf.html">
Configuration
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.5.5" data-path="../../nats_server/logging.html">
<a href="../../nats_server/logging.html">
Logging
</a>
</li>
<li class="chapter " data-level="4.5.6" data-path="../../nats_server/monitoring.html">
<a href="../../nats_server/monitoring.html">
Monitoring
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="4.6" data-path="../../nats_admin/">
<a href="../../nats_admin/">
Managing A NATS Server
</a>
<ul class="articles">
<li class="chapter " data-level="4.6.1" data-path="../../nats_admin/upgrading_cluster.html">
<a href="../../nats_admin/upgrading_cluster.html">
Upgrading a Cluster
</a>
</li>
<li class="chapter " data-level="4.6.2" data-path="../../nats_admin/slow_consumers.html">
<a href="../../nats_admin/slow_consumers.html">
Slow Consumers
</a>
</li>
<li class="chapter " data-level="4.6.3" data-path="../../nats_admin/signals.html">
<a href="../../nats_admin/signals.html">
Signals
</a>
</li>
<li class="chapter " data-level="4.6.4" data-path="../../sys_accounts/">
<a href="../../sys_accounts/">
System Accounts
</a>
<ul class="articles">
<li class="chapter " data-level="4.6.4.1" data-path="../../sys_accounts/sys_accounts.html">
<a href="../../sys_accounts/sys_accounts.html">
Configuration
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="4.7" data-path="../../nats_docker/">
<a href="../../nats_docker/">
NATS and Docker
</a>
<ul class="articles">
<li class="chapter " data-level="4.7.1" data-path="../../nats_docker/tutorial.html">
<a href="../../nats_docker/tutorial.html">
Tutorial
</a>
</li>
<li class="chapter " data-level="4.7.2" data-path="../../nats_docker/docker_swarm.html">
<a href="../../nats_docker/docker_swarm.html">
Docker Swarm
</a>
</li>
</ul>
</li>
<li class="header">NATS Tools</li>
<li class="chapter " data-level="5.1" data-path="../../nats_tools/mkpasswd.html">
<a href="../../nats_tools/mkpasswd.html">
mkpasswd
</a>
</li>
<li class="chapter " data-level="5.2" data-path="../../nats_tools/nk.html">
<a href="../../nats_tools/nk.html">
nk
</a>
</li>
<li class="chapter " data-level="5.3" data-path="../../nats_tools/nsc/">
<a href="../../nats_tools/nsc/">
nsc
</a>
<ul class="articles">
<li class="chapter " data-level="5.3.1" data-path="../../nats_tools/nsc/nsc.html">
<a href="../../nats_tools/nsc/nsc.html">
Basics
</a>
</li>
<li class="chapter " data-level="5.3.2" data-path="../../nats_tools/nsc/streams.html">
<a href="../../nats_tools/nsc/streams.html">
Streams
</a>
</li>
<li class="chapter " data-level="5.3.3" data-path="../../nats_tools/nsc/services.html">
<a href="../../nats_tools/nsc/services.html">
Services
</a>
</li>
<li class="chapter " data-level="5.3.4" data-path="../../nats_tools/nsc/signing_keys.html">
<a href="../../nats_tools/nsc/signing_keys.html">
Signing Keys
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.4" data-path="../../nats_tools/nas/">
<a href="../../nats_tools/nas/">
nats-account-server
</a>
<ul class="articles">
<li class="chapter " data-level="5.4.1" data-path="../../nats_tools/nas/nas_conf.html">
<a href="../../nats_tools/nas/nas_conf.html">
Basics
</a>
</li>
<li class="chapter " data-level="5.4.2" data-path="../../nats_tools/nas/inspecting_jwts.html">
<a href="../../nats_tools/nas/inspecting_jwts.html">
Inspecting JWTs
</a>
</li>
<li class="chapter " data-level="5.4.3" data-path="../../nats_tools/nas/mem_resolver.html">
<a href="../../nats_tools/nas/mem_resolver.html">
Memory Resolver
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.5" data-path="../../nats_tools/nats_top/">
<a href="../../nats_tools/nats_top/">
nats-top
</a>
<ul class="articles">
<li class="chapter " data-level="5.5.1" data-path="../../nats_tools/nats_top/tutorial.html">
<a href="../../nats_tools/nats_top/tutorial.html">
Tutorial
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="5.6" data-path="../../nats_tools/natsbench.html">
<a href="../../nats_tools/natsbench.html">
nats-bench
</a>
</li>
<li class="header">NATS Streaming Concepts</li>
<li class="chapter " data-level="6.1" data-path="../../nats_streaming/intro.html">
<a href="../../nats_streaming/intro.html">
Introduction
</a>
<ul class="articles">
<li class="chapter " data-level="6.1.1" data-path="../../nats_streaming/relation-to-nats.html">
<a href="../../nats_streaming/relation-to-nats.html">
Relation to NATS
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="6.2" data-path="../../nats_streaming/client-connections.html">
<a href="../../nats_streaming/client-connections.html">
Client Connections
</a>
</li>
<li class="chapter " data-level="6.3" data-path="../../nats_streaming/channels/channels.html">
<a href="../../nats_streaming/channels/channels.html">
Channels
</a>
<ul class="articles">
<li class="chapter " data-level="6.3.1" data-path="../../nats_streaming/channels/message-log.html">
<a href="../../nats_streaming/channels/message-log.html">
Message Log
</a>
</li>
<li class="chapter " data-level="6.3.2" data-path="../../nats_streaming/channels/subscriptions/subscriptions.html">
<a href="../../nats_streaming/channels/subscriptions/subscriptions.html">
Subscriptions
</a>
<ul class="articles">
<li class="chapter " data-level="6.3.2.1" data-path="../../nats_streaming/channels/subscriptions/regular.html">
<a href="../../nats_streaming/channels/subscriptions/regular.html">
Regular
</a>
</li>
<li class="chapter " data-level="6.3.2.2" data-path="../../nats_streaming/channels/subscriptions/durable.html">
<a href="../../nats_streaming/channels/subscriptions/durable.html">
Durable
</a>
</li>
<li class="chapter " data-level="6.3.2.3" data-path="../../nats_streaming/channels/subscriptions/queue-group.html">
<a href="../../nats_streaming/channels/subscriptions/queue-group.html">
Queue Group
</a>
</li>
<li class="chapter " data-level="6.3.2.4" data-path="../../nats_streaming/channels/subscriptions/redelivery.html">
<a href="../../nats_streaming/channels/subscriptions/redelivery.html">
Redelivery
</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="chapter " data-level="6.4" data-path="../../nats_streaming/store-interface.html">
<a href="../../nats_streaming/store-interface.html">
Store Interface
</a>
</li>
<li class="chapter " data-level="6.5" data-path="../../nats_streaming/store-encryption.html">
<a href="../../nats_streaming/store-encryption.html">
Store Encryption
</a>
</li>
<li class="chapter " data-level="6.6" data-path="../../nats_streaming/clustering/clustering.html">
<a href="../../nats_streaming/clustering/clustering.html">
Clustering
</a>
<ul class="articles">
<li class="chapter " data-level="6.6.1" data-path="../../nats_streaming/clustering/supported-stores.html">
<a href="../../nats_streaming/clustering/supported-stores.html">
Supported Stores
</a>
</li>
<li class="chapter " data-level="6.6.2" data-path="../../nats_streaming/clustering/configuration.html">
<a href="../../nats_streaming/clustering/configuration.html">
Configuration
</a>
</li>
<li class="chapter " data-level="6.6.3" data-path="../../nats_streaming/clustering/auto-configuration.html">
<a href="../../nats_streaming/clustering/auto-configuration.html">
Auto Configuration
</a>
</li>
<li class="chapter " data-level="6.6.4" data-path="../../nats_streaming/clustering/containers.html">
<a href="../../nats_streaming/clustering/containers.html">
Containers
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="6.7" data-path="../../nats_streaming/fault-tolerance/ft.html">
<a href="../../nats_streaming/fault-tolerance/ft.html">
Fault Tolerance
</a>
<ul class="articles">
<li class="chapter " data-level="6.7.1" data-path="../../nats_streaming/fault-tolerance/active-server.html">
<a href="../../nats_streaming/fault-tolerance/active-server.html">
Active Server
</a>
</li>
<li class="chapter " data-level="6.7.2" data-path="../../nats_streaming/fault-tolerance/standby-server.html">
<a href="../../nats_streaming/fault-tolerance/standby-server.html">
Standby Servers
</a>
</li>
<li class="chapter " data-level="6.7.3" data-path="../../nats_streaming/fault-tolerance/shared-state.html">
<a href="../../nats_streaming/fault-tolerance/shared-state.html">
Shared State
</a>
</li>
<li class="chapter " data-level="6.7.4" data-path="../../nats_streaming/fault-tolerance/failover.html">
<a href="../../nats_streaming/fault-tolerance/failover.html">
Failover
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="6.8" data-path="../../nats_streaming/partitioning.html">
<a href="../../nats_streaming/partitioning.html">
Partitioning
</a>
</li>
<li class="header">Developing With NATS Streaming</li>
<li class="chapter " data-level="7.1" data-path="../streaming/">
<a href="../streaming/">
Introduction
</a>
</li>
<li class="chapter " data-level="7.2" data-path="../streaming/connecting.html">
<a href="../streaming/connecting.html">
Connecting to NATS Streaming
</a>
</li>
<li class="chapter " data-level="7.3" data-path="../streaming/publishing.html">
<a href="../streaming/publishing.html">
Publishing to a Channel
</a>
</li>
<li class="chapter " data-level="7.4" data-path="../streaming/receiving.html">
<a href="../streaming/receiving.html">
Receiving Messages from a Channel
</a>
</li>
<li class="chapter " data-level="7.5" data-path="../streaming/durables.html">
<a href="../streaming/durables.html">
Durable Subscriptions
</a>
</li>
<li class="chapter " data-level="7.6" data-path="../streaming/queues.html">
<a href="../streaming/queues.html">
Queue Subscriptions
</a>
</li>
<li class="chapter " data-level="7.7" data-path="../streaming/acks.html">
<a href="../streaming/acks.html">
Acknowledgements
</a>
</li>
<li class="chapter " data-level="7.8" data-path="../streaming/protocol.html">
<a href="../streaming/protocol.html">
The Streaming Protocol
</a>
</li>
<li class="header">NATS Streaming Server</li>
<li class="chapter " data-level="8.1" data-path="../../nats_streaming/gettingstarted/install.html">
<a href="../../nats_streaming/gettingstarted/install.html">
Installing
</a>
</li>
<li class="chapter " data-level="8.2" data-path="../../nats_streaming/gettingstarted/run.html">
<a href="../../nats_streaming/gettingstarted/run.html">
Running
</a>
</li>
<li class="chapter " data-level="8.3" data-path="../../nats_streaming/gettingstarted/configuring.html">
<a href="../../nats_streaming/gettingstarted/configuring.html">
Configuring
</a>
</li>
<li class="chapter " data-level="8.4" data-path="../../nats_streaming/gettingstarted/tls.html">
<a href="../../nats_streaming/gettingstarted/tls.html">
Securing
</a>
</li>
<li class="chapter " data-level="8.5" data-path="../../nats_streaming/gettingstarted/process-signaling.html">
<a href="../../nats_streaming/gettingstarted/process-signaling.html">
Process Signaling
</a>
</li>
<li class="chapter " data-level="8.6" data-path="../../nats_streaming/gettingstarted/windows-service.html">
<a href="../../nats_streaming/gettingstarted/windows-service.html">
Windows Service
</a>
</li>
<li class="chapter " data-level="8.7" data-path="../streaming/embedding.html">
<a href="../streaming/embedding.html">
Embedding NATS Streaming Server
</a>
</li>
<li class="chapter " data-level="8.8" data-path="../../nats_streaming/swarm.html">
<a href="../../nats_streaming/swarm.html">
Docker Swarm
</a>
</li>
<li class="chapter " data-level="8.9" data-path="../../nats_streaming/monitoring/monitoring.html">
<a href="../../nats_streaming/monitoring/monitoring.html">
Monitoring
</a>
<ul class="articles">
<li class="chapter " data-level="8.9.1" data-path="../../nats_streaming/monitoring/enabling.html">
<a href="../../nats_streaming/monitoring/enabling.html">
Enabling
</a>
</li>
<li class="chapter " data-level="8.9.2" data-path="../../nats_streaming/monitoring/endpoints.html">
<a href="../../nats_streaming/monitoring/endpoints.html">
Endpoints
</a>
</li>
</ul>
</li>
<li class="header">NATS Protocol</li>
<li class="chapter " data-level="9.1" data-path="../../nats_protocol/nats-protocol-demo.html">
<a href="../../nats_protocol/nats-protocol-demo.html">
Protocol Demo
</a>
</li>
<li class="chapter " data-level="9.2" data-path="../../nats_protocol/nats-protocol.html">
<a href="../../nats_protocol/nats-protocol.html">
Client Protocol
</a>
<ul class="articles">
<li class="chapter " data-level="9.2.1" data-path="../../nats_protocol/nats-client-dev.html">
<a href="../../nats_protocol/nats-client-dev.html">
Developing a Client
</a>
</li>
</ul>
</li>
<li class="chapter " data-level="9.3" data-path="../../nats_protocol/nats-server-protocol.html">
<a href="../../nats_protocol/nats-server-protocol.html">
NATS Cluster Protocol
</a>
</li>
<li class="divider"></li>
<li>
<a href="https://www.gitbook.com" target="blank" class="gitbook-link">
Published with GitBook
</a>
</li>
</ul>
</nav>
</div>
<div class="book-body">
<div class="body-inner">
<div class="book-header" role="navigation">
<!-- Title -->
<h1>
<i class="fa fa-circle-o-notch fa-spin"></i>
<a href="../.." >Encrypting Connections with TLS</a>
</h1>
</div>
<div class="page-wrapper" tabindex="-1" role="main">
<div class="page-inner">
<div id="book-search-results">
<div class="search-noresults">
<section class="normal markdown-section">
<h1 id="encrypting-connections-with-tls"><a name="encrypting-connections-with-tls" class="plugin-anchor" href="#encrypting-connections-with-tls"><i class="fa fa-link" aria-hidden="true"></i></a>Encrypting Connections with TLS</h1>
<p>While authentication limits which clients can connect, TLS can be used to check the server&#x2019;s identity and the client&#x2019;s identity and will encrypt the traffic between the two. The most secure version of TLS with NATS is to use verified client certificates. In this mode, the client can check that it trusts the certificate sent by <code>nats-server</code> but the server will also check that it trusts the certificate sent by the client. From an application&apos;s perspective connecting to a server that does not verify client certificates may appear identical. Under the covers, disabling TLS verification removes the server side check on the client&#x2019;s certificate. When started in TLS mode, <code>nats-server</code> will require all clients to connect with TLS. Moreover, if configured to connect with TLS, client libraries will fail to connect to a server without TLS.</p>
<p>The <a href="https://github.com/nats-io/java-nats-examples/tree/master/src/main/resources" target="_blank">Java examples repository</a> contains certificates for starting the server in TLS mode.</p>
<pre class="language-"><code class="lang-sh"><span class="token operator">&gt;</span> nats-server -c /src/main/resources/tls.conf
or
<span class="token operator">&gt;</span> nats-server -c /src/main/resources/tls_verify.conf
</code></pre>
<h2 id="connecting-with-tls"><a name="connecting-with-tls" class="plugin-anchor" href="#connecting-with-tls"><i class="fa fa-link" aria-hidden="true"></i></a>Connecting with TLS</h2>
<p>Connecting to a server with TLS is primarily an exercise in setting up the certificate and trust managers. For example:</p>
<div class="tab-wrap">
<input type="radio" id="connect_tls_go" name="connect_tls" class="tab" checked>
<label for="connect_tls_go" class="api-lang" data-language="go">Go</label>
<input type="radio" id="connect_tls_java" name="connect_tls" class="tab">
<label for="connect_tls_java" class="api-lang" data-language="java">Java</label>
<input type="radio" id="connect_tls_js" name="connect_tls" class="tab">
<label for="connect_tls_js" class="api-lang" data-language="js">JavaScript</label>
<input type="radio" id="connect_tls_py" name="connect_tls" class="tab">
<label for="connect_tls_py" class="api-lang" data-language="py">Python</label>
<input type="radio" id="connect_tls_ruby" name="connect_tls" class="tab">
<label for="connect_tls_ruby" class="api-lang" data-language="ruby">Ruby</label>
<input type="radio" id="connect_tls_ts" name="connect_tls" class="tab">
<label for="connect_tls_ts" class="api-lang" data-language="ts">TypeScript</label>
<div class="tab__content">
<pre id="connect_tls_go_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/go-nats-examples/blob/master/api-examples/connect_tls/main.go#L10-21"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-go">nc<span class="token punctuation">,</span> err <span class="token operator">:=</span> nats<span class="token punctuation">.</span><span class="token function">Connect</span><span class="token punctuation">(</span><span class="token string">&quot;localhost&quot;</span><span class="token punctuation">,</span>
nats<span class="token punctuation">.</span><span class="token function">ClientCert</span><span class="token punctuation">(</span><span class="token string">&quot;resources/certs/cert.pem&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;resources/certs/key.pem&quot;</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
nats<span class="token punctuation">.</span><span class="token function">RootCAs</span><span class="token punctuation">(</span><span class="token string">&quot;resources/certs/ca.pem&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span>
<span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
log<span class="token punctuation">.</span><span class="token function">Fatal</span><span class="token punctuation">(</span>err<span class="token punctuation">)</span>
<span class="token punctuation">}</span>
<span class="token keyword">defer</span> nc<span class="token punctuation">.</span><span class="token function">Close</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
<span class="token comment">// Do something with the connection</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_java_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/java-nats-examples/blob/master/src/main/java/io/nats/examples/ConnectTLS.java#L18-81"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-java"><span class="token keyword">class</span> <span class="token class-name">SSLUtils</span> <span class="token punctuation">{</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> KEYSTORE_PATH <span class="token operator">=</span> <span class="token string">&quot;src/main/resources/keystore.jks&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> TRUSTSTORE_PATH <span class="token operator">=</span> <span class="token string">&quot;src/main/resources/cacerts&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> STORE_PASSWORD <span class="token operator">=</span> <span class="token string">&quot;password&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> KEY_PASSWORD <span class="token operator">=</span> <span class="token string">&quot;password&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> ALGORITHM <span class="token operator">=</span> <span class="token string">&quot;SunX509&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">KeyStore</span> <span class="token function">loadKeystore</span><span class="token punctuation">(</span><span class="token class-name">String</span> path<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">KeyStore</span> store <span class="token operator">=</span> <span class="token class-name">KeyStore</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span><span class="token string">&quot;JKS&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">BufferedInputStream</span> in <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">BufferedInputStream</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">FileInputStream</span><span class="token punctuation">(</span>path<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">try</span> <span class="token punctuation">{</span>
store<span class="token punctuation">.</span><span class="token function">load</span><span class="token punctuation">(</span>in<span class="token punctuation">,</span> STORE_PASSWORD<span class="token punctuation">.</span><span class="token function">toCharArray</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">finally</span> <span class="token punctuation">{</span>
<span class="token keyword">if</span> <span class="token punctuation">(</span>in <span class="token operator">!=</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
in<span class="token punctuation">.</span><span class="token function">close</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token keyword">return</span> store<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">KeyManager</span><span class="token punctuation">[</span><span class="token punctuation">]</span> <span class="token function">createTestKeyManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">KeyStore</span> store <span class="token operator">=</span> <span class="token function">loadKeystore</span><span class="token punctuation">(</span>KEYSTORE_PATH<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">KeyManagerFactory</span> factory <span class="token operator">=</span> <span class="token class-name">KeyManagerFactory</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span>ALGORITHM<span class="token punctuation">)</span><span class="token punctuation">;</span>
factory<span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span>store<span class="token punctuation">,</span> KEY_PASSWORD<span class="token punctuation">.</span><span class="token function">toCharArray</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">return</span> factory<span class="token punctuation">.</span><span class="token function">getKeyManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">TrustManager</span><span class="token punctuation">[</span><span class="token punctuation">]</span> <span class="token function">createTestTrustManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">KeyStore</span> store <span class="token operator">=</span> <span class="token function">loadKeystore</span><span class="token punctuation">(</span>TRUSTSTORE_PATH<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">TrustManagerFactory</span> factory <span class="token operator">=</span> <span class="token class-name">TrustManagerFactory</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span>ALGORITHM<span class="token punctuation">)</span><span class="token punctuation">;</span>
factory<span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span>store<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">return</span> factory<span class="token punctuation">.</span><span class="token function">getTrustManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">SSLContext</span> <span class="token function">createSSLContext</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">SSLContext</span> ctx <span class="token operator">=</span> <span class="token class-name">SSLContext</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span><span class="token class-name">Options</span><span class="token punctuation">.</span>DEFAULT_SSL_PROTOCOL<span class="token punctuation">)</span><span class="token punctuation">;</span>
ctx<span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span><span class="token function">createTestKeyManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token function">createTestTrustManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">SecureRandom</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">return</span> ctx<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">ConnectTLS</span> <span class="token punctuation">{</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">void</span> <span class="token function">main</span><span class="token punctuation">(</span><span class="token class-name">String</span><span class="token punctuation">[</span><span class="token punctuation">]</span> args<span class="token punctuation">)</span> <span class="token punctuation">{</span>
<span class="token keyword">try</span> <span class="token punctuation">{</span>
<span class="token class-name">SSLContext</span> ctx <span class="token operator">=</span> <span class="token class-name">SSLUtils</span><span class="token punctuation">.</span><span class="token function">createSSLContext</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">Options</span> options <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">Options</span><span class="token punctuation">.</span><span class="token class-name">Builder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span>
<span class="token function">server</span><span class="token punctuation">(</span><span class="token string">&quot;nats://localhost:4222&quot;</span><span class="token punctuation">)</span><span class="token punctuation">.</span>
<span class="token function">sslContext</span><span class="token punctuation">(</span>ctx<span class="token punctuation">)</span><span class="token punctuation">.</span> <span class="token comment">// Set the SSL context</span>
<span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">Connection</span> nc <span class="token operator">=</span> <span class="token class-name">Nats</span><span class="token punctuation">.</span><span class="token function">connect</span><span class="token punctuation">(</span>options<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token comment">// Do something with the connection</span>
nc<span class="token punctuation">.</span><span class="token function">close</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">Exception</span> e<span class="token punctuation">)</span> <span class="token punctuation">{</span>
e<span class="token punctuation">.</span><span class="token function">printStackTrace</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_js_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/node-nats-examples/blob/master/src/tls_samples.js#L44-56"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-javascript"><span class="token keyword">let</span> caCert <span class="token operator">=</span> fs<span class="token punctuation">.</span><span class="token function">readFileSync</span><span class="token punctuation">(</span>caCertPath<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">let</span> clientCert <span class="token operator">=</span> fs<span class="token punctuation">.</span><span class="token function">readFileSync</span><span class="token punctuation">(</span>clientCertPath<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">let</span> clientKey <span class="token operator">=</span> fs<span class="token punctuation">.</span><span class="token function">readFileSync</span><span class="token punctuation">(</span>clientKeyPath<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">let</span> nc <span class="token operator">=</span> <span class="token constant">NATS</span><span class="token punctuation">.</span><span class="token function">connect</span><span class="token punctuation">(</span><span class="token punctuation">{</span>
url<span class="token punctuation">:</span> url<span class="token punctuation">,</span>
tls<span class="token punctuation">:</span> <span class="token punctuation">{</span>
ca<span class="token punctuation">:</span> <span class="token punctuation">[</span>caCert<span class="token punctuation">]</span><span class="token punctuation">,</span>
key<span class="token punctuation">:</span> <span class="token punctuation">[</span>clientKey<span class="token punctuation">]</span><span class="token punctuation">,</span>
cert<span class="token punctuation">:</span> <span class="token punctuation">[</span>clientCert<span class="token punctuation">]</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_py_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/asyncio-nats-examples/blob/master/connect_tls.py#L7-20"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-python">nc <span class="token operator">=</span> NATS<span class="token punctuation">(</span><span class="token punctuation">)</span>
ssl_ctx <span class="token operator">=</span> ssl<span class="token punctuation">.</span>create_default_context<span class="token punctuation">(</span>purpose<span class="token operator">=</span>ssl<span class="token punctuation">.</span>Purpose<span class="token punctuation">.</span>SERVER_AUTH<span class="token punctuation">)</span>
ssl_ctx<span class="token punctuation">.</span>load_verify_locations<span class="token punctuation">(</span><span class="token string">&apos;ca.pem&apos;</span><span class="token punctuation">)</span>
ssl_ctx<span class="token punctuation">.</span>load_cert_chain<span class="token punctuation">(</span>certfile<span class="token operator">=</span><span class="token string">&apos;client-cert.pem&apos;</span><span class="token punctuation">,</span>
keyfile<span class="token operator">=</span><span class="token string">&apos;client-key.pem&apos;</span><span class="token punctuation">)</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>connect<span class="token punctuation">(</span>io_loop<span class="token operator">=</span>loop<span class="token punctuation">,</span> tls<span class="token operator">=</span>ssl_ctx<span class="token punctuation">)</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>connect<span class="token punctuation">(</span>servers<span class="token operator">=</span><span class="token punctuation">[</span><span class="token string">&quot;nats://demo.nats.io:4222&quot;</span><span class="token punctuation">]</span><span class="token punctuation">,</span> tls<span class="token operator">=</span>ssl_ctx<span class="token punctuation">)</span>
<span class="token comment"># Do something with the connection.</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_ruby_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/ruby-nats-examples/blob/master/connect_tls.rb#L3-51"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-ruby"><span class="token constant">EM</span><span class="token punctuation">.</span>run <span class="token keyword">do</span>
options <span class="token operator">=</span> <span class="token punctuation">{</span>
<span class="token symbol">:servers</span> <span class="token operator">=</span><span class="token operator">&gt;</span> <span class="token punctuation">[</span>
<span class="token string">&apos;nats://localhost:4222&apos;</span><span class="token punctuation">,</span>
<span class="token punctuation">]</span><span class="token punctuation">,</span>
<span class="token symbol">:tls</span> <span class="token operator">=</span><span class="token operator">&gt;</span> <span class="token punctuation">{</span>
<span class="token symbol">:private_key_file</span> <span class="token operator">=</span><span class="token operator">&gt;</span> <span class="token string">&apos;./spec/configs/certs/key.pem&apos;</span><span class="token punctuation">,</span>
<span class="token symbol">:cert_chain_file</span> <span class="token operator">=</span><span class="token operator">&gt;</span> <span class="token string">&apos;./spec/configs/certs/server.pem&apos;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token constant">NATS</span><span class="token punctuation">.</span>connect<span class="token punctuation">(</span>options<span class="token punctuation">)</span> <span class="token keyword">do</span> <span class="token operator">|</span>nc<span class="token operator">|</span>
puts <span class="token string">&quot;<span class="token interpolation"><span class="token delimiter tag">#{</span><span class="token builtin">Time</span><span class="token punctuation">.</span>now<span class="token punctuation">.</span>to_f<span class="token delimiter tag">}</span></span> - Connected to NATS at <span class="token interpolation"><span class="token delimiter tag">#{</span>nc<span class="token punctuation">.</span>connected_server<span class="token delimiter tag">}</span></span>&quot;</span>
nc<span class="token punctuation">.</span>subscribe<span class="token punctuation">(</span><span class="token string">&quot;hello&quot;</span><span class="token punctuation">)</span> <span class="token keyword">do</span> <span class="token operator">|</span>msg<span class="token operator">|</span>
puts <span class="token string">&quot;<span class="token interpolation"><span class="token delimiter tag">#{</span><span class="token builtin">Time</span><span class="token punctuation">.</span>now<span class="token punctuation">.</span>to_f<span class="token delimiter tag">}</span></span> - Received: <span class="token interpolation"><span class="token delimiter tag">#{</span>msg<span class="token delimiter tag">}</span></span>&quot;</span>
<span class="token keyword">end</span>
nc<span class="token punctuation">.</span>flush <span class="token keyword">do</span>
nc<span class="token punctuation">.</span>publish<span class="token punctuation">(</span><span class="token string">&quot;hello&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;world&quot;</span><span class="token punctuation">)</span>
<span class="token keyword">end</span>
<span class="token constant">EM</span><span class="token punctuation">.</span>add_periodic_timer<span class="token punctuation">(</span><span class="token number">0.1</span><span class="token punctuation">)</span> <span class="token keyword">do</span>
<span class="token keyword">next</span> <span class="token keyword">unless</span> nc<span class="token punctuation">.</span>connected<span class="token operator">?</span>
nc<span class="token punctuation">.</span>publish<span class="token punctuation">(</span><span class="token string">&quot;hello&quot;</span><span class="token punctuation">,</span> <span class="token string">&quot;hello&quot;</span><span class="token punctuation">)</span>
<span class="token keyword">end</span>
<span class="token comment"># Set default callbacks</span>
nc<span class="token punctuation">.</span>on_error <span class="token keyword">do</span> <span class="token operator">|</span>e<span class="token operator">|</span>
puts <span class="token string">&quot;<span class="token interpolation"><span class="token delimiter tag">#{</span><span class="token builtin">Time</span><span class="token punctuation">.</span>now<span class="token punctuation">.</span>to_f <span class="token delimiter tag">}</span></span> - Error: <span class="token interpolation"><span class="token delimiter tag">#{</span>e<span class="token delimiter tag">}</span></span>&quot;</span>
<span class="token keyword">end</span>
nc<span class="token punctuation">.</span>on_disconnect <span class="token keyword">do</span> <span class="token operator">|</span>reason<span class="token operator">|</span>
puts <span class="token string">&quot;<span class="token interpolation"><span class="token delimiter tag">#{</span><span class="token builtin">Time</span><span class="token punctuation">.</span>now<span class="token punctuation">.</span>to_f<span class="token delimiter tag">}</span></span> - Disconnected: <span class="token interpolation"><span class="token delimiter tag">#{</span>reason<span class="token delimiter tag">}</span></span>&quot;</span>
<span class="token keyword">end</span>
nc<span class="token punctuation">.</span>on_reconnect <span class="token keyword">do</span> <span class="token operator">|</span>nc<span class="token operator">|</span>
puts <span class="token string">&quot;<span class="token interpolation"><span class="token delimiter tag">#{</span><span class="token builtin">Time</span><span class="token punctuation">.</span>now<span class="token punctuation">.</span>to_f<span class="token delimiter tag">}</span></span> - Reconnected to NATS server at <span class="token interpolation"><span class="token delimiter tag">#{</span>nc<span class="token punctuation">.</span>connected_server<span class="token delimiter tag">}</span></span>&quot;</span>
<span class="token keyword">end</span>
nc<span class="token punctuation">.</span>on_close <span class="token keyword">do</span>
puts <span class="token string">&quot;<span class="token interpolation"><span class="token delimiter tag">#{</span><span class="token builtin">Time</span><span class="token punctuation">.</span>now<span class="token punctuation">.</span>to_f<span class="token delimiter tag">}</span></span> - Connection to NATS closed&quot;</span>
<span class="token constant">EM</span><span class="token punctuation">.</span>stop
<span class="token keyword">end</span>
<span class="token keyword">end</span>
<span class="token keyword">end</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_ts_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/ts-nats-examples/blob/master/src/tls_samples.ts#L40-52"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-javascript"><span class="token keyword">let</span> caCert <span class="token operator">=</span> <span class="token function">readFileSync</span><span class="token punctuation">(</span>caCertPath<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">let</span> clientCert <span class="token operator">=</span> <span class="token function">readFileSync</span><span class="token punctuation">(</span>clientCertPath<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">let</span> clientKey <span class="token operator">=</span> <span class="token function">readFileSync</span><span class="token punctuation">(</span>clientKeyPath<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">let</span> nc <span class="token operator">=</span> <span class="token keyword">await</span> <span class="token function">connect</span><span class="token punctuation">(</span><span class="token punctuation">{</span>
url<span class="token punctuation">:</span> url<span class="token punctuation">,</span>
tls<span class="token punctuation">:</span> <span class="token punctuation">{</span>
ca<span class="token punctuation">:</span> <span class="token punctuation">[</span>caCert<span class="token punctuation">]</span><span class="token punctuation">,</span>
key<span class="token punctuation">:</span> <span class="token punctuation">[</span>clientKey<span class="token punctuation">]</span><span class="token punctuation">,</span>
cert<span class="token punctuation">:</span> <span class="token punctuation">[</span>clientCert<span class="token punctuation">]</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
</code></pre>
</div>
</div>
<h2 id="connecting-with-the-tls-protocol"><a name="connecting-with-the-tls-protocol" class="plugin-anchor" href="#connecting-with-the-tls-protocol"><i class="fa fa-link" aria-hidden="true"></i></a>Connecting with the TLS Protocol</h2>
<p>Some clients may support the <code>tls</code> protocol as well as a manual setting to turn on TLS. However, in that case there is likely some form of default or environmental settings to allow the TLS libraries to find certificate and trust stores.</p>
<div class="tab-wrap">
<input type="radio" id="connect_tls_url_go" name="connect_tls_url" class="tab" checked>
<label for="connect_tls_url_go" class="api-lang" data-language="go">Go</label>
<input type="radio" id="connect_tls_url_java" name="connect_tls_url" class="tab">
<label for="connect_tls_url_java" class="api-lang" data-language="java">Java</label>
<input type="radio" id="connect_tls_url_js" name="connect_tls_url" class="tab">
<label for="connect_tls_url_js" class="api-lang" data-language="js">JavaScript</label>
<input type="radio" id="connect_tls_url_py" name="connect_tls_url" class="tab">
<label for="connect_tls_url_py" class="api-lang" data-language="py">Python</label>
<input type="radio" id="connect_tls_url_ruby" name="connect_tls_url" class="tab">
<label for="connect_tls_url_ruby" class="api-lang" data-language="ruby">Ruby</label>
<input type="radio" id="connect_tls_url_ts" name="connect_tls_url" class="tab">
<label for="connect_tls_url_ts" class="api-lang" data-language="ts">TypeScript</label>
<div class="tab__content">
<pre id="connect_tls_url_go_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/go-nats-examples/blob/master/api-examples/connect_tls_url/main.go#L10-21"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-go">nc<span class="token punctuation">,</span> err <span class="token operator">:=</span> nats<span class="token punctuation">.</span><span class="token function">Connect</span><span class="token punctuation">(</span><span class="token string">&quot;localhost&quot;</span><span class="token punctuation">,</span>
nats<span class="token punctuation">.</span><span class="token function">Secure</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span>
nats<span class="token punctuation">.</span><span class="token function">RootCAs</span><span class="token punctuation">(</span><span class="token string">&quot;resources/certs/ca.pem&quot;</span><span class="token punctuation">)</span><span class="token punctuation">)</span> <span class="token comment">// May need this if server is using self-signed certificate</span>
<span class="token keyword">if</span> err <span class="token operator">!=</span> <span class="token boolean">nil</span> <span class="token punctuation">{</span>
log<span class="token punctuation">.</span><span class="token function">Fatal</span><span class="token punctuation">(</span>err<span class="token punctuation">)</span>
<span class="token punctuation">}</span>
<span class="token keyword">defer</span> nc<span class="token punctuation">.</span><span class="token function">Close</span><span class="token punctuation">(</span><span class="token punctuation">)</span>
<span class="token comment">// Do something with the connection</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_url_java_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/java-nats-examples/blob/master/src/main/java/io/nats/examples/ConnectTLSURL.java#L18-80"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-java"><span class="token keyword">class</span> <span class="token class-name">SSLUtils2</span> <span class="token punctuation">{</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> KEYSTORE_PATH <span class="token operator">=</span> <span class="token string">&quot;src/main/resources/keystore.jks&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> TRUSTSTORE_PATH <span class="token operator">=</span> <span class="token string">&quot;src/main/resources/cacerts&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> STORE_PASSWORD <span class="token operator">=</span> <span class="token string">&quot;password&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> KEY_PASSWORD <span class="token operator">=</span> <span class="token string">&quot;password&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">String</span> ALGORITHM <span class="token operator">=</span> <span class="token string">&quot;SunX509&quot;</span><span class="token punctuation">;</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">KeyStore</span> <span class="token function">loadKeystore</span><span class="token punctuation">(</span><span class="token class-name">String</span> path<span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">KeyStore</span> store <span class="token operator">=</span> <span class="token class-name">KeyStore</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span><span class="token string">&quot;JKS&quot;</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">BufferedInputStream</span> in <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">BufferedInputStream</span><span class="token punctuation">(</span><span class="token keyword">new</span> <span class="token class-name">FileInputStream</span><span class="token punctuation">(</span>path<span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">try</span> <span class="token punctuation">{</span>
store<span class="token punctuation">.</span><span class="token function">load</span><span class="token punctuation">(</span>in<span class="token punctuation">,</span> STORE_PASSWORD<span class="token punctuation">.</span><span class="token function">toCharArray</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">finally</span> <span class="token punctuation">{</span>
<span class="token keyword">if</span> <span class="token punctuation">(</span>in <span class="token operator">!=</span> <span class="token keyword">null</span><span class="token punctuation">)</span> <span class="token punctuation">{</span>
in<span class="token punctuation">.</span><span class="token function">close</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token keyword">return</span> store<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">KeyManager</span><span class="token punctuation">[</span><span class="token punctuation">]</span> <span class="token function">createTestKeyManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">KeyStore</span> store <span class="token operator">=</span> <span class="token function">loadKeystore</span><span class="token punctuation">(</span>KEYSTORE_PATH<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">KeyManagerFactory</span> factory <span class="token operator">=</span> <span class="token class-name">KeyManagerFactory</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span>ALGORITHM<span class="token punctuation">)</span><span class="token punctuation">;</span>
factory<span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span>store<span class="token punctuation">,</span> KEY_PASSWORD<span class="token punctuation">.</span><span class="token function">toCharArray</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">return</span> factory<span class="token punctuation">.</span><span class="token function">getKeyManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">TrustManager</span><span class="token punctuation">[</span><span class="token punctuation">]</span> <span class="token function">createTestTrustManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">KeyStore</span> store <span class="token operator">=</span> <span class="token function">loadKeystore</span><span class="token punctuation">(</span>TRUSTSTORE_PATH<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">TrustManagerFactory</span> factory <span class="token operator">=</span> <span class="token class-name">TrustManagerFactory</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span>ALGORITHM<span class="token punctuation">)</span><span class="token punctuation">;</span>
factory<span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span>store<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">return</span> factory<span class="token punctuation">.</span><span class="token function">getTrustManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token class-name">SSLContext</span> <span class="token function">createSSLContext</span><span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">throws</span> <span class="token class-name">Exception</span> <span class="token punctuation">{</span>
<span class="token class-name">SSLContext</span> ctx <span class="token operator">=</span> <span class="token class-name">SSLContext</span><span class="token punctuation">.</span><span class="token function">getInstance</span><span class="token punctuation">(</span><span class="token class-name">Options</span><span class="token punctuation">.</span>DEFAULT_SSL_PROTOCOL<span class="token punctuation">)</span><span class="token punctuation">;</span>
ctx<span class="token punctuation">.</span><span class="token function">init</span><span class="token punctuation">(</span><span class="token function">createTestKeyManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token function">createTestTrustManagers</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">,</span> <span class="token keyword">new</span> <span class="token class-name">SecureRandom</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token keyword">return</span> ctx<span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token keyword">public</span> <span class="token keyword">class</span> <span class="token class-name">ConnectTLSURL</span> <span class="token punctuation">{</span>
<span class="token keyword">public</span> <span class="token keyword">static</span> <span class="token keyword">void</span> <span class="token function">main</span><span class="token punctuation">(</span><span class="token class-name">String</span><span class="token punctuation">[</span><span class="token punctuation">]</span> args<span class="token punctuation">)</span> <span class="token punctuation">{</span>
<span class="token keyword">try</span> <span class="token punctuation">{</span>
<span class="token class-name">SSLContext</span><span class="token punctuation">.</span><span class="token function">setDefault</span><span class="token punctuation">(</span><span class="token class-name">SSLUtils2</span><span class="token punctuation">.</span><span class="token function">createSSLContext</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">)</span><span class="token punctuation">;</span> <span class="token comment">// Set the default context</span>
<span class="token class-name">Options</span> options <span class="token operator">=</span> <span class="token keyword">new</span> <span class="token class-name">Options</span><span class="token punctuation">.</span><span class="token class-name">Builder</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">.</span>
<span class="token function">server</span><span class="token punctuation">(</span><span class="token string">&quot;tls://localhost:4222&quot;</span><span class="token punctuation">)</span><span class="token punctuation">.</span> <span class="token comment">// Use the TLS protocol</span>
<span class="token function">build</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token class-name">Connection</span> nc <span class="token operator">=</span> <span class="token class-name">Nats</span><span class="token punctuation">.</span><span class="token function">connect</span><span class="token punctuation">(</span>options<span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token comment">// Do something with the connection</span>
nc<span class="token punctuation">.</span><span class="token function">close</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span> <span class="token keyword">catch</span> <span class="token punctuation">(</span><span class="token class-name">Exception</span> e<span class="token punctuation">)</span> <span class="token punctuation">{</span>
e<span class="token punctuation">.</span><span class="token function">printStackTrace</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token punctuation">}</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_url_js_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/node-nats-examples/blob/master/src/tls_samples.js#L26-31"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-javascript"><span class="token keyword">let</span> nc <span class="token operator">=</span> <span class="token constant">NATS</span><span class="token punctuation">.</span><span class="token function">connect</span><span class="token punctuation">(</span><span class="token punctuation">{</span>
url<span class="token punctuation">:</span> <span class="token string">&quot;tls://demo.nats.io:4443&quot;</span><span class="token punctuation">,</span>
tls<span class="token punctuation">:</span> <span class="token boolean">true</span>
<span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_url_py_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/asyncio-nats-examples/blob/master/connect_tls_url.py#L1-37"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-python"><span class="token keyword">import</span> asyncio
<span class="token keyword">import</span> ssl
<span class="token keyword">import</span> certifi
<span class="token keyword">from</span> nats<span class="token punctuation">.</span>aio<span class="token punctuation">.</span>client <span class="token keyword">import</span> Client <span class="token keyword">as</span> NATS
<span class="token keyword">from</span> nats<span class="token punctuation">.</span>aio<span class="token punctuation">.</span>errors <span class="token keyword">import</span> ErrTimeout
<span class="token keyword">async</span> <span class="token keyword">def</span> <span class="token function">run</span><span class="token punctuation">(</span>loop<span class="token punctuation">)</span><span class="token punctuation">:</span>
nc <span class="token operator">=</span> NATS<span class="token punctuation">(</span><span class="token punctuation">)</span>
<span class="token comment"># If using Python 3.7 in OS X and getting SSL errors, run first:</span>
<span class="token comment">#</span>
<span class="token comment"># /Applications/Python\ 3.7/Install\ Certificates.command</span>
<span class="token comment">#</span>
<span class="token comment"># Setting the tls as the scheme will use same defaults as `ssl.create_default_context()`</span>
<span class="token comment">#</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>connect<span class="token punctuation">(</span><span class="token string">&quot;tls://demo.nats.io:4443&quot;</span><span class="token punctuation">,</span> loop<span class="token operator">=</span>loop<span class="token punctuation">)</span>
<span class="token keyword">async</span> <span class="token keyword">def</span> <span class="token function">message_handler</span><span class="token punctuation">(</span>msg<span class="token punctuation">)</span><span class="token punctuation">:</span>
subject <span class="token operator">=</span> msg<span class="token punctuation">.</span>subject
reply <span class="token operator">=</span> msg<span class="token punctuation">.</span>reply
data <span class="token operator">=</span> msg<span class="token punctuation">.</span>data<span class="token punctuation">.</span>decode<span class="token punctuation">(</span><span class="token punctuation">)</span>
<span class="token keyword">print</span><span class="token punctuation">(</span><span class="token string">&quot;Received a message on &apos;{subject} {reply}&apos;: {data}&quot;</span><span class="token punctuation">.</span><span class="token builtin">format</span><span class="token punctuation">(</span>
subject<span class="token operator">=</span>subject<span class="token punctuation">,</span> reply<span class="token operator">=</span>reply<span class="token punctuation">,</span> data<span class="token operator">=</span>data<span class="token punctuation">)</span><span class="token punctuation">)</span>
<span class="token comment"># Simple publisher and async subscriber via coroutine.</span>
sid <span class="token operator">=</span> <span class="token keyword">await</span> nc<span class="token punctuation">.</span>subscribe<span class="token punctuation">(</span><span class="token string">&quot;foo&quot;</span><span class="token punctuation">,</span> cb<span class="token operator">=</span>message_handler<span class="token punctuation">)</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>flush<span class="token punctuation">(</span><span class="token punctuation">)</span>
<span class="token comment"># Stop receiving after 2 messages.</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>auto_unsubscribe<span class="token punctuation">(</span>sid<span class="token punctuation">,</span> <span class="token number">2</span><span class="token punctuation">)</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>publish<span class="token punctuation">(</span><span class="token string">&quot;foo&quot;</span><span class="token punctuation">,</span> <span class="token string">b&apos;Hello&apos;</span><span class="token punctuation">)</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>publish<span class="token punctuation">(</span><span class="token string">&quot;foo&quot;</span><span class="token punctuation">,</span> <span class="token string">b&apos;World&apos;</span><span class="token punctuation">)</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>publish<span class="token punctuation">(</span><span class="token string">&quot;foo&quot;</span><span class="token punctuation">,</span> <span class="token string">b&apos;!!!!!&apos;</span><span class="token punctuation">)</span>
<span class="token keyword">await</span> asyncio<span class="token punctuation">.</span>sleep<span class="token punctuation">(</span><span class="token number">1</span><span class="token punctuation">,</span> loop<span class="token operator">=</span>loop<span class="token punctuation">)</span>
<span class="token keyword">await</span> nc<span class="token punctuation">.</span>close<span class="token punctuation">(</span><span class="token punctuation">)</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_url_ruby_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/ruby-nats-examples/blob/master/connect_tls_url.rb#L3-19"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-ruby"><span class="token constant">EM</span><span class="token punctuation">.</span>run <span class="token keyword">do</span>
<span class="token comment"># In order to use TLS with the Ruby NATS client, use the :tls option</span>
<span class="token comment"># when customizing the connection with an empty block.</span>
options <span class="token operator">=</span> <span class="token punctuation">{</span>
<span class="token symbol">:servers</span> <span class="token operator">=</span><span class="token operator">&gt;</span> <span class="token punctuation">[</span>
<span class="token string">&apos;nats://demo.nats.io:4443&apos;</span><span class="token punctuation">,</span>
<span class="token punctuation">]</span><span class="token punctuation">,</span>
<span class="token symbol">:tls</span> <span class="token operator">=</span><span class="token operator">&gt;</span> <span class="token punctuation">{</span><span class="token punctuation">}</span>
<span class="token punctuation">}</span>
<span class="token constant">NATS</span><span class="token punctuation">.</span>connect<span class="token punctuation">(</span>options<span class="token punctuation">)</span> <span class="token keyword">do</span> <span class="token operator">|</span>nc<span class="token operator">|</span>
puts <span class="token symbol">:connected</span>
<span class="token keyword">end</span>
<span class="token keyword">end</span>
</code></pre>
</div>
<div class="tab__content">
<pre id="connect_tls_url_ts_content"><a class="toolbar-icons pull-right" target="_blank" href="https://github.com/nats-io/ts-nats-examples/blob/master/src/tls_samples.ts#L26-33"><i class="mdi mdi-github-circle" title="View on GitHub"></i></a><a class="toolbar-icons pull-right"><i class="mdi mdi-content-copy js-copy" title="Copy to Clipboard"></i></a><span class="copy-msg pull-right"></span><code class="language-javascript"><span class="token comment">// will throw an exception if connection fails</span>
<span class="token keyword">let</span> nc <span class="token operator">=</span> <span class="token keyword">await</span> <span class="token function">connect</span><span class="token punctuation">(</span><span class="token punctuation">{</span>
url<span class="token punctuation">:</span> <span class="token string">&quot;tls://demo.nats.io:4443&quot;</span>
<span class="token punctuation">}</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
nc<span class="token punctuation">.</span><span class="token function">close</span><span class="token punctuation">(</span><span class="token punctuation">)</span><span class="token punctuation">;</span>
</code></pre>
</div>
</div>
</section>
</div>
<div class="search-results">
<div class="has-results">
<h1 class="search-results-title"><span class='search-results-count'></span> results matching "<span class='search-query'></span>"</h1>
<ul class="search-results-list"></ul>
</div>
<div class="no-results">
<h1 class="search-results-title">No results matching "<span class='search-query'></span>"</h1>
</div>
</div>
</div>
</div>
</div>
</div>
<a href="creds.html" class="navigation navigation-prev " aria-label="Previous page: Authenticating with a Credentials File">
<i class="fa fa-angle-left"></i>
</a>
<a href="../receiving/intro.html" class="navigation navigation-next " aria-label="Next page: Receiving Messages">
<i class="fa fa-angle-right"></i>
</a>
</div>
<script>
var gitbook = gitbook || [];
gitbook.push(function() {
gitbook.page.hasChanged({"page":{"title":"Encrypting Connections with TLS","level":"3.4.5","depth":2,"next":{"title":"Receiving Messages","level":"3.5","depth":1,"path":"developer/receiving/intro.md","ref":"developer/receiving/intro.md","articles":[{"title":"Synchronous Subscriptions","level":"3.5.1","depth":2,"path":"developer/receiving/sync.md","ref":"developer/receiving/sync.md","articles":[]},{"title":"Asynchronous Subscriptions","level":"3.5.2","depth":2,"path":"developer/receiving/async.md","ref":"developer/receiving/async.md","articles":[]},{"title":"Unsubscribing","level":"3.5.3","depth":2,"path":"developer/receiving/unsubscribing.md","ref":"developer/receiving/unsubscribing.md","articles":[]},{"title":"Unsubscribing After N Messages","level":"3.5.4","depth":2,"path":"developer/receiving/unsub_after.md","ref":"developer/receiving/unsub_after.md","articles":[]},{"title":"Replying to a Message","level":"3.5.5","depth":2,"path":"developer/receiving/reply.md","ref":"developer/receiving/reply.md","articles":[]},{"title":"Wildcard Subscriptions","level":"3.5.6","depth":2,"path":"developer/receiving/wildcards.md","ref":"developer/receiving/wildcards.md","articles":[]},{"title":"Queue Subscriptions","level":"3.5.7","depth":2,"path":"developer/receiving/queues.md","ref":"developer/receiving/queues.md","articles":[]},{"title":"Draining Messages Before Disconnect","level":"3.5.8","depth":2,"path":"developer/receiving/drain.md","ref":"developer/receiving/drain.md","articles":[]},{"title":"Structured Data","level":"3.5.9","depth":2,"path":"developer/receiving/structure.md","ref":"developer/receiving/structure.md","articles":[]}]},"previous":{"title":"Authenticating with a Credentials File","level":"3.4.4","depth":2,"path":"developer/security/creds.md","ref":"developer/security/creds.md","articles":[]},"dir":"ltr"},"config":{"plugins":["prism","-sharing","-highlight","include-html","toggle-chapters","anchors"],"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"pluginsConfig":{"prism":{"lang":{"ascii":"markup","text":"markup"}},"include-html":{},"toggle-chapters":{},"anchors":{},"search":{},"lunr":{"maxIndexSize":1000000,"ignoreSpecialCharacters":false},"fontsettings":{"theme":"white","family":"sans","size":2},"theme-default":{"styles":{"website":"styles/website.css","pdf":"styles/pdf.css","epub":"styles/epub.css","mobi":"styles/mobi.css","ebook":"styles/ebook.css","print":"styles/print.css"},"showLevel":false}},"theme":"default","author":"The NATS Maintainers","pdf":{"pageNumbers":true,"fontSize":12,"fontFamily":"Arial","paperSize":"a4","chapterMark":"pagebreak","pageBreaksBefore":"/","margin":{"right":62,"left":62,"top":56,"bottom":56}},"structure":{"langs":"LANGS.md","readme":"README.md","glossary":"GLOSSARY.md","summary":"SUMMARY.md"},"variables":{},"title":"NATS","gitbook":"*","description":"Administrative, developer and conceptual documentation for the NATS messaging system."},"file":{"path":"developer/security/tls.md","mtime":"2019-05-30T21:51:29.776Z","type":"markdown"},"gitbook":{"version":"3.2.3","time":"2019-05-30T23:27:21.986Z"},"basePath":"../..","book":{"language":""}});
});
</script>
</div>
<!-- Viz Support -->
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/2.1.2/viz.js"> </script>
<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/viz.js/2.1.2/lite.render.js"> </script>
<!-- Site code -->
<script>
function flash(elem, text, speed) {
if (!elem) {
return;
}
var s = elem.style;
elem.textContent = text;
s.display = 'block';
s.opacity = 1;
(function fade() {
(s.opacity -= .1) < .1 ? s.display = "none" : setTimeout(fade, speed)
})();
}
function copyToClipboard(text, el) {
var copyTest = document.queryCommandSupported('copy');
var elOriginalText = el.getAttribute('data-original-title');
if (copyTest === true) {
var copyTextArea = document.createElement("textarea");
copyTextArea.value = text;
document.body.appendChild(copyTextArea);
copyTextArea.select();
try {
var successful = document.execCommand('copy');
var msg = successful ? 'Copied!' : 'Whoops, not copied!';
var parent = el.parentNode.parentNode;
var msgElem = parent.querySelector(".copy-msg");
flash(msgElem, msg, 100);
} catch (err) {
console.log('Oops, unable to copy', err);
}
document.body.removeChild(copyTextArea);
el.setAttribute('data-original-title', elOriginalText);
} else {
// Fallback if browser doesn't support .execCommand('copy')
window.prompt("Copy to clipboard: Ctrl+C or Command+C, Enter", text);
}
}
function processGraphVizSections(elements) {
var elements = document.querySelectorAll("[data-viz]");
var viz = new Viz();
Array.prototype.forEach.call(elements, function (x) {
var engine = x.getAttribute("data-viz");
var image = viz.renderImageElement(x.innerText, {
format: "png",
engine: engine
}).then(function (element) {
x.parentNode.insertBefore(element, x);
});
});
};
function updateLanguageParameter(value) {
const param = "lang";
if (window.location.href.indexOf("?") >= 0) {
const regExp = new RegExp(param + "(.+?)(&|$)", "g");
const newUrl = window.location.href.replace(regExp, param + "=" + encodeURIComponent(value) + "$2");
window.history.pushState("", "", newUrl);
} else {
const newUrl = window.location.href + "?" + param + "=" + encodeURIComponent(value);
window.history.pushState("", "", newUrl);
}
}
function getLanguageParameter() {
var match = RegExp('[?&]lang=([^&]*)').exec(window.location.search);
return match && decodeURIComponent(match[1].replace(/\+/g, ' '));
}
function docReady() {
window.gitbook.events.bind("page.change", function () {
pageChanged();
});
}
function pageChanged() {
var logos = document.querySelectorAll(".nats");
if (logos && logos.length == 0) {
gitbook.toolbar.createButton({
icon: 'nats',
label: 'NATS Home Page',
position: 'right',
onClick: function () {
var win = window.open("https://nats.io/", '_blank');
win.focus();
}
});
}
document.querySelectorAll('.js-copy').forEach(elem => {
elem.addEventListener("click", function () {
var el = this;
var parent = this.parentNode.parentNode;
var code = parent.querySelector('code');
var text = code.textContent || code.innerText;
copyToClipboard(text, el);
})
});
document.querySelectorAll('.api-lang').forEach(elem => {
elem.addEventListener("click", function () {
var curLang = sessionStorage.getItem('nats-api-language');
var lang = this.getAttribute('data-language');
// Stop the infinite loop
if (curLang == lang) {
return;
}
sessionStorage.setItem('nats-api-language', lang); // So we only do this 1x
updateLanguageParameter(lang)
document.querySelectorAll('.api-lang[data-language=' + lang + ']').forEach(elem => {
elem.click();
});
})
});
if (sessionStorage) {
var curLang = sessionStorage.getItem('nats-api-language');
var queryLang = getLanguageParameter();
var lang = curLang;
if (queryLang) { // query takes precedent
lang = queryLang
}
if (lang) {
document.querySelectorAll('.api-lang[data-language=' + lang + ']').forEach(elem => {
elem.click();
});
}
}
setTimeout(function () {
processGraphVizSections();
}, 1);
}
if (document.readyState != 'loading') docReady();
else if (document.addEventListener) document.addEventListener('DOMContentLoaded', docReady);
else document.attachEvent('onreadystatechange', function () {
if (document.readyState == 'complete') docReady();
});
</script>
<!-- Github Buttons -->
<script async defer src="https://buttons.github.io/buttons.js"></script>
<!-- Styles -->
<style>
.nats {
display: inline-block;
width: 16px;
height: 16px;
background: url(https://nats.io/img/nats-icon-color.svg);
background-size: 16px 16px;
}
div.graphviz {
background: transparent;
border: 0;
padding-top: 15px;
padding-right: 15px;
padding-bottom: 25px;
padding-left: 15px;
text-align: center;
}
code[data-viz] {
display: none;
}
.tab-wrap {
transition: 0.3s box-shadow ease;
border-radius: 6px;
max-width: 100%;
display: flex;
flex-wrap: wrap;
position: relative;
list-style: none;
background-color: #fff;
margin: 20px 0;
/* box-shadow: 0 1px 3px rgba(0, 0, 0, 0.12), 0 1px 2px rgba(0, 0, 0, 0.24);*/
}
.tab-wrap:hover {
box-shadow: 0 12px 23px rgba(0, 0, 0, 0.23), 0 10px 10px rgba(0, 0, 0, 0.19);
}
.tab {
display: none;
}
/* Using scss these would be generated, we have to manually create enough for all tabs, start with 8 */
.tab:checked:nth-of-type(1)~.tab__content:nth-of-type(1) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(2)~.tab__content:nth-of-type(2) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(3)~.tab__content:nth-of-type(3) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(4)~.tab__content:nth-of-type(4) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(5)~.tab__content:nth-of-type(5) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(6)~.tab__content:nth-of-type(6) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(7)~.tab__content:nth-of-type(7) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:checked:nth-of-type(8)~.tab__content:nth-of-type(8) {
opacity: 1;
transition: 0.5s opacity ease-in, 0.8s -webkit-transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease;
transition: 0.5s opacity ease-in, 0.8s transform ease, 0.8s -webkit-transform ease;
position: relative;
top: 0;
z-index: 100;
-webkit-transform: translateY(0px);
transform: translateY(0px);
text-shadow: 0 0 0;
}
.tab:first-of-type:not(:last-of-type)+label {
border-top-right-radius: 0;
border-bottom-right-radius: 0;
}
.tab:not(:first-of-type):not(:last-of-type)+label {
border-radius: 0;
}
.tab:last-of-type:not(:first-of-type)+label {
border-top-left-radius: 0;
border-bottom-left-radius: 0;
}
.tab:checked+label {
background-color: #fff;
box-shadow: 0 -1px 0 #fff inset;
cursor: default;
font-weight: bold;
border: 1px solid #ddd;
border-bottom-color: transparent;
}
.tab:checked+label:hover {
box-shadow: 0 -1px 0 #fff inset;
background-color: #fff;
}
.tab+label {
box-shadow: 0 -1px 0 #eee inset;
border-radius: 6px 6px 0 0;
cursor: pointer;
display: block;
text-decoration: none;
color: #27aae1;
flex-grow: 3;
text-align: center;
-webkit-user-select: none;
-moz-user-select: none;
-ms-user-select: none;
user-select: none;
text-align: center;
transition: 0.3s background-color ease, 0.3s box-shadow ease;
height: 50px;
box-sizing: border-box;
padding: 15px;
}
.tab+label:hover {
background-color: #f9f9f9;
box-shadow: 0 1px 0 #f4f4f4 inset;
}
.tab__content {
padding: 2px 2px;
background-color: transparent;
position: absolute;
width: 100%;
z-index: -1;
opacity: 0;
left: 0;
-webkit-transform: translateY(-3px);
transform: translateY(-3px);
border-radius: 6px;
}
.tab__content pre {
margin-bottom: 0px !important;
}
.toolbar-icons {
display: inline-block;
position: relative;
padding-left: 4px;
}
a.toolbar-icons {
text-decoration: none;
}
.toolbar-icons .mdi {
color: #4183c4;
}
.copy-msg {
color: #4183c4;
}
.pull-right {
float: right !important;
}
.pull-left {
float: left !important;
}
</style>
<script src="../../gitbook/gitbook.js"></script>
<script src="../../gitbook/theme.js"></script>
<script src="../../gitbook/gitbook-plugin-toggle-chapters/toggle.js"></script>
<script src="../../gitbook/gitbook-plugin-search/search-engine.js"></script>
<script src="../../gitbook/gitbook-plugin-search/search.js"></script>
<script src="../../gitbook/gitbook-plugin-lunr/lunr.min.js"></script>
<script src="../../gitbook/gitbook-plugin-lunr/search-lunr.js"></script>
<script src="../../gitbook/gitbook-plugin-fontsettings/fontsettings.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink