taigrr/nats.docs
1
0
Fork 0
mirror of https://github.com/taigrr/nats.docs synced 2025-01-18 04:03:23 -08:00
Code Issues Projects Releases Wiki Activity
nats.docs/nats_server/securing_nats.md
Alberto Ricart e02ebdf16e wip
2019-05-16 10:35:38 -05:00

961 B
Raw Blame History

Securing NATS

The nats-server provides several forms of security:

  • Connections can be encrypted with TLS
  • Client connections can require authentication
  • Clients can require authorization for subjects the publish or subscribe to

Server TLS Configuration

TLS server configuration revolves around two options:

  • cert_file - the server's certificate
  • key_file - the server's key file

You can configure tls on the configuration file:

tls: {
	cert_file: "./server-cert.pem"
	key_file: "./server-key.pem"
}

Or by using server options:

> nats-server --tls --tlscert=./server-cert.pem --tlskey=./server-key.pem

More advanced configurations require additional options:

  • ca_file - a certificate file providing the trust chain for the certificate authority (CA). Used to validate client certificates.
  • verify - set to true if you want to verify client certs against the ca_file certificate.