nats-tls job from nats/44
TLS-secured NATS server providing a publish-subscribe messaging system for Cloud Foundry components.
Github source:
aa1f2fd
or
master branch
Properties¶
nats
¶
auth_required
¶
- Default
true
authorization_timeout
¶After accepting a connection, wait up to this many seconds for credentials.
- Default
15
client
¶
tls
¶
certificate
¶The PEM-encoded certificate to use for verifying the TLS connection to the server (used for local healthchecks).
private_key
¶The PEM-encoded private key to use for verifying the TLS connection to the server (used for local healthchecks).
cluster_host
¶Clustering listening interface, defaults to spec.address
cluster_port
¶The port for the NATS servers to communicate with other servers in the cluster.
- Default
4225
debug
¶Enable debug logging output.
- Default
false
external
¶
tls
¶
ca
¶Certificate of the CA for publisher/subscriber traffic. In PEM format.
certificate
¶Certificate for publisher/subscriber traffic. In PEM format.
private_key
¶Private key for publisher/subscriber traffic. In PEM format.
hostname
¶Hostname for nats cluster. Set this to the value of your bosh-dns-alias.
- Example
nats.service.cf.internal
internal
¶
tls
¶
ca
¶Certificate of the CA for cluster-internal traffic. In PEM format.
certificate
¶Certificate for cluster-internal traffic. In PEM format.
enabled
¶Enable mutually authenticated TLS for NATS cluster-internal traffic.
- Default
false
private_key
¶Private key for cluster-internal traffic. In PEM format.
machines
¶IP or Domain Name of each NATS cluster member.
monitor_port
¶Port for varz and connz monitoring. 0 means disabled.
- Default
0
net
¶Client listening interface, defaults to spec.address
no_advertise
¶When configured to true, this nats server will not be advertised to any nats clients.
- Default
true
nontls_cluster_port
¶The port for the NATS servers to communicate with other servers in the cluster. No default but usually 4223.
password
¶Password for server authentication.
port
¶The port for the NATS server to listen on.
- Default
4224
prof_port
¶Port for pprof. 0 means disabled.
- Default
0
trace
¶Enable trace logging output.
- Default
false
user
¶Username for server authentication.
write_deadline
¶Maximum number of seconds the server will block when writing. Once this threshold is exceeded the connection will be closed and the client will be considered as Slow Consumer.
- Default
2s
Templates¶
Templates are rendered and placed onto corresponding
instances during the deployment process. This job's templates
will be placed into /var/vcap/jobs/nats-tls/
directory
(learn more).
bin/pre-start
(frompre-start.erb
)config/bpm.yml
(frombpm.erb.yml
)config/client_tls/certificate.pem
(fromclient_tls/certificate.pem.erb
)config/client_tls/private_key.pem
(fromclient_tls/private_key.pem.erb
)config/external_tls/ca.pem
(fromexternal_tls/ca.pem.erb
)config/external_tls/certificate.pem
(fromexternal_tls/certificate.pem.erb
)config/external_tls/private_key.pem
(fromexternal_tls/private_key.pem.erb
)config/internal_tls/ca.pem
(frominternal_tls/ca.pem.erb
)config/internal_tls/certificate.pem
(frominternal_tls/certificate.pem.erb
)config/internal_tls/private_key.pem
(frominternal_tls/private_key.pem.erb
)config/nats-tls.conf
(fromnats-tls.conf.erb
)
Packages¶
Packages are compiled and placed onto corresponding
instances during the deployment process. Packages will be
placed into /var/vcap/packages/
directory.