Skip to content

nats-tls job from nats/49

TLS-secured NATS server providing a publish-subscribe messaging system for Cloud Foundry components.

Github source: c84aab7 or master branch

Properties

nats

auth_required

Default
true

authorization_timeout

After accepting a connection, wait up to this many seconds for credentials.

Default
15

client

tls
ca

Certificate of the CA for verifying the TLS connection to the server. In PEM format.

certificate

The PEM-encoded certificate to use for verifying the TLS connection to the server (used for local healthchecks).

private_key

The PEM-encoded private key to use for verifying the TLS connection to the server (used for local healthchecks).

cluster_host

Clustering listening interface, defaults to spec.address

cluster_port

The port for the NATS servers to communicate with other servers in the cluster.

Default
4225

debug

Enable debug logging output.

Default
false

external

tls
ca

Certificate of the CA for publisher/subscriber traffic. In PEM format.

certificate

Certificate for publisher/subscriber traffic. In PEM format.

private_key

Private key for publisher/subscriber traffic. In PEM format.

hostname

Hostname for nats cluster. Set this to the value of your bosh-dns-alias.

Example
nats.service.cf.internal

internal

tls
ca

Certificate of the CA for cluster-internal traffic. In PEM format.

certificate

Certificate for cluster-internal traffic. In PEM format.

enabled

Enable mutually authenticated TLS for NATS cluster-internal traffic.

Default
false
private_key

Private key for cluster-internal traffic. In PEM format.

machines

IP or Domain Name of each NATS cluster member.

monitor_port

Port for varz and connz monitoring. 0 means disabled.

Default
0

net

Client listening interface, defaults to spec.address

no_advertise

When configured to true, this nats server will not be advertised to any nats clients.

Default
true

nontls_cluster_port

The port for the NATS servers to communicate with other servers in the cluster. No default but usually 4223.

password

Password for server authentication.

port

The port for the NATS server to listen on.

Default
4224

prof_port

Port for pprof. 0 means disabled.

Default
0

trace

Enable trace logging output.

Default
false

user

Username for server authentication.

write_deadline

Maximum number of seconds the server will block when writing. Once this threshold is exceeded the connection will be closed and the client will be considered as Slow Consumer.

Default
2s

Templates

Templates are rendered and placed onto corresponding instances during the deployment process. This job's templates will be placed into /var/vcap/jobs/nats-tls/ directory (learn more).

  • bin/post-start (from post-start.erb)
  • config/bpm.yml (from bpm.yml.erb)
  • config/client_tls/ca.pem (from client_tls/ca.pem.erb)
  • config/client_tls/certificate.pem (from client_tls/certificate.pem.erb)
  • config/client_tls/private_key.pem (from client_tls/private_key.pem.erb)
  • config/external_tls/ca.pem (from external_tls/ca.pem.erb)
  • config/external_tls/certificate.pem (from external_tls/certificate.pem.erb)
  • config/external_tls/private_key.pem (from external_tls/private_key.pem.erb)
  • config/internal_tls/ca.pem (from internal_tls/ca.pem.erb)
  • config/internal_tls/certificate.pem (from internal_tls/certificate.pem.erb)
  • config/internal_tls/private_key.pem (from internal_tls/private_key.pem.erb)
  • config/migrator-config.json (from migrator-config.json.erb)
  • config/nats-tls.conf (from nats-tls.conf.erb)

Packages

Packages are compiled and placed onto corresponding instances during the deployment process. Packages will be placed into /var/vcap/packages/ directory.