mirrors/ctrl
1
0
Fork 0
mirror of https://github.com/postmannen/ctrl.git synced 2025-01-09 05:29:16 +00:00
Code Activity
ctrl/doc/src/install_nats_server.md
postmannen e5204fe663 update ctrl book
2024-12-14 10:31:46 +01:00

2.9 KiB
Raw Blame History

NATS Server install

ctrl uses NATS as the messagaging backbone. The following text will describe how to quickly get up and running with a minimal NATS setup. For full details of what you can do with nats-server, check out the official docs at https://docs.nats.io/running-a-nats-service/introduction/installation

NKEY

NATS uses ED25519 based keys called NKEY's for Authentication and Authorization. The keys are created by a tool called nk. The instructions for how to install it are found here https://docs.nats.io/using-nats/nats-tools/nk.

The private key are called seed, and the public key are called user.

To create the keys run the following command after the nk tool is installed.

nk -gen user -pubout

The tool will print out two new keys. Where the private Seed starts with the letter S, and the public User key starts with the letter U.

The private Seed key are used with each ctrl instance, and are referenced as an ENV, flag, or via file.

The public User key are used in the nats-server config file for Authentication, to define access lists for what Nats Subjects the ctrl instances should be allowed to send to, or receive from.

Install the NATS Server

For this example we use docker compose to start the NATS server.

On your local computer create a folder to hold the NATS docker compose, and configuration files.

mkdir nats && cd nats

create the docker compose file called nats.yaml, with the following content.

version: "3"

services:
  nats:
    build: .
    image: nats:latest
    # -js enables jetstram on the nats server.
    command: "-c /app/nats-server.conf -D -js"
    restart: always
    ports:
      - "4222:4222"
    volumes:
      - ./nats.conf:/app/nats-server.conf
    logging:
        driver: "json-file"
        options:
            max-size: "10m"
            max-file: "10"

In the same directory create the nats-server.conf file, with the following content. Replace the placeholders for the user keys in the acl with the user keys you created earlier.

port: 4222

ACL = {
    publish: {
            allow: [">"]
    }
    subscribe: {
            allow: [">"]
    }
}

authorization: {
    timeout: "30s"
    users = [
        {
            # github
            nkey: <REPLACE WITH github user key here>
            permissions: $ACL
        },
        {
            # node1
            nkey: <REPLACE WITH seed user key here>
            permissions: $ACL
        },
    ]
}

Firewall openings for NATS Server

You will need to open your firewall for inbound tcp/4222 from the internet.

You can find your public ip address here https://ipv4.jsonip.com/.

Other

More details like how to use certificates to encrypt the communication can be found in the official nats docs, https://docs.nats.io/.