mirror of
https://github.com/postmannen/ctrl.git
synced 2025-01-09 13:39:17 +00:00
95 lines
2.9 KiB
Markdown
95 lines
2.9 KiB
Markdown
# NATS Server install
|
|
|
|
ctrl uses NATS as the messagaging backbone. The following text will describe how to quickly get up and running with a minimal NATS setup. For full details of what you can do with nats-server, check out the official docs at [https://docs.nats.io/running-a-nats-service/introduction/installation](https://docs.nats.io/running-a-nats-service/introduction/installation)
|
|
|
|
## NKEY
|
|
|
|
NATS uses ED25519 based keys called NKEY's for Authentication and Authorization. The keys are created by a tool called **nk**. The instructions for how to install it are found here [https://docs.nats.io/using-nats/nats-tools/nk](https://docs.nats.io/using-nats/nats-tools/nk).
|
|
|
|
The private key are called **seed**, and the public key are called **user**.
|
|
|
|
To create the keys run the following command after the nk tool is installed.
|
|
|
|
```bash
|
|
nk -gen user -pubout
|
|
```
|
|
|
|
The tool will print out two new keys. Where the private Seed starts with the letter ` S `, and the public User key starts with the letter ` U `.
|
|
|
|
The private Seed key are used with each ctrl instance, and are referenced as an ENV, flag, or via file.
|
|
|
|
The public User key are used in the nats-server config file for Authentication, to define access lists for what Nats Subjects the ctrl instances should be allowed to send to, or receive from.
|
|
|
|
## Install the NATS Server
|
|
|
|
For this example we use docker compose to start the NATS server.
|
|
|
|
On your local computer create a folder to hold the NATS docker compose, and configuration files.
|
|
|
|
```bash
|
|
mkdir nats && cd nats
|
|
```
|
|
|
|
create the docker compose file called `nats.yaml`, with the following content.
|
|
|
|
```yaml
|
|
version: "3"
|
|
|
|
services:
|
|
nats:
|
|
build: .
|
|
image: nats:latest
|
|
# -js enables jetstram on the nats server.
|
|
command: "-c /app/nats-server.conf -D -js"
|
|
restart: always
|
|
ports:
|
|
- "4222:4222"
|
|
volumes:
|
|
- ./nats.conf:/app/nats-server.conf
|
|
logging:
|
|
driver: "json-file"
|
|
options:
|
|
max-size: "10m"
|
|
max-file: "10"
|
|
```
|
|
|
|
In the same directory create the nats-server.conf file, with the following content. Replace the placeholders for the user keys in the acl with the user keys you created earlier.
|
|
|
|
```json
|
|
port: 4222
|
|
|
|
ACL = {
|
|
publish: {
|
|
allow: [">"]
|
|
}
|
|
subscribe: {
|
|
allow: [">"]
|
|
}
|
|
}
|
|
|
|
authorization: {
|
|
timeout: "30s"
|
|
users = [
|
|
{
|
|
# github
|
|
nkey: <REPLACE WITH github user key here>
|
|
permissions: $ACL
|
|
},
|
|
{
|
|
# node1
|
|
nkey: <REPLACE WITH seed user key here>
|
|
permissions: $ACL
|
|
},
|
|
]
|
|
}
|
|
```
|
|
|
|
## Firewall openings for NATS Server
|
|
|
|
You will need to open your firewall for inbound `tcp/4222` from the internet.
|
|
|
|
You can find your public ip address here [https://ipv4.jsonip.com/](https://ipv4.jsonip.com/).
|
|
|
|
## Other
|
|
|
|
More details like how to use certificates to encrypt the communication can be found in the official nats docs, [https://docs.nats.io/](https://docs.nats.io/).
|