Configure TLS on a NATS server
You can secure the NATS server connections by enabling TLS, that way, all the communications between the server and its client will be encrypted. To enable TLS, follow the instructions below:
-
Configure and install a Let’s Encrypt certificate for your domain.
-
Link the new TLS certificate and certificate key file to the correct locations:
$ sudo ln -s /etc/lego/certificates/DOMAIN.crt /opt/bitnami/nats/conf/nats-server.crt $ sudo ln -s /etc/lego/certificates/DOMAIN.key /opt/bitnami/nats/conf/nats-server.key -
In the /opt/bitnami/nats/conf/nats-server.conf file, edit the “tls” section. Modify these values from:
# tls { # cert_file: "" # key_file: "" # timeout: 2 # } # end-tlsTo:
tls { cert_file: "/opt/bitnami/nats/conf/nats-server.crt" key_file: "/opt/bitnami/nats/conf/nats-server.key" timeout: 2 } -
Restart NATS:
$ sudo /opt/bitnami/ctlscript.sh restart nats -
To check if TLS is working, use a client for sending a message over TLS as shown below:
NOTE: Check the Connect to NATS page to learn how to use a Golang client to write a simple NATS client.
$ nats-pub -s tls://nats:PASSWORD@127.0.0.1:4222 -reply Hi SomeSubject "Hi everyone" Connected to NATS server: tls://127.0.0.1:4222 Published [SomeSubject] : 'Hi everyone'