Bitnami NATS Virtual Machine

IMPORTANT: The NATS OVA has been released for VMware vSphere only. The following information does not apply for VirtualBox or similar VM executors.

Description

NATS is an open source, lightweight and high-performance messaging system. It is ideal for distributed systems and supports modern cloud architectures and pub-sub, request-reply and queuing models.

First steps with the NATS

Welcome to your new Bitnami application! This guide includes some basic information you will need to get started with your application.

What credentials do I need?

You need two sets of credentials:

  • The application credentials, consisting of a username and password. These credentials allow you to log in to your new Bitnami application.
  • The server credentials, consisting of an SSH username and SSH key file. These credentials allow you to log in to your virtual machine using an SSH client and execute commands on the server using the command line. Contact your datacenter administrator for more information.

What is the administrator username set for me to log in to the application for the first time?

Username: nats

What is the administrator password?

Password: The administrator password to log in to your application is randomly generated during the first boot. Check the FAQ to learn how to retrieve it.

What is my server IP address?

The IP address is displayed on screen at the end of the boot process, but you can check it at any time by running the following command:

$ sudo ifconfig

Check server IP address

How to start or stop the services?

Each Bitnami stack includes a control script that lets you easily stop, start and restart services. The script is located at /opt/bitnami/ctlscript.sh. Call it without any service name arguments to start all services:

$ sudo /opt/bitnami/ctlscript.sh start

Or use it to restart a single service, such as Apache only, by passing the service name as argument:

$ sudo /opt/bitnami/ctlscript.sh restart apache

Use this script to stop all services:

$ sudo /opt/bitnami/ctlscript.sh stop

Restart the services by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh restart

Obtain a list of available services and operations by running the script without any arguments:

$ sudo /opt/bitnami/ctlscript.sh

NATS default configuration

NATS configuration files

The NATS configuration files are in the /opt/bitnami/nats/conf/ directory.

NATS ports

By default, the NATS server runs on port 4222. Only conections from localhost are permitted.

To connect to NATS you need to use a client such Golang. Check the How to connect to NATS to learn how to use a Golang NATS client to connect to the server.

Other available ports are the following:

  • Clustering: 6222
  • Monitoring: 8222
  • Monitoring over HTTPS: 8443

NATS log files

The NATS log file is /opt/bitnami/nats/logs/gnatsd.log.

What are the default ports?

A port is an endpoint of communication in an operating system that identifies a specific process or a type of service. Bitnami stacks include several services or servers that require a port.

IMPORTANT: Making this application's network ports public is a significant security risk. You are strongly advised to only allow access to those ports from trusted networks. If, for development purposes, you need to access from outside of a trusted network, please do not allow access to those ports via a public IP address. Instead, use a secure channel such as a VPN or an SSH tunnel. Follow these instructions to remotely connect safely and reliably.

Port 22 is the default port for SSH connections.

The NATS access ports are 4222, 6222, 8222, 8443. These ports are closed by default. You must open them to enable remote access.

How to configure TLS on a NATS server?

You can secure the NATS server connections by enabling TLS, that way, all the communications between the server and its client will be encrypted. To enable TLS, follow the instructions below:

  • Install the Lego client.
  • Generate a Let's Encrypt certificate for your domain.
  • Link the new TLS certificate and certificate key file to the correct locations:

    $ sudo ln -s /etc/lego/certificates/DOMAIN.crt /opt/bitnami/nats/conf/gnatsd.crt
    $ sudo ln -s /etc/lego/certificates/DOMAIN.key /opt/bitnami/nats/conf/gnatsd.key
    
  • In the /opt/bitnami/nats/conf/gnatsd.conf file, edit the "tls" section. Modify these values from:

    # tls {
    #    cert_file: ""
    #    key_file: ""
    #    timeout:    2
    #  } # end-tls
    

    To:

    tls {
      cert_file: "/opt/bitnami/nats/conf/gnatsd.crt"
      key_file: "/opt/bitnami/nats/conf/gnatsd.key"
      timeout: 2
    }
    
  • Restart NATS:

    $ sudo /opt/bitnami/ctlscript.sh restart nats
    
  • To check if TLS is working, use a client for sending a message over TLS as shown below:

    NOTE: Check the How to connect to NATS section to learn how to use a Golang client to write a simple NATS client.
    $ go run nats-client.go -s tls://127.0.0.1:4222 -u nats -p PASSWORD -c produce foo bar
    Connected to NATS server: tls://127.0.0.1:4222
    Published [foo] : 'bar'
    

How to connect to NATS?

To connect to NATS it is necessary to use a client. NATS provides a Golang client that you can use to write a simple NATS client.

A client can produce or consume messages on a NATS subscription. This section describes how to write a client that allows us both to produce and consume messages. To do so, follow the steps below:

IMPORTANT: To follow the steps below, you need to have the Go environment set up. See the Go official documentation to learn how to install Go.
  • Obtain the NATS server authentication credentials.
  • Create a file named nats-client.go including the following content:

    package main
    import (
            "flag"
            "fmt"
            "log"
            "runtime"
            "github.com/nats-io/go-nats"
    )
    
    func usage_prod() {
            log.Fatalf("Usage: nats-pub [-s server (%s)] [-u user (%s)] [-p password (%s)] -c produce <subject> <msg> \n", nats.DefaultURL, "nats", "S3Cr3TP@5w0rD")
            }
            func usage_con() {
                    log.Fatalf("Usage: nats-pub [-s server (%s)] [-u user (%s)] [-p password (%s)] -c consume <subject> \n", nats.DefaultURL, "nats", "S3Cr3TP@5w0rD")
            }
    
    func main() {
            var urls = flag.String("s", nats.DefaultURL, "The nats server URLs (separated by comma)")
            var authUser = flag.String("u", "nats", "The nats server authentication user for clients")
            var authPassword = flag.String("p", "", "The nats server authentication password for clients")
            var command = flag.String("c", "", "Whether to produce or consume a message")
            log.SetFlags(0)
            flag.Parse()
            args := flag.Args()
            if *command == "" {
                    log.Fatalf("Error: Indicate the command using '-command' flag")
            }
            if *command != "produce" && *command != "consume" {
                    log.Fatalf("Error: Supported commands are: consume & produce")
            }
            nc, err := nats.Connect(*urls, nats.UserInfo(*authUser, *authPassword))
            if err != nil {
                    log.Fatal(err)
            }
            fmt.Println("Connected to NATS server: " + *urls)
            if *command == "produce" {
                    if len(args) < 2 {
                             usage_prod()
                    }
                    subj, msg := args[0], []byte(args[1])
                    nc.Publish(subj, msg)
                    nc.Flush()
                    if err := nc.LastError(); err != nil {
                           log.Fatal(err)
                    } else {
                           log.Printf("Published [%s] : '%s'\n", subj, msg)
                    }
            }
            if *command == "consume" {
                    if len(args) < 1 {
                            usage_con()
                    }
                    subj := args[0]
                    nc.Subscribe(subj, func(msg *nats.Msg) {
                            log.Printf("Received message '%s\n", string(msg.Data)+"'")
                    })
                    nc.Flush()
                    if err := nc.LastError(); err != nil {
                            log.Fatal(err)
                    }
                    log.Printf("Listening on [%s]\n", subj)
                    runtime.Goexit()
            }
    }
    
  • Use the client to create a subscriber. Replace the PASSWORD placeholder with the credentials you have obtained in the NATS authentication section:

    $ go run nats-client.go -s nats://127.0.0.1:4222 -u nats -p PASSWORD -c consume foo
    
  • Use the client to send a message to the subject "foo". Replace the PASSWORD placeholder with the credentials you have obtained in the NATS authentication section:

    $ go run nats-client.go -s nats://127.0.0.1:4222 -u nats -p PASSWORD -c produce foo bar
    Connected to NATS server: nats://127.0.0.1:4222
    Published [foo] : 'bar'
    
  • You should see the confirmation of the subscriber is receiving the messages:

    Listening on [foo]
    ...
    Received message 'bar'
    

To learn more about the use of this and other clients, check NATS official documentation and NATS GitHub repository.

How to connect to NATS from a different machine?

The NATS OVA can only be deployed within a VMware vSphere environment. For that reason, it does not include any specialized firewall software pre-installed or firewall rules set. It is assumed that this OVA will run on a private LAN.

Please contact your system administrator to learn how to remotely access this machine.

How to create a NATS cluster?

This section describes the creation of a NATS cluster with servers located on different hosts. That way, the messages published on one server will be routed and received by a subscriber on another server. The following example shows a cluster comprised of two instances, follow these instructions:

  • Launch as much NATS instances as nodes you want to have in the cluster. (In this example, two instances). Note the IP addresses of both instances.

Now, it is time to indicate in server 1 the IP address it needs to listen for connections from the server 2 and vice versa:

Configuring the first NATS instance

  • In the /opt/bitnami/nats/conf/gnatsd.conf file, navigate to the "Clustering multiple servers together" section and modify those lines as shown below.

    You must set a password (PASSWORD_SERVER1) to authorize route connections. In the example below, remember to replace PASSWORD_SERVER2 with the password you will define in the /opt/bitnami/nats/conf/gnatsd.conf file of the server 2, and IP_ADDRESS_SERVER2 with the IP address of that instance.

    # Clustering multiple servers together. Disabled by default.
    cluster {
    
    listen: 0.0.0.0:6222 # host/port for inbound route connections
    
    # Authorization for route connections
    authorization {
      user: nats
      pass: PASSWORD_SERVER1
      timeout: 2
    }
    
    # Routes are actively solicited and connected to from this server.
    # Other servers can connect to us if they supply the correct credentials
    # in their routes definitions from above
    routes = [nats://nats:PASSWORD_SERVER2@IP_ADDRESS_SERVER2:6222]
    }
    

Configuring the second NATS instance

  • In server 2, edit the /opt/bitnami/nats/conf/gnatsd.conf file and set a password (PASSWORD_SERVER2) to authorize route connections.

    In this case replace the PASSWORD_SERVER1 with the password you have defined in the /opt/bitnami/nats/conf/gnatsd.conf file of the server 1, and IP_ADDRESS_SERVER1 with the IP address of that server. That way, the communication between servers will be bi-directional:

    # Clustering multiple servers together. Disabled by default.
    cluster {
    
    listen: 0.0.0.0:6222 # host/port for inbound route connections
    
    # Authorization for route connections
    authorization {
      user: nats
      pass: PASSWORD_SERVER2
      timeout: 2
    }
    
    # Routes are actively solicited and connected to from this server.
    # Other servers can connect to us if they supply the correct credentials
    # in their routes definitions from above
    routes = [nat://nats:PASSWORD_SERVER1@IP_ADDRESS_SERVER1:6222]
    
  • To check if the cluster is working, in server 2 use the client to listen the message as shown below. Replace PASSWORD with the password displayed in the "Authorization for client connections" line of the server's 2 /opt/bitnami/nats/conf/gnatsd.conf file.

    $ go run nats-client.go -s nats://127.0.0.1:4222 -u nats -p PASSWORD -c consume foo
    Connected to NATS server: nats://127.0.0.1:4222
    
  • In server 1 use a client to send a message. Replace PASSWORD with the default password displayed in the "Authorization for client connections" line of the server's 1 configuration file (/opt/bitnami/nats/conf/gnatsd.conf).

    NOTE: Check the How to connect to NATS section to learn how to use a Golang client to write a simple NATS client.
    $ go run nats-client.go -s nats://127.0.0.1:4222 -u nats -p PASSWORD -c produce foo 'bar'
    Connected to NATS server: nats://127.0.0.1:4222
    Published [foo] : 'bar'
    
  • In server 2, you should see the confirmation of the subscriber is receiving the messages:

      ...
      Listening on [foo]
      Received message 'bar'
    

    Congratulations, you just scale your NATS solution!

How can I run a command in the NATS?

Log in to the server console as the bitnami user and run the command as usual. The required environment is automatically loaded for the bitnami user.

NATS authentication

NATS supports server authentication by default. To secure the server from remote connections, you can configure NATS to use a token instead of a username and password. Follow these instructions:

  • In the /opt/bitnami/nats/conf/gnatsd.conf file, edit the "Authorization for client connections" section to comment the "user" and "pass" lines and uncomment the "#client_token" line. Your file must change from:

    # Authorization for client connections
    authorization {
        user: nats
        pass: XXXXXX
        # client_token:
        timeout: 1
    }
    

    To:

    # Authorization for client connections
    authorization {
        #user: nats
        #pass: XXXXXX
        token: TOKEN
        timeout: 1
    }
    
    NOTE: TOKEN is a placeholder, replace it with the desired value.
  • Restart NATS to make the changes take effect:

    $ sudo /opt/bitnami/ctlscript.sh restart nats
    

Once you have changed that value, you can use the selected token to authenticate when connect to the server with a client.

How to create a full backup of NATS?

Backup

The NATS is self-contained and the simplest option for performing a backup is to copy or compress the Bitnami stack installation directory. To do so in a safe manner, you will need to stop all servers, so this method may not be appropriate if you have people accessing the application continuously.

Follow these steps:

  • Change to the directory in which you wish to save your backup:

      $ cd /your/directory
    
  • Stop all servers:

      $ sudo /opt/bitnami/ctlscript.sh stop
    
  • Create a compressed file with the stack contents:

      $ sudo tar -pczvf application-backup.tar.gz /opt/bitnami
    
  • Restart all servers:

      $ sudo /opt/bitnami/ctlscript.sh start
    

You should now download or transfer the application-backup.tar.gz file to a safe location.

Restore

Follow these steps:

  • Change to the directory containing your backup:

      $ cd /your/directory
    
  • Stop all servers:

      $ sudo /opt/bitnami/ctlscript.sh stop
    
  • Move the current stack to a different location:

      $ sudo mv /opt/bitnami /tmp/bitnami-backup
    
  • Uncompress the backup file to the original directoryv

      $ sudo tar -pxzvf application-backup.tar.gz -C /
    
  • Start all servers:

      $ sudo /opt/bitnami/ctlscript.sh start
    

If you want to create only a database backup, refer to these instructions for MySQL and PostgreSQL.

How to debug NATS errors?

The main NATS log file is created at /opt/bitnami/nats/logs/gnatsd.log.

Enabling verbose logging

You can improve the log verbosity by enabling the debug mode. That way, you will obtain highest level of detail in the information shown in the log file that helps you to debug errors in your NATS installation. Follow these instructions:

  • Edit the /opt/bitnami/nats/conf/gnatsd.conf file to modify the "logging section" as shown below:

    # Logging options
    debug: true
    trace: true
    
  • Restart NATS to make the changes take effect:

     $ sudo /opt/bitnami/ctlscript.sh restart nats
    

How to start/stop the NATS server?

  • To start the NATS server, access your machine and execute the following:

    $ sudo /opt/bitnami/ctlscript.sh start nats
    
  • To stop the NATS server, execute the following:

    $ sudo /opt/bitnami/ctlscript.sh start nats
    
virtualMachine

Bitnami Documentation