Skip to main content

nats-server

brew install nats-server

# http://127.0.0.1:8222/
nats-server -js -sd $PWD/jetstream-store -m 8222

nats-server --signal reload
portfor
4222client
8222HTTP management
6222routing port for clustering.
port: 4222
monitor_port: 8222
  • /etc/nats/nats-server.conf
  • $var
    • 可以在配置里定义
    • 可使用 环境变量
# 连接配置
host: 0.0.0.0
port: 4222
listen: "$host:$port"
# client_advertise: "$host:$port"

# HTTP monitoring port
monitor_port: 8222

tls: {}
gateway: {}
leafnode: {}
mqtt: {}
websocket: {}

# 超时配置
ping_interval: "2m"
ping_max: 2
write_deadline: "10s"

# 限制
max_connections: 64K
max_control_line: 4KB
max_payload: 1MB
max_pending: 64MB
max_subscriptions: 0

# JetStream
jetstream: {
store_dir: "/tmp/nats/jetstream"
# 内存的 75%
# max_memory_store:
max_file_store: 1TB
# chachapoly, aes
# cipher:
# 32+
# key:
max_outstanding_catchup: 32MB
}

authorization {
# timeout: 3

# 同 --auth
# nats sub -s nats://s3cr3t@localhost:4222 ">"
# 支持 bcrypt: nats server passwd
token: "s3cr3t"

# 密码支持 Bcrypted
user: ""
password: ""
users: [
{user: "", password: ""b""}
]
}

accounts {

}
no_auth_user:

# 集群配置
cluster {
# It is recommended to set a cluster name
name: "my_cluster"

# Route connections to be received on any interface on port 6222
port: 6222

# Routes are protected, so need to use them with --routes flag
# e.g. --routes=nats-route://ruser:T0pS3cr3t@otherdockerhost:6222
authorization {
user: ruser
password: T0pS3cr3t
timeout: 2
}

# Routes are actively solicited and connected to from this server.
# This Docker image has none by default, but you can pass a
# flag to the nats-server docker image to create one to an existing server.
routes = []
}

jwt seutp

  • alg ed25519-nkey
docker run -w /nsc --rm -it -v $PWD/nsc:/nsc natsio/nats-box:latest

# -n operator 名字
# /nsc/nats/nsc/stores
nsc init -n nats

nsc generate config --nats-resolver > jwt.conf
host: 0.0.0.0
port: 4222
monitor_port: 8222

jetstream: {
store_dir: "./jetstream-store"
}

websocket {
port: 9222
no_tls: true
}

include ./nsc/jwt.conf
# 添加实际使用的 account 和 user
nsc add account wener --js-disk-storage 1g
nsc add user apis

# 检查信息
nsc list keys
nsc describe operator
# nsc edit operator --service-url nats://127.0.0.1:4222

# 推送到 nats
nsc push -a incs -u nats://127.0.0.1

# 客户端连接
nats context add nats --server 127.0.0.1:4222 --select --creds ./nkeys/creds/nats/wener/apis.creds
nats account info

Cluster

version: '3.5'
services:
nats:
image: nats
ports:
- '8222:8222'
command: '--cluster_name NATS --cluster nats://0.0.0.0:6222 --http_port 8222 '
networks: ['nats']
nats-1:
image: nats
command: '--cluster_name NATS --cluster nats://0.0.0.0:6222 --routes=nats://ruser:T0pS3cr3t@nats:6222'
networks: ['nats']
depends_on: ['nats']
nats-2:
image: nats
command: '--cluster_name NATS --cluster nats://0.0.0.0:6222 --routes=nats://ruser:T0pS3cr3t@nats:6222'
networks: ['nats']
depends_on: ['nats']

networks:
nats:
name: nats

cluster

--routes [rurl-1, rurl-2]     Routes to solicit and connect
--cluster nats://host:port Cluster URL for solicited routes
listen: 127.0.0.1:4222
http: 8222

cluster {
name: example

# host/port for inbound route connections from other server
listen: localhost:4244

# Authorization for route connections
# Other server can connect if they supply the credentials listed here
# This server will connect to discovered routes using this user
authorization {
user: route_user
password: pwd
timeout: 0.5
}

# This server establishes routes with these server.
# This server solicits new routes and Routes are actively solicited and connected to from this server.
# Other servers can connect to us if they supply the correct credentials
# in their routes definitions from above.
routes = [
nats://route_user:pwd@127.0.0.1:4245
nats://route_user:pwd@127.0.0.1:4246
]
}
  • 只会 forward client 消息给相邻节点
  • gossiping

jetstream cluster

  • RAFT

gateway

leafnode

  • 连接 super cluster
  • 延伸 nats-server
  • 使用本地 authz+authn
  • 本地 low RTT
  • 不需要能访问自己
  • 可以同时连多个集群
Nats-Request-Info: {"acc":"LEAF_ACCOUNT","rtt":11491934}

HELM

FAQ

Account fetch failed: fetching jwt timed out

配置 resolver.timeout

system_account in config and operator JWT must be identical

生成配置不要指定 --sys-account,默认为 SYS

no nkey seed found

using nats based account resolver - the system account needs to be specified in configuration or the operator jwt

nsc add account -n SYS
nsc edit operator --system-account SYS

JetStream not enabled for account (10039)

  • 必须要配置 js-disk-storage
nsc edit account server --js-disk-storage 1g
nsc describe account server