cluster {
  tls {
    cert_file = "./configs/certs/tlsauth/server.pem"
    key_file = "./configs/certs/tlsauth/server-key.pem"
    ca_file = "./configs/certs/tlsauth/ca.pem"
    verify_and_map = true
    timeout = 2
  }

  permissions {
    publish {
  	allow = ["public.>"]
    }
    subscribe {
  	allow = ["public.>"]
    }
  }

  authorization {
    user = "CN=localhost,OU=NATS.io Operators"
  }
}

Related articles

NATS feature_request

--- name: Feature Request about: Request a feature for the NATS Server labels: 🎉 enhancement --- ## Feature Request #### Use Case: #### Proposed Change: #### Who Benefits From The Change(s)? #### Alternative Approaches

NATS gws

gateways [ { name: "A" url: "nats://127.0.0.1:5227" } { name: "B" url: "nats://127.0.0.1:5228" } ]

NATS nkey_test

// Copyright 2018 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICE

NATS tls_bad_curve_prefs

# Simple TLS config file listen: 127.0.0.1:4443 tls { cert_file: "./configs/certs/server.pem" key_file: "./configs/certs/key.pem" timeout: 2 curve_preferences: [ "GARBAGE" ] }

NATS jetstream_cluster

// Copyright 2020-2023 The NATS Authors // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses

NATS gwb

listen: "127.0.0.1:-1" gateway { name: "B" listen: "127.0.0.1:5228" include "gws.conf" }

NATS server no ou

-----BEGIN CERTIFICATE----- MIIDhTCCAm2gAwIBAgIUbXHf4iAemXfIpLSWpRMkEVsdjy8wDQYJKoZIhvcNAQEL BQAwTDEkMCIGA1UEChMbU3luYWRpYSBDb21tdW5pY2F0aW9ucyBJbmMuMRAwDgYD VQQLEwdOQVRTLmlvMRIwEAYDVQQDEwlsb2NhbGhvc3QwHhcNMTkwMjE4MjE0MjAw WhcNMjQwMjE3MjE0MjAwWjAUMRIwEAY

NATS multi_accounts

listen: 127.0.0.1:4033 http: 127.0.0.1:8033 password = "s3cr3t!" accounts: { engineering: { users = [ {user: alice, password: $password} {user: bob, password: $password} ] } legal: { users = [ {us

NATS auth_seed

# Cluster Seed Node listen: 127.0.0.1:5222 http: 8222 cluster { listen: 127.0.0.1:4248 name: xyz authorization { user: ruser password: T0PS3cr3T! timeout: 1 } } no_sys_acc: true

NATS tls_cert_san_auth

listen: localhost:9335 tls { cert_file = "./configs/certs/sans/server.pem" key_file = "./configs/certs/sans/server-key.pem" ca_file = "./configs/certs/sans/ca.pem" verify = true verify_and_map = true } authorization { # Default permissions