Securing¶
TLS¶
The SEAL NATS server can use TLS semantics to encrypt client, route, and monitoring connections. To enable TLS encryption follow these steps:
-
Open the
/opt/seal/etc/nats.conf
configuraton file. -
Uncomment the following section:
# TLS configuration # tls: { # cert_file: "./cert.pem" # key_file: "./key.pem" # }
-
Insert the paths to certificate and key files.
# TLS configuration tls: { cert_file: "/opt/seal/etc/tls-external/cert.pem" key_file: "/opt/seal/etc/tls-external/key.pem" }
-
Save the file.
-
Restart the service.
sudo systemctl restart seal-nats
Token Authentication¶
Client connections can also get secured by token authentication. To use this method follow these steps:
-
Open the
/opt/seal/etc/nats.conf
configuration file. -
Uncomment the following section:
# Secure connection with token authorization { token: "unsecure_token" }
-
Provide a secure token.
Example - authorization
# Secure connection with token authorization { token: "G!(<TyIxhB.r^/yLYj;d)+c@g;!9vFn" }
-
Save the file.
-
Restart the service.
sudo systemctl restart seal-nats