get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/test/configs/tls_cert_san_auth.conf (about)

     1  
     2  listen: localhost:9335
     3  
     4  tls {
     5    cert_file = "./configs/certs/sans/server.pem"
     6    key_file = "./configs/certs/sans/server-key.pem"
     7    ca_file = "./configs/certs/sans/ca.pem"
     8    verify = true
     9    verify_and_map = true
    10  }
    11  
    12  authorization {
    13    # Default permissions
    14    permissions {
    15      publish {
    16        allow = ["public.>"]
    17      }
    18      subscribe {
    19        allow = ["public.>"]
    20      }
    21    }
    22  
    23    users [
    24      # CN used by default if there are no SANs
    25      { user = "CN=www.nats.io" }
    26  
    27      # All permissions
    28      { user = "app.nats.prod", permissions = {
    29  	publish {
    30  	  allow = [">"]
    31  	}
    32  	subscribe {
    33  	  allow = [">"]
    34  	}
    35        }
    36      }
    37  
    38      # Dev certs are isolated to own sandbox but can
    39      # also publish to public.
    40      { user = "app.nats.dev", permissions = {
    41  	publish {
    42  	  allow = ["public.>", "sandbox.>"]
    43  	}
    44  	subscribe {
    45  	  allow = ["public.>", "sandbox.>"]
    46  	}
    47        }
    48      }
    49    ]
    50  }