get.pme.sh/pnats@v0.0.0-20240304004023-26bb5a137ed0/test/configs/tls_cert_san_auth.conf (about) 1 2 listen: localhost:9335 3 4 tls { 5 cert_file = "./configs/certs/sans/server.pem" 6 key_file = "./configs/certs/sans/server-key.pem" 7 ca_file = "./configs/certs/sans/ca.pem" 8 verify = true 9 verify_and_map = true 10 } 11 12 authorization { 13 # Default permissions 14 permissions { 15 publish { 16 allow = ["public.>"] 17 } 18 subscribe { 19 allow = ["public.>"] 20 } 21 } 22 23 users [ 24 # CN used by default if there are no SANs 25 { user = "CN=www.nats.io" } 26 27 # All permissions 28 { user = "app.nats.prod", permissions = { 29 publish { 30 allow = [">"] 31 } 32 subscribe { 33 allow = [">"] 34 } 35 } 36 } 37 38 # Dev certs are isolated to own sandbox but can 39 # also publish to public. 40 { user = "app.nats.dev", permissions = { 41 publish { 42 allow = ["public.>", "sandbox.>"] 43 } 44 subscribe { 45 allow = ["public.>", "sandbox.>"] 46 } 47 } 48 } 49 ] 50 }