Reference
Server Config
While the NATS server has many flags that allow for simple testing of features, the NATS server products provide a flexible configuration format that combines the best of traditional formats and newer styles such as JSON and YAML.
Syntax
The NATS configuration file supports the following syntax:
- Lines can be commented with
#and// - Values can be assigned to properties with:
- Equals sign:
foo = 2 - Colon:
foo: 2 - Whitespace:
foo 2
- Equals sign:
- Arrays are enclosed in brackets:
["a", "b", "c"] - Maps are enclosed in braces:
{foo: 2} - Maps can be assigned with no key separator
- Semicolons can be used as terminators
The NATS configuration file is parsed with UTF-8 encoding.
The NATS configuration in the file can also be rendered as a JSON object (with comments!), but to combine it with variables the variables still have to be unquoted.
Strings and Numbers
The configuration parser is very forgiving, as you have seen:
- values can be a primitive, or a list, or a map
- strings and numbers typically do the right thing
- numbers support units such as, 1K for 1000, 1KB for 1024
String values that start with a digit or a dot '.' can create issues. To force such values as strings, quote them.
Bad Config:
listen: 127.0.0.1:4222
authorization: {
# BAD!
token: 3secret
}
Good Config:
listen: 127.0.0.1:4222
authorization: {
token: "3secret"
}
Variables
Server configurations can specify variables. Variables allow you to reference a value from one or more sections in the configuration. Variables:
- Are block-scoped
- Are referenced with a
$prefix. They have to be unquoted when being referenced, for example an assigment likefoo = "$example"will result infoobeing the literal string"$example". - Can be resolved from environment variables having the same name
If the environment variable value begins with a number you may have trouble resolving it depending on the server version you are running.
# Define a variable in the config
TOKEN: "secret"
# Reference the variable
authorization {
token: $TOKEN
}
A similar configuration, but this time, the value is in the environment:
# TOKEN is defined in the environment
authorization {
token: $TOKEN
}
The environment variable can either be inlined (below) or previously exported.
TOKEN="hello" nats-server -c /config/file
Include Directive
The include directive allows you to split a server configuration into several files. This is useful for separating configuration into chunks that you can easily reuse between different servers.
Includes must use relative paths, and are relative to the main configuration (the one specified via the -c option):
server.conf:
listen: 127.0.0.1:4222
include ./auth.conf
Note that include is not followed by = or :, as it is a directive.
auth.conf:
authorization: {
token: "f0oBar"
}
Starting the server only needs to refer to the top-level config containing the include.
nats-server -c server.conf
- Default value: n/a
- Hot reloadable: No
Values
| Type | Description | Choices |
|---|---|---|
object | - |
Properties
Connectivity
| Name | Description | Type | Default |
|---|---|---|---|
host | Host for client connections. | string | 0.0.0.0 |
port | Port for client connections. Use -1 for a random available port. | integer | 4222 |
listen | <host>:<port> for a client connections. | string | - |
client_advertise | Advertised client <host>:<port>. Useful for cluster setups behind a NAT. | string | - |
tls | TLS configuration for client and HTTP monitoring. | object | - |
allow_non_tls | Allow mixed TLS and non-TLS on the same port. | boolean | - |
ocsp | OCSP Stapling is honored by default for certificates that have the status_request Must-Staple flag. If explicitly disabled, the server will not request staples even if Must-Staple is present. | (multiple) | true |
mqtt | Configuration for enabling the MQTT interface. | object | - |
websocket | Configuration for enabling the WebSocket interface. | object | - |
Centralized Auth
| Name | Description | Type | Default |
|---|---|---|---|
authorization | Static single or multi-user declaration. | object | - |
accounts | Static config-defined accounts. | object | - |
no_auth_user | Name of the user that non-authenticated clients will inherit the authorization controls of. This must be a user defined in either the authorization or accounts block. | string | - |
Decentralized Auth
| Name | Description | Type | Default |
|---|---|---|---|
operator | One or more operator JWTs, either in files or inlined. | (multiple) | - |
trusted_keys | One or more operator public keys to trust. | string | - |
resolver | Takes precedence over the value obtained from the operator if defined. If a string value is used, it must be MEMORY or URL(<url>) where where url is an HTTP endpoint pointing to the NATS account resolver. Note: the NATS account resolver is deprecated and the built-in NATS-based resolver should be used. | (multiple) | - |
resolver_tls | object | - | |
resolver_preload | Map of account public key to the account JWT. | string | - |
resolver_pinned_accounts | (multiple) | - | |
system_account | Name or public key of the account that will be deemed the system account. | string | $SYS |
no_system_account | boolean | - |
Clustering
| Name | Description | Type | Default |
|---|---|---|---|
cluster | Configuration for clustering a set of servers. | object | - |
gateway | Configuration for setting up gateway connections between clusters. | object | - |
Leafnodes
| Name | Description | Type | Default |
|---|---|---|---|
leafnodes | Configuration for setting up leaf node connections. | object | - |
JetStream
| Name | Description | Type | Default |
|---|---|---|---|
jetstream | (multiple) | false | |
store_dir | Directory to use for file-based JetStream storage. | string | - |
Subject Mapping
| Name | Description | Type | Default |
|---|---|---|---|
mappings | (multiple) | - |
Logging
| Name | Description | Type | Default |
|---|---|---|---|
debug | If true, enables debug log messages. | boolean | false |
trace | If true, enables protocol trace log messages, excluding the system account. | boolean | false |
trace_verbose | If true, enables protocol trace log messages, including the system account. | boolean | false |
logtime | If false, log without timestamps. | string | true |
logtime_utc | If true, log timestamps with be in UTC rather than the local timezone. | string | false |
logfile | Log file name. | string | - |
logfile_size_limit | Size in bytes after the log file rolls over to a new one. | integer | 0 |
syslog | Log to syslog. | boolean | false |
remote_syslog | Remote syslog address. | string | - |
Monitoring and Tracing
| Name | Description | Type | Default |
|---|---|---|---|
server_name | The servers name, shows up in logging. Defaults to the generated server ID. When JetStream is used, within a domain, all server names need to be unique. | string | - |
server_tags | One or more tags associated with the server. This is currently used for placement of JetStream streams and consumers. | (multiple) | - |
http | Listen specification <host>:<port> for server monitoring. | string | - |
https | Listen specification <host>:<port> for TLS server monitoring. | string | - |
http_port | HTTP port for server monitoring. | integer | - |
https_port | HTTPS port for server monitoring. | integer | - |
http_base_path | Base path for monitoring endpoints. | string | - |
connect_error_reports | Number of attempts at which a repeated failed route, gateway or leaf node connection is reported. Connect attempts are made once every second. | integer | 3600 |
reconnect_error_reports | Number of failed attempt to reconnect a route, gateway or leaf node connection. Default is to report every attempt. | integer | 1 |
max_traced_msg_len | Set a limit to the trace of the payload of a message. | integer | 0 |
Runtime Configuration
| Name | Description | Type | Default |
|---|---|---|---|
max_control_line | Maximum length of a protocol line (including combined length of subject and queue group). Increasing this value may require client changes to be used. Applies to all traffic. | string | 4KB |
max_connections | Maximum number of active client connections. | string | 64K |
max_payload | Maximum number of bytes in a message payload. Reducing this size may force you to implement chunking in your clients. Applies to client and leafnode payloads. It is not recommended to use values over 8MB but max_payload can be set up to 64MB. The max payload must be equal or smaller to the max_pending value. | string | 1MB |
max_pending | Maximum number of bytes buffered for a connection Applies to client connections. Note that applications can also set PendingLimits (number of messages and total size) for their subscriptions. | string | 64MB |
max_subscriptions | Maximum numbers of subscriptions per client and leafnode accounts connection. A value of 0 means unlimited. | string | 0 |
max_subscription_tokens | integer | - | |
ping_interval | Duration at which pings are sent to clients, leaf nodes and routes. In the presence of client traffic, such as messages or client side pings, the server will not send pings. Therefore it is recommended to keep this value bigger than what clients use. | string | 2m |
ping_max | After how many unanswered pings the server will allow before closing the connection. | integer | 2 |
write_deadline | Maximum number of seconds the server will block when writing. Once this threshold is exceeded the connection will be closed. See slow consumer on how to deal with this on the client. | duration | 10s |
no_header_support | Disables support for message headers. | boolean | - |
disable_sublist_cache | If true, disable subscription caches for all accounts. This saves resources in situations where different subjects are used all the time. | boolean | false |
lame_duck_duration | Must be at least 30s. | duration | 2m |
lame_duck_grace_period | This is the duration the server waits, after entering lame duck mode, before starting to close client connections | duration | 10s |
pidfile | string | - | |
ports_file_dir | string | - | |
prof_port | integer | - | |
default_js_domain | Account to domain name mapping. | string | - |