tvaliasek · November 27, 2023 19:33
diff --git a/nats-install.sh b/nats-install.sh
 #!/bin/bash
 cd /tmp
 wget https://github.com/nats-io/nats-server/releases/download/v2.10.5/nats-server-v2.10.5-amd64.rpm 
 yum install -y /tmp/nats-server-v2.10.5-amd64.rpm
 rm -rf /tmp/nats-server-v2.10.5-amd64.rpm
 useradd -U -M -r -s /sbin/nologin nats
 mkdir -p /var/nats
 mkdir -p /etc/nats/ssl

 cat <<EOF > /etc/nats/nats-server.conf
 server_name: nats1.localhost.lcl
 client_advertise: nats1.localhost.lcl:4222
 # Client port of 4222 on all interfaces
 port: 4222

 # HTTP monitoring port
 monitor_port: 8222

 # This is for clustering multiple servers together.
 cluster {
  # It is recommended to set a cluster name
  name: "nats-cluster-name"

  pool_size: 6

  # Route connections to be received on any interface on port 6222
  port: 6222

  # Routes are protected, so need to use them with --routes flag
  # e.g. --routes=nats-route://ruser:T0pS3cr3t@otherdockerhost:6222
  authorization {
    user: user
    password: password
    timeout: 2
  }

  # Routes are actively solicited and connected to from this server.
  # This Docker image has none by default, but you can pass a
  # flag to the nats-server docker image to create one to an existing server.
  routes = [
      "nats://user:[email protected]:6222",
      "nats://user:[email protected]:6222",
      "nats://user:[email protected]:6222"
  ]
 }

 tls {
  cert_file: "/etc/nats/ssl/nats-server.pem"
  key_file: "/etc/nats/ssl/nats-server-key.pem"
  ca_file: "/etc/nats/ssl/ca.pem"
 }

 # uncomment for logging to file
 #debug: false
 #trace: false
 #logtime: true
 #log_file: "/var/nats/nats-server.log"
 #logfile_size_limit: 100MB

 jetstream {
  store_dir: "/var/nats"
  # 1GB
  max_memory_store: 1073741824
  # 10GB
  max_file_store: 10737418240
 }
 EOF

 cat <<EOF > /etc/systemd/system/nats-server.service
 [Unit]
 Description=NATS Server
 After=network-online.target ntp.service

 [Service]
 PrivateTmp=true
 Type=simple
 ExecStart=/usr/bin/nats-server -c /etc/nats/nats-server.conf
 ExecReload=/bin/kill -s HUP $MAINPID
 ExecStop=/bin/kill -s SIGINT $MAINPID
 User=nats
 Group=nats
 # The nats-server uses SIGUSR2 to trigger using Lame Duck Mode (LDM) shutdown
 KillSignal=SIGUSR2
 # You might want to adjust TimeoutStopSec too.

 [Install]
 WantedBy=multi-user.target

 EOF

 cat <<EOF > /etc/nats/ssl/ca.pem
 -----BEGIN CERTIFICATE-----
 <YOUR SERVER CA CERTIFICATE>
 -----END CERTIFICATE-----
 EOF

 cat <<EOF > /etc/nats/ssl/nats-server.pem
 -----BEGIN CERTIFICATE-----
 <YOUR SERVER CERTIFICATE>
 -----END CERTIFICATE-----
 EOF

 cat <<EOF > /etc/nats/ssl/nats-server-key.pem
 -----BEGIN RSA PRIVATE KEY-----
 <YOUR SERVER PRIVATE KEY>
 -----END RSA PRIVATE KEY-----
 EOF

 systemctl daemon-reload
 chown -R nats:nats /var/nats
 systemctl enable nats-server
 firewall-cmd --add-port=6222/tcp --zone=public --permanent
 firewall-cmd --add-port=4222/tcp --zone=public --permanent
 firewall-cmd --reload
	#!/bin/bash
	cd /tmp
	wget https://github.com/nats-io/nats-server/releases/download/v2.10.5/nats-server-v2.10.5-amd64.rpm
	yum install -y /tmp/nats-server-v2.10.5-amd64.rpm
	rm -rf /tmp/nats-server-v2.10.5-amd64.rpm
	useradd -U -M -r -s /sbin/nologin nats
	mkdir -p /var/nats
	mkdir -p /etc/nats/ssl

	cat <<EOF > /etc/nats/nats-server.conf
	server_name: nats1.localhost.lcl
	client_advertise: nats1.localhost.lcl:4222
	# Client port of 4222 on all interfaces
	port: 4222

	# HTTP monitoring port
	monitor_port: 8222

	# This is for clustering multiple servers together.
	cluster {
	# It is recommended to set a cluster name
	name: "nats-cluster-name"

	pool_size: 6

	# Route connections to be received on any interface on port 6222
	port: 6222

	# Routes are protected, so need to use them with --routes flag
	# e.g. --routes=nats-route://ruser:T0pS3cr3t@otherdockerhost:6222
	authorization {
	user: user
	password: password
	timeout: 2
	}

	# Routes are actively solicited and connected to from this server.
	# This Docker image has none by default, but you can pass a
	# flag to the nats-server docker image to create one to an existing server.
	routes = [
	"nats://user:[email protected]:6222",
	"nats://user:[email protected]:6222",
	"nats://user:[email protected]:6222"
	]
	}

	tls {
	cert_file: "/etc/nats/ssl/nats-server.pem"
	key_file: "/etc/nats/ssl/nats-server-key.pem"
	ca_file: "/etc/nats/ssl/ca.pem"
	}

	# uncomment for logging to file
	#debug: false
	#trace: false
	#logtime: true
	#log_file: "/var/nats/nats-server.log"
	#logfile_size_limit: 100MB

	jetstream {
	store_dir: "/var/nats"
	# 1GB
	max_memory_store: 1073741824
	# 10GB
	max_file_store: 10737418240
	}
	EOF

	cat <<EOF > /etc/systemd/system/nats-server.service
	[Unit]
	Description=NATS Server
	After=network-online.target ntp.service

	[Service]
	PrivateTmp=true
	Type=simple
	ExecStart=/usr/bin/nats-server -c /etc/nats/nats-server.conf
	ExecReload=/bin/kill -s HUP $MAINPID
	ExecStop=/bin/kill -s SIGINT $MAINPID
	User=nats
	Group=nats
	# The nats-server uses SIGUSR2 to trigger using Lame Duck Mode (LDM) shutdown
	KillSignal=SIGUSR2
	# You might want to adjust TimeoutStopSec too.

	[Install]
	WantedBy=multi-user.target

	EOF

	cat <<EOF > /etc/nats/ssl/ca.pem
	-----BEGIN CERTIFICATE-----
	<YOUR SERVER CA CERTIFICATE>
	-----END CERTIFICATE-----
	EOF

	cat <<EOF > /etc/nats/ssl/nats-server.pem
	-----BEGIN CERTIFICATE-----
	<YOUR SERVER CERTIFICATE>
	-----END CERTIFICATE-----
	EOF

	cat <<EOF > /etc/nats/ssl/nats-server-key.pem
	-----BEGIN RSA PRIVATE KEY-----
	<YOUR SERVER PRIVATE KEY>
	-----END RSA PRIVATE KEY-----
	EOF

	systemctl daemon-reload
	chown -R nats:nats /var/nats
	systemctl enable nats-server
	firewall-cmd --add-port=6222/tcp --zone=public --permanent
	firewall-cmd --add-port=4222/tcp --zone=public --permanent
	firewall-cmd --reload