Skip to content

Deployment Overview of NATS on Server

Prerequisites and Basic Requirements

The deployment of NATS on the server requires the following environment specifications:

  • Operating System: Ubuntu (compatible with Docker and systemd).

  • Privileges: Root access or sudo privileges are required to manage Docker containers, systemd services, and firewall rules.

  • Domain: The server must be configured to resolve the hostkey.in domain.

  • Ports: The system utilizes specific ports for client connections, monitoring, and external web access.

FQDN of the Final Panel

The application is accessible via the Fully Qualified Domain Name (FQDN) on the hostkey.in domain. The format follows the pattern <prefix><Server ID>.hostkey.in:<port>.

  • Domain: hostkey.in

  • Prefix: nats

  • External Port: 443

  • Example FQDN: nats<Server ID>.hostkey.in:443

File and Directory Structure

The NATS application and its associated components utilize the following directory structure:

  • Base Directory: /opt/nats

  • Configuration Directory: /opt/nats/conf

  • Data Directory: /opt/nats/data

  • Configuration File: /opt/nats/conf/nats-server.conf

  • Nginx Configuration Directory: /data/nginx/user_conf.d

  • Nginx Compose Directory: /root/nginx

Application Installation Process

The NATS server is deployed using a Docker container managed by a systemd service. The installation involves the following components:

  • Docker Image: nats:latest

  • Container Name: nats

  • Deployment Method: The container is launched via a systemd unit file that handles the execution of the docker run command.

  • Configuration: The server reads its configuration from the mounted file /opt/nats/conf/nats-server.conf.

Docker Containers and Their Deployment

The NATS service runs as a single Docker container with the following specifications:

  • Image: nats:latest

  • Container Name: nats

  • Port Mappings:

  • Client Port: Host 4222 maps to Container 4222.

  • HTTP Monitoring Port: Host 8222 maps to Container 8222.

  • Volume Mounts:

  • Configuration: /opt/nats/conf/nats-server.conf is mounted to /etc/nats/nats-server.conf (read-only).

  • Data: /opt/nats/data is mounted to /data inside the container.

  • Command: The container executes with the argument -c /etc/nats/nats-server.conf.

Proxy Servers

External access to the NATS monitoring interface is handled by an Nginx reverse proxy with SSL termination.

  • Proxy Image: jonasal/nginx-certbot:latest

  • Proxy Configuration Location: /root/nginx/compose.yml

  • SSL/Certificates: Managed via Certbot with the email [email protected].

  • Proxy Rule: The Nginx configuration routes traffic from the domain to the internal NATS monitoring port.

  • Target: http://127.0.0.1:8222

  • Location Block: location /

  • Environment: The proxy uses an environment file located at /data/nginx/nginx-certbot.env.

Access Rights and Security

The NATS server is configured with the following security parameters:

  • Authentication Mode: none (Authentication is currently disabled in the default configuration).

  • Authentication Token: nats_tk_pzTg6dE4y0hFQwN7cJv1sLr2mX9aK4bH8uV3qR5sY1 (Defined in variables but not active unless mode is changed).

  • User/Password: nats / ansible_ssh_pass (Defined in variables but not active unless mode is changed).

  • Firewall: External traffic on port 443 is handled by the Nginx proxy. Direct access to ports 4222 and 8222 is available on the host.

Databases

The NATS server does not utilize an external database.

  • JetStream Status: Disabled (false).

  • Storage: If JetStream were enabled, it would use the directory /data with a maximum memory store of 1G and a maximum file store of 100G.

Permission Settings

The following permissions are applied to the NATS directories and files:

  • Directories (/opt/nats/conf, /opt/nats/data): Mode 0755.

  • Configuration File (/opt/nats/conf/nats-server.conf): Mode 0644.

  • Systemd Unit File (/etc/systemd/system/nats.service): Mode 0644.

  • Nginx Compose File (/root/nginx/compose.yml): Mode 0644.

  • Nginx Directory (/root/nginx): Mode 0755, owned by root:root.

Location of Configuration Files and Data

  • NATS Server Configuration: /opt/nats/conf/nats-server.conf

  • NATS Data Storage: /opt/nats/data

  • Nginx Compose File: /root/nginx/compose.yml

  • Nginx User Configuration: /data/nginx/user_conf.d/nats<Server ID>.hostkey.in.conf

  • Systemd Service Unit: /etc/systemd/system/nats.service

Available Ports for Connection

The following ports are open and configured for the NATS service:

  • 4222: NATS Client Port (TCP).

  • 8222: NATS HTTP Monitoring Port (TCP).

  • 443: HTTPS Port for the Nginx proxy (External access to monitoring).

Starting, Stopping, and Updating

The NATS service is managed via systemd. Use the following commands to control the service:

  • Start the service: 

    systemctl start nats

  • Stop the service: 

    systemctl stop nats

  • Restart the service: 

    systemctl restart nats

  • Enable the service on boot: 

    systemctl enable nats

  • Check service status: 

    systemctl status nats

To update the Docker image, the systemd unit automatically pulls the latest image if the configuration or unit file changes, or it can be manually triggered by restarting the service after pulling the image via docker pull nats:latest.

question_mark
Is there anything I can help you with?
question_mark
AI Assistant ×