mirror of
https://github.com/matrix-org/dendrite
synced 2024-12-15 07:53:45 +01:00
Disable NATS Server logging, allow self-signed certificates (#2605)
* Disable NATS Server logs in CI * Add option to disable TLS validation for NATS
This commit is contained in:
parent
ca3fa58388
commit
7ec70272d2
4 changed files with 25 additions and 1 deletions
|
@ -113,6 +113,11 @@ global:
|
||||||
addresses:
|
addresses:
|
||||||
# - localhost:4222
|
# - localhost:4222
|
||||||
|
|
||||||
|
# Disable the validation of TLS certificates of NATS. This is
|
||||||
|
# not recommended in production since it may allow NATS traffic
|
||||||
|
# to be sent to an insecure endpoint.
|
||||||
|
disable_tls_validation: false
|
||||||
|
|
||||||
# Persistent directory to store JetStream streams in. This directory should be
|
# Persistent directory to store JetStream streams in. This directory should be
|
||||||
# preserved across Dendrite restarts.
|
# preserved across Dendrite restarts.
|
||||||
storage_path: ./
|
storage_path: ./
|
||||||
|
|
|
@ -103,6 +103,11 @@ global:
|
||||||
addresses:
|
addresses:
|
||||||
- hostname:4222
|
- hostname:4222
|
||||||
|
|
||||||
|
# Disable the validation of TLS certificates of NATS. This is
|
||||||
|
# not recommended in production since it may allow NATS traffic
|
||||||
|
# to be sent to an insecure endpoint.
|
||||||
|
disable_tls_validation: false
|
||||||
|
|
||||||
# The prefix to use for stream names for this homeserver - really only useful
|
# The prefix to use for stream names for this homeserver - really only useful
|
||||||
# if you are running more than one Dendrite server on the same NATS deployment.
|
# if you are running more than one Dendrite server on the same NATS deployment.
|
||||||
topic_prefix: Dendrite
|
topic_prefix: Dendrite
|
||||||
|
|
|
@ -17,6 +17,10 @@ type JetStream struct {
|
||||||
TopicPrefix string `yaml:"topic_prefix"`
|
TopicPrefix string `yaml:"topic_prefix"`
|
||||||
// Keep all storage in memory. This is mostly useful for unit tests.
|
// Keep all storage in memory. This is mostly useful for unit tests.
|
||||||
InMemory bool `yaml:"in_memory"`
|
InMemory bool `yaml:"in_memory"`
|
||||||
|
// Disable logging. This is mostly useful for unit tests.
|
||||||
|
NoLog bool `yaml:"-"`
|
||||||
|
// Disables TLS validation. This should NOT be used in production
|
||||||
|
DisableTLSValidation bool `yaml:"disable_tls_validation"`
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *JetStream) Prefixed(name string) string {
|
func (c *JetStream) Prefixed(name string) string {
|
||||||
|
@ -32,6 +36,8 @@ func (c *JetStream) Defaults(generate bool) {
|
||||||
c.TopicPrefix = "Dendrite"
|
c.TopicPrefix = "Dendrite"
|
||||||
if generate {
|
if generate {
|
||||||
c.StoragePath = Path("./")
|
c.StoragePath = Path("./")
|
||||||
|
c.NoLog = true
|
||||||
|
c.DisableTLSValidation = true
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,6 +1,7 @@
|
||||||
package jetstream
|
package jetstream
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"crypto/tls"
|
||||||
"fmt"
|
"fmt"
|
||||||
"reflect"
|
"reflect"
|
||||||
"strings"
|
"strings"
|
||||||
|
@ -45,6 +46,7 @@ func (s *NATSInstance) Prepare(process *process.ProcessContext, cfg *config.JetS
|
||||||
NoSystemAccount: true,
|
NoSystemAccount: true,
|
||||||
MaxPayload: 16 * 1024 * 1024,
|
MaxPayload: 16 * 1024 * 1024,
|
||||||
NoSigs: true,
|
NoSigs: true,
|
||||||
|
NoLog: cfg.NoLog,
|
||||||
})
|
})
|
||||||
if err != nil {
|
if err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
|
@ -75,7 +77,13 @@ func (s *NATSInstance) Prepare(process *process.ProcessContext, cfg *config.JetS
|
||||||
func setupNATS(process *process.ProcessContext, cfg *config.JetStream, nc *natsclient.Conn) (natsclient.JetStreamContext, *natsclient.Conn) {
|
func setupNATS(process *process.ProcessContext, cfg *config.JetStream, nc *natsclient.Conn) (natsclient.JetStreamContext, *natsclient.Conn) {
|
||||||
if nc == nil {
|
if nc == nil {
|
||||||
var err error
|
var err error
|
||||||
nc, err = natsclient.Connect(strings.Join(cfg.Addresses, ","))
|
opts := []nats.Option{}
|
||||||
|
if cfg.DisableTLSValidation {
|
||||||
|
opts = append(opts, nats.Secure(&tls.Config{
|
||||||
|
InsecureSkipVerify: true,
|
||||||
|
}))
|
||||||
|
}
|
||||||
|
nc, err = natsclient.Connect(strings.Join(cfg.Addresses, ","), opts...)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
logrus.WithError(err).Panic("Unable to connect to NATS")
|
logrus.WithError(err).Panic("Unable to connect to NATS")
|
||||||
return nil, nil
|
return nil, nil
|
||||||
|
|
Loading…
Reference in a new issue