NATS

1. Type virtual machines in the search.
2. Under Services, select Virtual machines.
3. In the Virtual machines page, select Add. The Create a virtual machine page opens.
4. In the Basics tab, under Project details, make sure the correct subscription is selected and then choose to Create new resource group. Type myResourceGroup for the name.*.
5. Under Instance details, type myVM for the Virtual machine name, choose East US for your Region, and choose Ubuntu 18.04 LTS for your Image. Leave the other defaults.
6. Under Administrator account, select SSH public key, type your user name, then paste in your public key. Remove any leading or trailing white space in your public key.
7. Under Inbound port rules > Public inbound ports, choose Allow selected ports and then select SSH (22) and HTTP (80) from the drop-down.
8. Leave the remaining defaults and then select the Review + create button at the bottom of the page.
9. On the Create a virtual machine page, you can see the details about the VM you are about to create. When you are ready, select Create.

It will take a few minutes for your VM to be deployed. When the deployment is finished, move on to the next section.

Connect to virtual machine

Create an SSH connection with the VM.

1. Select the Connect button on the overview page for your VM.
2. In the Connect to virtual machine page, keep the default options to connect by IP address over port 22. In Login using VM local account a connection command is shown. Select the button to copy the command. The following example shows what the SSH connection command looks like:

bashCopy

ssh azureuser@10.111.12.123

1. Using the same bash shell you used to create your SSH key pair (you can reopen the Cloud Shell by selecting >_ again or going to https://shell.azure.com/bash), paste the SSH connection command into the shell to create an SSH session.

Usage/Deployment Instructions

Step 1: Access NATS in Azure Marketplace and click on get it now button.

Click on Continue then on Create;

Step 2: Now to create a virtual machine, enter or select appropriate values for zone, machine type, resource group and so on as per your choice.

Click on Review + create;

Step 3: Use the browser to access the application at http://<instance ip address> replace <instance ip address> with the actual ip address of the running instance.

Note: You will get the Instance IP Address as shown in the screenshot below:

Step 4: Start the NATS Server;

Sudo su

/srv/nats/bin/gnatsd -c /srv/nats/gnatsd.config

Check the Status;

Systemctl status nats

You can also start NATS as a service;

systemctl start nats

Step 5 — Securing Connections to the NATS Service

Follow the below Steps to secure the Service

Create a directory to hold the certificate temporarily:

• mkdir ~/priv
• Copy, Then create a self-signed certificate with the following command:

• openssl req -x509 -nodes -days 3650 -newkey rsa:2048
•  
•     -keyout priv/gnatsd.key -out priv/gnatsd.crt
•  
•     -subj “/C=US/ST=Texas/L=Austin/O=AwesomeThings/CN=www.example.com”

Copy this command, creates an RSA certificate with 2048 bits and 10 years of validity. Note that we have used an arbitrary domain name since we won’t enable TLS verification for the gnatsd server in this article.

You should now have the files gnatsd.key and gnatsd.crt in the ~/priv directory. Let’s move those files under our /srv/nats/ directory structure so everything is in one place. Execute the following command:

• sudo mv ~/priv /srv/nats

Now, make /srv/nats/priv accessible to only to the nats user and group:

• sudo chmod 440 /srv/nats/priv/*
•  
• sudo chmod 550 /srv/nats/priv
•  
• sudo chown -R nats:nats /srv/nats/priv

 Now we update /srv/nats/gnatsd.config to contain the certificate and key we just created. Open the configuration file again:

• sudo nano /srv/nats/gnatsd.config

 add the following section to tell gnatsd to use your certificate and key:

/srv/nats/gnatsd.config

. . .

tls {

 cert_file: “/srv/nats/priv/gnatsd.crt”

 key_file: “/srv/nats/priv/gnatsd.key”

 timeout: 1

}

 Save the file and exit the editor. Then restart the service so it can pick up the changes.

• sudo systemctl restart nats

Let’s test that our certificates work. Run this command:

• printf “PINGrn” | nc localhost 4222

This time, the command outputs this message:

Output

INFO {“server_id”:”npkIPrCE5Kp8O3v1EfV8dz”,”version”:”0.9.4″,”go”:”go1.6.3″,”host”:”127.0.0.1″,”port”:4222,”auth_required”:false,”ssl_required”:true,”tls_required”:true,”tls_verify”:false,”max_payload”:1048576}

-ERR ‘Secure Connection – TLS Required’

The server returned the message -ERR ‘Secure Connection – TLS Required’ which confirms that the new configuration was picked up and a secure connection is required, which nc doesn’t know how to do.

In order to be able to communicate with our NATS service without installing a full blown NATS client, we will be using a tool called catnats. Let’s download it first:

• wget https://github.com/yuce/catnats/raw/0.1.2/catnats.py
• Copy And make it executable:
• chmod +x catnats.py

Finally, move catnats.py to the /srv/nats/bin folder and rename it to catnats:

• sudo mv catnats.py /srv/nats/bin/catnats

Let’s check that we can communicate with our NATS service using catnats, by sending the same PING message we have sent before:

• printf “PINGrn” | /srv/nats/bin/catnats –addr 127.0.0.1:4222

Copy,You’ll see this output indicating our connection is secure:

Output

INFO {“server_id”:”npkIPrCE5Kp8O3v1EfV8dz”,”version”:”0.9.4″,”go”:”go1.6.3″,”host”:”127.0.0.1″,”port”:4222,”auth_required”:false,”ssl_required”:true,”tls_required”:true,”tls_verify”:false,”max_payload”:1048576}

PONG

Now that we have secured the communication,

sudo systemctl restart nats