Skip to content

Commit

Permalink
feat: replaced with nkey (#36)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jibon57
jibon57 authored Feb 20, 2025
1 parent a0a5dd1 commit f996706
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 19 deletions.
4 changes: 2 additions & 2 deletions install-files/config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,9 +96,9 @@ nats_info:
nats_ws_urls:
- "https://PLUG_N_MEET_SERVER_DOMAIN/ws"
account: NATS_ACCOUNT
user: NATS_USER
password: NATS_PASSWORD
nkey: NATS_NKEY_PRIVATE_KEY
auth_callout_issuer_private: NATS_CALLOUT_PRIVATE_KEY
auth_callout_xkey_private: NATS_CALLOUT_XKEY_PRIVATE_KEY
num_replicas: 1 # 1,3,or 5
subjects:
system_api_worker: "sysApiWorker"
Expand Down
6 changes: 3 additions & 3 deletions install-files/nats-server.conf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,7 @@ accounts {
]
users: [
{
user: _NATS_USER_,
password: "_NATS_PASSWORD_CRYPT_",
nkey: _NATS_NKEY_PUBLIC_KEY_
}
]
}
Expand All @@ -40,7 +39,8 @@ authorization {
timeout: 5
auth_callout {
issuer: _NATS_CALLOUT_PUBLIC_KEY_
auth_users: [ _NATS_USER_ ]
auth_users: [ _NATS_NKEY_PUBLIC_KEY_ ]
account: _NATS_ACCOUNT_
xkey: _NATS_CALLOUT_XKEY_PUBLIC_KEY_
}
}
35 changes: 21 additions & 14 deletions install.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -233,20 +233,29 @@ install_mariadb() {
prepare_nats() {
wget ${CONFIG_DOWNLOAD_URL}/nats-server.conf -O ./nats-server.conf
NATS_ACCOUNT="PNM"
NATS_USER="auth"
NATS_PASSWORD=$(random_key 36)
NATS_PASSWORD_CRYPT=$(docker run --rm -it bitnami/natscli:latest server passwd -p "${NATS_PASSWORD}" | tr -d '\r')

# for auth account
OUTPUT=$(docker run --rm -it natsio/nats-box:latest nsc generate nkey --account)
readarray -t array < <(printf '%b\n' "${OUTPUT}")

NATS_CALLOUT_PUBLIC_KEY=${array[1]}
NATS_CALLOUT_PRIVATE_KEY=${array[0]}
readarray -t account < <(printf '%b\n' "${OUTPUT}")
NATS_CALLOUT_PUBLIC_KEY=$(echo "${account[1]}" | tr -d '\r')
NATS_CALLOUT_PRIVATE_KEY=$(echo "${account[0]}" | tr -d '\r')

# for nkey user
OUTPUT=$(docker run --rm -it natsio/nats-box:latest nsc generate nkey --user)
readarray -t user < <(printf '%b\n' "${OUTPUT}")
NATS_NKEY_PUBLIC_KEY=$(echo "${user[1]}" | tr -d '\r')
NATS_NKEY_PRIVATE_KEY=$(echo "${user[0]}" | tr -d '\r')

# for xkey
OUTPUT=$(docker run --rm -it natsio/nats-box:latest nsc generate nkey --curve)
readarray -t curve < <(printf '%b\n' "${OUTPUT}")
NATS_XKEY_PUBLIC_KEY=$(echo "${curve[1]}" | tr -d '\r')
NATS_XKEY_PRIVATE_KEY=$(echo "${curve[0]}" | tr -d '\r')

sed -i "s/_NATS_ACCOUNT_/${NATS_ACCOUNT}/g" nats-server.conf
sed -i "s/_NATS_USER_/${NATS_USER}/g" nats-server.conf
sed -i "s|_NATS_PASSWORD_CRYPT_|${NATS_PASSWORD_CRYPT}|g" nats-server.conf
sed -i "s/_NATS_NKEY_PUBLIC_KEY_/${NATS_NKEY_PUBLIC_KEY}/g" nats-server.conf
sed -i "s/_NATS_CALLOUT_PUBLIC_KEY_/${NATS_CALLOUT_PUBLIC_KEY}/g" nats-server.conf
sed -i "s/_NATS_CALLOUT_XKEY_PUBLIC_KEY_/${NATS_XKEY_PUBLIC_KEY}/g" nats-server.conf
}

prepare_server() {
Expand Down Expand Up @@ -277,9 +286,9 @@ prepare_server() {

# nats
sed -i "s/NATS_ACCOUNT/${NATS_ACCOUNT}/g" config.yaml
sed -i "s/NATS_USER/${NATS_USER}/g" config.yaml
sed -i "s/NATS_PASSWORD/${NATS_PASSWORD}/g" config.yaml
sed -i "s/NATS_NKEY_PRIVATE_KEY/${NATS_NKEY_PRIVATE_KEY}/g" config.yaml
sed -i "s/NATS_CALLOUT_PRIVATE_KEY/${NATS_CALLOUT_PRIVATE_KEY}/g" config.yaml
sed -i "s/NATS_CALLOUT_XKEY_PRIVATE_KEY/${NATS_XKEY_PRIVATE_KEY}/g" config.yaml
sed -i "s/PLUG_N_MEET_SERVER_DOMAIN/${PLUG_N_MEET_SERVER_DOMAIN}/g" config.yaml

# plugNmeet
Expand Down Expand Up @@ -357,14 +366,12 @@ install_recorder() {
FILENAME="plugnmeet-recorder-linux-${ARCH}"
wget "${RECORDER_DOWNLOAD_URL}/${FILENAME}.zip" -O recorder.zip
unzip recorder.zip -d recorder && rm recorder.zip
cp recorder/config_sample.yaml recorder/config.yaml
mv -f recorder/config_sample.yaml recorder/config.yaml
mv -f "recorder/${FILENAME}" recorder/plugnmeet-recorder

sed -i "s/PLUG_N_MEET_SERVER_DOMAIN/\"https:\/\/${PLUG_N_MEET_SERVER_DOMAIN}\"/g" recorder/config.yaml
sed -i "s/PLUG_N_MEET_API_KEY/${PLUG_N_MEET_API_KEY}/g" recorder/config.yaml
sed -i "s/PLUG_N_MEET_SECRET/${PLUG_N_MEET_SECRET}/g" recorder/config.yaml
sed -i "s/NATS_USER/${NATS_USER}/g" recorder/config.yaml
sed -i "s/NATS_PASSWORD/${NATS_PASSWORD}/g" recorder/config.yaml
}

can_run() {
Expand Down

0 comments on commit f996706

Please sign in to comment.