From ceaafc48d40f20e23bdc8cfcf79bdedb0ba7c81f Mon Sep 17 00:00:00 2001 From: Joseph Doherty Date: Sun, 22 Feb 2026 21:56:33 -0500 Subject: [PATCH] =?UTF-8?q?feat:=20add=20project=20setup=20for=20monitorin?= =?UTF-8?q?g=20and=20TLS=20=E2=80=94=20csproj,=20config=20options,=20Serve?= =?UTF-8?q?rInfo=20TLS=20fields?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add FrameworkReference to Microsoft.AspNetCore.App to enable Kestrel Minimal APIs for the monitoring HTTP server. Remove the now-redundant Microsoft.Extensions.Logging.Abstractions PackageReference (it is included transitively via the framework reference). Add monitoring config properties (MonitorPort, MonitorHost, MonitorBasePath, MonitorHttpsPort) and TLS config properties (TlsCert, TlsKey, TlsCaCert, TlsVerify, TlsHandshakeFirst, etc.) to NatsOptions. Add TlsRequired, TlsVerify, and TlsAvailable fields to ServerInfo so the server can advertise TLS capability in the INFO protocol message. --- src/NATS.Server/NATS.Server.csproj | 2 +- src/NATS.Server/NatsOptions.cs | 27 +++++++++++++++++++++++- src/NATS.Server/Protocol/NatsProtocol.cs | 12 +++++++++++ 3 files changed, 39 insertions(+), 2 deletions(-) diff --git a/src/NATS.Server/NATS.Server.csproj b/src/NATS.Server/NATS.Server.csproj index 55d61f5..90fbca3 100644 --- a/src/NATS.Server/NATS.Server.csproj +++ b/src/NATS.Server/NATS.Server.csproj @@ -1,5 +1,5 @@ - + diff --git a/src/NATS.Server/NatsOptions.cs b/src/NATS.Server/NatsOptions.cs index 60238c0..00e3a2d 100644 --- a/src/NATS.Server/NatsOptions.cs +++ b/src/NATS.Server/NatsOptions.cs @@ -1,3 +1,5 @@ +using System.Security.Authentication; + namespace NATS.Server; public sealed class NatsOptions @@ -5,9 +7,32 @@ public sealed class NatsOptions public string Host { get; set; } = "0.0.0.0"; public int Port { get; set; } = 4222; public string? ServerName { get; set; } - public int MaxPayload { get; set; } = 1024 * 1024; // 1MB + public int MaxPayload { get; set; } = 1024 * 1024; public int MaxControlLine { get; set; } = 4096; public int MaxConnections { get; set; } = 65536; public TimeSpan PingInterval { get; set; } = TimeSpan.FromMinutes(2); public int MaxPingsOut { get; set; } = 2; + + // Monitoring (0 = disabled; standard port is 8222) + public int MonitorPort { get; set; } + public string MonitorHost { get; set; } = "0.0.0.0"; + public string? MonitorBasePath { get; set; } + // 0 = disabled + public int MonitorHttpsPort { get; set; } + + // TLS + public string? TlsCert { get; set; } + public string? TlsKey { get; set; } + public string? TlsCaCert { get; set; } + public bool TlsVerify { get; set; } + public bool TlsMap { get; set; } + public TimeSpan TlsTimeout { get; set; } = TimeSpan.FromSeconds(2); + public bool TlsHandshakeFirst { get; set; } + public TimeSpan TlsHandshakeFirstFallback { get; set; } = TimeSpan.FromMilliseconds(50); + public bool AllowNonTls { get; set; } + public long TlsRateLimit { get; set; } + public HashSet? TlsPinnedCerts { get; set; } + public SslProtocols TlsMinVersion { get; set; } = SslProtocols.Tls12; + + public bool HasTls => TlsCert != null && TlsKey != null; } diff --git a/src/NATS.Server/Protocol/NatsProtocol.cs b/src/NATS.Server/Protocol/NatsProtocol.cs index 75ccde0..e4e3768 100644 --- a/src/NATS.Server/Protocol/NatsProtocol.cs +++ b/src/NATS.Server/Protocol/NatsProtocol.cs @@ -61,6 +61,18 @@ public sealed class ServerInfo [JsonPropertyName("client_ip")] [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)] public string? ClientIp { get; set; } + + [JsonPropertyName("tls_required")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)] + public bool TlsRequired { get; set; } + + [JsonPropertyName("tls_verify")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)] + public bool TlsVerify { get; set; } + + [JsonPropertyName("tls_available")] + [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingDefault)] + public bool TlsAvailable { get; set; } } public sealed class ClientOptions