Implement ssl across NATS clients in an LFH network #98
Comments
|
We wound up being able to forego the NATS client cert definition in the NATS client SSL context. However, we do need the CA cert of the remote LFH instance we want to connect to in the local rootCA.pem file on NATS client startup. So, even without a process around registering a listener and creating a JetStream consumer, we still need a step to add the rootCA cert of any other LFH instances from which we need to receive NATS messages. It's possible that we can do this programmatically. If we get the remote CA cert before starting the NATS client, we should be able to avoid a pyconnect restart. |
|
Also, sync does work across LFH instances, once NATS client connections are working. Except there is an unintended consequence of replaying a transaction - pyconnect does not know that it is a replay and will send a NATS message, an "echo", which the originator of the transaction receives, resulting in an infinite replay. |
For synchronization, a NATS client in one LFH instance needs to be able to connect to a NATS server in another LFH instance. Implement a certificate strategy that will work across LFH instances.
The text was updated successfully, but these errors were encountered: