logsearch / nats_to_syslog Goto Github PK

Hi,

I sat up correctly the nats connection. nats://nats:[email protected]:4222. however, i got the following error from ingestor-bosh-nats VM

{"timestamp":"1496958794.021312475","source":"nats_to_syslog","message":"nats_to_syslog.connecting-to-nats.error","log_level":2,"data":{"error":"nats: no servers available for connection","session":"1"}}. 

Could i know why please?

Thank you!

My team been using nats_to_syslog for a long time against nats on older bosh directors... With a new director, it appears that the director requires TLS and so we're trying to play along. The adventure thus far:

• Got nats: secure connection required error and so we updated our URL prefix to be tls:// instead of nats://
• Then got x509: certificate signed by unknown authority, resolved by placing the NATS server CA cert on the host running nats_to_syslog
• Now seeing remote error: bad certificate, presumably due to having an IP address in our URL but the cert having CN of default.nats-ca.bosh-internal (and no subject alternative names matching the IP address)

I see that Golang offers a brute force way to allow insecure TLS via InsecureSkipVerify. That is appropriate for our use case (several layers deep within private networks) but not aligned with the "greater good" if we submit a PR back to master.

Some internet sleuthing suggests that Golang offers a way to specify expected server name in cases where reaching TLS server via IP address. Per this on StackOverflow, it seems that we could have the app allow a server name such as default.nats-ca.bosh-internal to be passed in via argument, and then internally it could set tls.Config.ServerName to this value. Or have a "resolve" argument similar to curl --resolve, where one could use the cert-matching name in the URL but provide the desired name-to-IP mapping.

Any advice on how to proceed?

Thanks!