Deploying a NATS App

Introduction

NATS is a high-performance, lightweight messaging system supporting publish/subscribe, queueing, and request/reply. Deploying NATS with a Dockerfile on Klutch.sh delivers reproducible builds, managed secrets, and persistent storage for JetStream state—all configured from klutch.sh/app. This guide covers installation, repository prep, a production-ready Dockerfile, deployment steps, Nixpacks overrides, sample client usage, and production tips.

Prerequisites

A Klutch.sh account (sign up)
A GitHub repository containing your NATS Dockerfile (GitHub is the only supported git source)
Optional: TLS certificates if you secure NATS traffic

For onboarding, see the Quick Start.

Architecture and ports

NATS serves clients over TCP on internal port 4222; choose TCP traffic and set the internal port to 4222.
The web monitoring endpoint (if enabled) typically runs on 8222 (HTTP).
Persistent storage is required only if you enable JetStream.

Repository layout

nats/
├── Dockerfile              # Must be at repo root for auto-detection
└── README.md

Keep secrets (JWTs, creds) out of Git; store them in Klutch.sh environment variables or mount them securely.

Installation (local) and starter commands

Validate locally before pushing to GitHub:

docker build -t nats-local .
docker run -p 4222:4222 nats-local

Dockerfile for NATS (production-ready)

Place this Dockerfile at the repo root; Klutch.sh auto-detects it (no Docker selection in the UI):

FROM nats:2.10-alpine

ENV NATS_LISTEN=:4222

EXPOSE 4222 8222
CMD ["nats-server", "--js", "--http_port", "8222"]

Notes:

Pin the version (e.g., 2.10.x) for stability; update intentionally.
Enable TLS by adding server flags and mounting certs via volumes.
Disable JetStream by removing --js if you only need core NATS.

Environment variables (Klutch.sh)

Set these in Klutch.sh before deploying:

NATS_LISTEN=:4222
Optional auth/TLS flags passed via command or config file (mount a config and adjust CMD if needed).

If you deploy without the Dockerfile and need Nixpacks overrides:

NIXPACKS_START_CMD=nats-server --js --http_port 8222

Attach persistent volumes

In Klutch.sh storage settings, add mount paths and sizes (no names required) if you use JetStream:

/data/jetstream — JetStream storage for streams and consumer state.

Ensure this path is writable inside the container.

Deploy NATS on Klutch.sh (Dockerfile workflow)

Push your repository—with the Dockerfile at the root—to GitHub.
Open klutch.sh/app, create a project, and add an app.
Select TCP traffic and set the internal port to 4222.
Add the environment variables above and any auth/TLS settings you require.
Attach a persistent volume for /data/jetstream if you enable JetStream, sizing it for your retention needs.
Deploy. Connect clients via nats://example-app.klutch.sh:8000 (mapped to internal 4222).

Sample client usage (JavaScript)

import { connect, StringCodec } from "nats";

const nc = await connect({ servers: "nats://example-app.klutch.sh:8000" });
const sc = StringCodec();

// Publish
nc.publish("updates", sc.encode("Hello from NATS on Klutch.sh!"));

// Subscribe
const sub = nc.subscribe("updates");
for await (const m of sub) {
  console.log(`Received [${sub.getProcessed()}]: ${sc.decode(m.data)}`);
}

Health checks and production tips

Add a TCP probe on 4222 or an HTTP probe on 8222 if monitoring is enabled.
Enforce TLS for production; store certs securely in volumes or secrets.
Monitor JetStream disk usage; resize /data/jetstream before it fills.
Pin image versions and test upgrades in staging; back up JetStream state when updating.

NATS on Klutch.sh combines reproducible Docker builds with managed secrets, persistent storage, and flexible HTTP/TCP routing. With the Dockerfile at the repo root, TCP port 4222 configured, and optional JetStream storage persisted, you can deliver high-performance messaging without extra YAML or workflow overhead.