NOTE: This package is originally based on, which has greatly inspired me to work on this topic. Because we want to use this package in our core infrastructure very heavily and I had some specific ideas around the API, I created my own package based on the original one.

tl;dr: Pick whichever works for you - Open Source rocks :)

caddy-nats-bridge is a caddy module that allows the caddy server to interact with a NATS server in meaningful ways.

Main Features:

The initial of this project was to better bridge HTTP based services with NATS in a pragmatic and straightforward way. If you've been wanting to use NATS, but have some use cases that still need to use HTTP, this may be a really good option for you.

This extension supports multiple patterns: publish/subscribe, fan in/out, and request reply.

Additionally, this extension supports using NATS as Log output.


To use caddy-nats-bridge, simply run the xcaddy build tool to create a caddy-nats-bridge compatible caddy server.

# Prerequisites - install go and xcaddy
brew install go
go install

# now, build your custom Caddy server (NOTE: path to xcaddy might differ on your system).
~/go/bin/xcaddy build --with

Getting Started - NATS as Log Output

(supported since version 0.7.0 of this extension).

Getting up and running with caddy-nats-bridge is pretty simple:

First install NATS and make sure the NATS server is running:


:bulb: To try this example, cd examples/logs; ./

Then create and run your Caddyfile:

# run with: ./caddy run --config Caddyfile

    nats {
        clientName "My Caddy Server"
} {
    log {
        output nats my.log.subject
    respond "Hello World"

Then, you can can listen to my.log with the nats CLI, and do a HTTP Request to see it in the Logs:

nats subscribe 'my.log.>'

# in another console

What has happened here?

  1. You sent a HTTP request to Caddy
  2. the access log is routed to NATS.

Getting Started - Bridging HTTP <-> NATS

This is a more advanced scenario, but still getting up and running with caddy-nats-bridge is pretty simple:

First install NATS and make sure the NATS server is running:


:bulb: To try this example, cd examples/getting-started; ./

Then create and run your Caddyfile:

# run with: ./caddy run --config Caddyfile

    nats {
        clientName "My Caddy Server"

        # listens to "datausa.[drilldowns].[measures]" -> calls internal URL
        # nats req "datausa.Nation.Population" ""
        subscribe datausa.> GET{nats.request.subject.asUriPath.1}/{nats.request.subject.asUriPath.2}
} {
    # internal URL: "/datausa/[drilldowns]/[measures]"
    handle /datausa/* {

        # Reference for placeholders:
        rewrite * /api/data?drilldowns={http.request.uri.path.1}&measures={http.request.uri.path.2}

        reverse_proxy {
            header_up Host {upstream_hostport}

    route /weather/* {

Then, you can do a request with the nats CLI, and see that it is automatically converted to a HTTP Request:

nats req "datausa.Nation.Population" ""

What has happened here?

  1. You sent a NATS request to the topic datausa.Nation.Population
  2. the Caddy-Nats-Bridge has subscribed to the above topic, and routed the request to the internal URL
  3. The rest is standard Caddy configuration - triggering the API call
  4. The HTTP response is then converted to a NATS reply.

As a second example, you can start a fake NATS weather service using:

nats reply '>' --command "curl -s{{2}}?format=3"

You can query this service via nats request "" to retrieve the current weather forecast.

Because of the nats_request rule in the Caddyfile above, you can also request in your browser:

  1. You sent a HTTP request to Caddy
  2. This has been forwarded to the NATS topic, which is responded by the nats reply tool above.
  3. The NATS response is converted to a HTTP response.

Connecting to NATS

To connect to nats, use the nats global option in your Caddyfile with the URL of the NATS server:

  nats [alias] {
    url nats://

The alias is a server-reference which is relevant if you want to connect to two NATS servers at the same time. If omitted, the serverAlias default is used.

To connect to multiple servers (NATS Cluster), separate them with , in the url parameter.

The following connection options are supported for a server:

Configuration with all configuration options is specified below:

  nats [alias] {
    url nats://
    # either userCredentialFile or nkeyCredentialFile can be specified. If both are specified, userCredentialFile
    # takes precedence.
    userCredentialFile /path/to/file.creds
    nkeyCredentialFile /path/to/file.nk
    clientName MyClient
    inboxPrefix _INBOX_custom

Logging to NATS

Simple usage:

  nats {
    url nats://
} {
  # will use the "default" NATS server defined above
  log nats my.log.subject

You can also specify the NATS server alias to use for logging; in the example below "myNatsServer":

nats {
    url nats://
  nats myNatsServer {
    url nats://
} {
  # will use the "myNatsServer" NATS server defined above
  log nats myNatsServer my.log.subject

This concept is fully pluggable; you can configure the log output any way you like in Caddy.

Bridging HTTP <-> NATS

The module works if you want to bridge HTTP -> NATS, and also NATS -> HTTP - both in unidirectional, and in bidirectional mode.

NATS -> HTTP via subscribe

caddy-nats-bridge supports subscribing to NATS subjects in a few different flavors, depending on your needs:

The two cases above are both handled with the single subscribe directive placed inside a global nats block. If the incoming NATS Message has a Reply subject set, we forward the HTTP response back to the original sender. If not, we discard the HTTP response.

We route the message inside Caddy to the matching server block (depending on the hostname). Then you can use further Caddy directives for processing the message.

NATS headers get converted to HTTP request headers. HTTP response headers are converted to NATS headers on the reply message (if applicable).

  nats [alias] {
    # add other server config here; at least URL is required.
    url nats://

    subscribe [topic] [http_method] [http_url] {
      [queue "queue group name"]
    # example:
    subscribe datausa.> GET{nats.subject.asUriPath.1:} 
} {
  # your normal NATS config for the server.

Placeholders for subscribe

The subscribe directive supports the global placeholders of Caddy inside the http_method and http_url parameters. Additional, the following (NATS specific) placeholders can be used:

Queue Groups

If you want to take part in Load Balancing via NATS Queue Groups, you can specify the queue group to subscribe to via the nested queue directive inside the subscribe block.

FAQ: HTTP URL Parameters

in case you want to use request parameters, I suggest the following way of using subscribe:

subscribe datausa.> GET{nats.subject.asUriPath.1:}?{nats.request.header.X-NatsBridge-UrlQuery}

This way, the NATS request header X-NatsBridge-UrlQuery can be used to set URL parameters.

HTTP -> NATS via nats_request (interested about response)

nats_request [matcher] [serverAlias] subject {
  [timeout 42ms]

nats_request publishes the HTTP request to the specified NATS subject, and sends the NATS reply back as HTTP response. It is a terminal handler, meaning it does not make sense to place Caddy handlers after this one because they will never be called.

HTTP request headers are converted to NATS headers. NATS reply headers are converted to HTTP response headers.

For matcher, all registered Caddy request matchers can be used - and the nats_request handler is only triggered if the request matches the matcher.

If serverAlias is not given, default is used.

Example usage:

localhost {
  route /hello {
    nats_request events.hello

Placeholders for nats_request

(same as for nats_publish)

You can use the http placeholders of Caddy and the global placeholders of Caddy inside the subject string. The most useful ones are usually:

{http.request.uri.path}     The path component of the request URI
{http.request.uri.path.*}   Parts of the path, split by / (0-based from left)
{http.request.header.*}     Specific request header field

Additionally, the following placeholders are available:

Extra headers for nats_request

(same as for nats_publish)

All HTTP headers will become NATS Message headers. On top if this, the following headers are automatically set:

We might want to support setting arbitrary headers later :) (from Caddy expressions). Create an issue if you need this :)

HTTP -> NATS via nats_publish (fire-and-forget)

nats_publish [matcher] [serverAlias] subject

nats_publish publishes the HTTP request to the specified NATS subject. This http handler is not a terminal handler, which means it can be used as middleware (Think logging and events for specific http requests).

HTTP request headers are converted to NATS headers.

For matcher, all registered Caddy request matchers can be used - and the nats_request handler is only triggered if the request matches the matcher.

If serverAlias is not given, default is used.

Example usage:

localhost {
  route /hello {
    nats_publish events.hello
    respond "Hello, world"

Placeholders for nats_publish

(same as for nats_request)

You can use the http placeholders of Caddy and the global placeholders of Caddy inside the subject string. The most useful ones are usually:

{http.request.uri.path}     The path component of the request URI
{http.request.uri.path.*}   Parts of the path, split by / (0-based from left)
{http.request.header.*}     Specific request header field

Additionally, the following placeholders are available:

Extra headers for nats_publish

(same as for nats_request)

All HTTP headers will become NATS Message headers. On top if this, the following headers are automatically set:

We might want to support setting arbitrary headers later :) (from Caddy expressions). Create an issue if you need this :)

large HTTP payloads with store_body_to_jetstream

store_body_to_jetstream is experimental and might change without further notice as this feature is developed further.

NATS messages have a size limit of usually 1 MB (and 8 MB as hardcoded limit). Sometimes, HTTP requests or responses contain bigger payloads than this.

store_body_to_jetstream takes a HTTP request's body and stores it to a temporary JetStream Object Storage (EXPERIMENTAL). It then adds the NATS message headers X-NatsBridge-Body-Bucket pointing to the JetStream Object Store bucket, and X-NatsBridge-Body-Id pointing to the object ID. It then empties the body of the HTTP message before it is processed further.

store_body_to_jetstream [<matcher>] [[serverAlias] bucketName] {
   [ttl 5m]

For matcher, all registered Caddy request matchers can be used - and the nats_request handler is only triggered if the request matches the matcher.

If serverAlias is not given, default is used.

If bucketName is not given, LargeHttpRequestBodies is used. The bucket is auto-created using the specified ttl if it does not exist.

store_body_to_jetstream must be placed before nats_publish or nats_request in order to do its work.

Example usage:

localhost {
  route /hello {
    store_body_to_jetstream // TODO: condition if message is large or chunked.
    nats_publish events.hello
    respond "Hello, world"

When sending a NATS message after store_body_to_jetstream, the following headers are set:

This feature is, as already stated, considered experimental.

We have the following development ideas around this:

  • We do not want to store all request bodies; but ideally only those only bigger than a size limit.
  • Additionally, we need to decide what to do with requests without a Content-Length - when using Transfer-Encoding: chunked. Either we buffer these fully into memory (so that we know its size), or we stream them directly to JetStream as they come in.
  • We need to create the "reverse" operation as well: take a HTTP response with the X-NatsBridge-Body-Bucket and X-NatsBridge-Body-Id headers, and fetch the body from JetStream.
  • We need the same pair of operations for upstream HTTP responses.
    • Maybe we should support re-using a response body based on cache etags?


All features have tests written. To run them, use ./ run-tests - or use to run them.

Long-Term Vision / Feature Ideas

This tooling might be very useful for exposing HTTP based services in NATS.

Especially combined with other NATS features such as authorization, an implementer could assume that NATS requests are already authenticated; and automatically add outgoing API keys (when talking to public APIs). This should greatly simplify API key management.

In the long run, we might be able to replace things like a Kubernetes Ingress completely, and use caddy-nats-bridge in place of the Ingress - and then do the routing based on NATS subjects. This might also greatly simplify quite some features like scale-to-zero deployments.

This might especially make sense together with Caddy extensions like FrankenPHP, so we could generate replies without even needing to send out a HTTP message again.

Thanks to Derek Collison and the NATS team for building such a great project, and same to Matt Holt and the Caddy team. A special thanks to the .tech podcast team, because through this podcast I re-discovered NATS and I started to grasp what we could use it for.

A huge thanks to, from whose code-base I started, as I would not have been able to build all this from scratch without a working implementation already.

And finally a big Thank You also to my team at, who are always encouraging and receptive all the time I come along with a crazy idea.