Merge pull request #42238 from ashiksp/redis-adapter-ssl-docs

[ci skip] Redis adapter SSL/TLS connection information ( action cable docs).
2022-11-09 12:12:34 -05:00 · 2021-05-18 07:41:45 +09:00 · 2021-05-18 07:41:45 +09:00 · a33bbb2d27
commit a33bbb2d27
parent 5ddff2beb1 fa41244f8e
1 changed files with 19 additions and 0 deletions
--- a/guides/source/action_cable_overview.md
+++ b/guides/source/action_cable_overview.md
@ -723,6 +723,25 @@ The Redis adapter requires users to provide a URL pointing to the Redis server.
 Additionally, a `channel_prefix` may be provided to avoid channel name collisions
 when using the same Redis server for multiple applications. See the [Redis PubSub documentation](https://redis.io/topics/pubsub#database-amp-scoping) for more details.

+The Redis adapter also supports SSL/TLS connections. The required SSL/TLS parameters can be be passed in `ssl_params` key in the configuration yaml file.
+
+```
+production:
+  adapter: redis
+  url: rediss://10.10.3.153:tls_port
+  channel_prefix: appname_production
+  ssl_params: {
+    ca_file: "/path/to/ca.crt"
+  }
+```
+
+The options given to `ssl_params` are passed directly to the `OpenSSL::SSL::SSLContext#set_params` method and can be any valid attribute of the SSL context.
+Please refer to the [OpenSSL::SSL::SSLContext documentation](https://docs.ruby-lang.org/en/master/OpenSSL/SSL/SSLContext.html) for other available attributes.
+
+If you are using self-signed certificates for redis adapter behind a firewall and opt to skip certificate check, then the ssl `verify_mode` should be set as `OpenSSL::SSL::VERIFY_NONE`.
+
+WARNING: It is not recommended to use `VERIFY_NONE` in production unless you absolutely understand the security implications. In order to set this option for the Redis adapter, the config should be `ssl_params: { <%= OpenSSL::SSL::VERIFY_NONE %> }`.
+
 ##### PostgreSQL Adapter

 The PostgreSQL adapter uses Active Record's connection pool, and thus the