...
After configuring the Redis server, we also need to adapt all of our services to allow them to connect to Redis in a secure fashion.
This is achieved today by setting the following settings in the common.ini. Please note that these settings apply globally to all redis instances that are used by the platform. If you want to have a client specific setting (e.g. – redis_studio_cache client in Frontend service), you can overwrite the global SSL settings defined in common.ini in the relevant redis section in frontendThese settings should not have to be defined on every single redis block in every single service. We follow the following rule to resolve the SSL settings.
See if the value is defined in the current configuration block
If it's not there, see if it's defined in the
[redis]section and the same key name - this allows us to override it globally in/etc/squirro/common.iniand not have to edit every other file too.
Below is a sample example of these settings defined in common.ini.
| Code Block |
|---|
# common.ini. [redis] section supplies these SSL settings to all [redis_*] sections # defined across multiple service files [redis] ssl_ca_certs = /tmp/tls/ca.crt ssl_verify = True ssl = True |
...