Skip to content

Instantly share code, notes, and snippets.

@jwigal

jwigal/redis_labs_rails_ssl_config.md

Last active April 24, 2023 15:28
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jwigal/fc3890eb36f250591ee1fdd0a13a2d76 to your computer and use it in GitHub Desktop.
Save jwigal/fc3890eb36f250591ee1fdd0a13a2d76 to your computer and use it in GitHub Desktop.
Download ZIP
Redis Labs SSL configuration for Rails
Raw
redis_labs_rails_ssl_config.md

Config below assumes you are not using client certificate authentication, e.g.:

Transport layer security (TLS): ON and TLS client authentication: OFF

in credentials, define redislabs:

redislabs:
  username: whatsmyname
  password: supersecret!
  endpoint: redis-00000.abcd.url.url.example.redislabs.com:12345

OpenSSL::X509::Store.new.add_cert only accepts one cert at a time, and can't handle chained certs in one .pem file.

in config/environments/production.rb

redislabs = Rails.application.credentials.redislabs
keystore = OpenSSL::X509::Store.new
pem_chain = File.read(Rails.root.join("config/redislabs/ca.pem"))
pem_chain.scan(/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m).each do |cert|
  keystore.add_cert(OpenSSL::X509::Certificate.new(cert))
end
config.cache_store = :redis_cache_store, {
  url: ["rediss://#{redislabs.username}:#{redislabs.password}@#{redislabs.endpoint}/0"],
  ssl_params: {cert_store: keystore},
  connect_timeout:    3,  # Defaults to 20 seconds
  read_timeout:       1, # Defaults to 1 second
  write_timeout:      1, # Defaults to 1 second
  reconnect_attempts: 0,   # Defaults to 0
}

test it out:

irb(main):002:0> Rails.cache.fetch "booya"
=> nil
irb(main):003:0> Rails.cache.fetch( "booya") {'hey!'}
=> "hey!"
irb(main):004:0> Rails.cache.fetch "booya"
=> "hey!"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment