nchan_redis_ssl_client_certificate
The `nchan_redis_ssl_client_certificate` directive specifies the SSL client certificate to use for Redis connections in the Nchan module.
Description
The nchan_redis_ssl_client_certificate directive is used within the upstream context of the Nginx Nchan module to define the path to an SSL client certificate file when connecting to Redis. This is particularly useful in environments where secure connections to Redis require client authentication via SSL certificates. By specifying this certificate, Nginx can present a valid identity to the Redis server during the TLS handshake, ensuring secure and authenticated communications.
When you configure this directive, it expects a single argument: a string that denotes the file path of the SSL client certificate. This path should point to a PEM-encoded file containing the certificate. It’s important to ensure that the Nginx worker process has the necessary permissions to read this file. If the path is incorrect or inaccessible, it may lead to connection failures between Nginx and Redis.
In addition to this directive, Nginx must also be compiled with OpenSSL support and have proper access to the specified certificate path for effective SSL connections. This directive is essential in a security-conscious deployment where Redis might be exposed to untrusted networks, thereby preventing unauthorized access to the Redis data store.
Config Example
upstream redis_backend {
server redis.example.com:6379;
nchan_redis_ssl_client_certificate /etc/ssl/certs/myclient.cert;
}Ensure that the provided file path is correct and accessible by the Nginx worker process.
Make sure Nginx is compiled with OpenSSL support to utilize SSL features.
The certificate must be in a PEM format; otherwise, Redis connections will fail.