nchan_redis_tls
The nchan_redis_tls directive configures TLS for Redis connections used in the Nchan module.
Description
The nchan_redis_tls directive enables TLS encryption for connections made to Redis when Nchan is configured to use Redis for message storage and distribution. This directive is particularly useful in securing data transmission between Nginx and Redis, protecting it from potential eavesdropping or interception. By ensuring that Redis connections are made over TLS, users can take advantage of enhanced security, especially in network environments that are deemed untrusted or when sensitive data is being transmitted.
This directive can be specified within an 'upstream' block and takes one argument that indicates whether to enable (on) or disable (off) the TLS protocol for Redis connections. When set to "on", Nginx will establish TLS connections to the configured Redis instance, ensuring all communication is encrypted. Conversely, setting it to "off" will revert to standard, unencrypted communication with Redis. This option acts as a critical toggle for security compliance and can help in establishing a secure architecture when deploying Nchan in production environments.
Config Example
upstream my_redis {
server redis.example.com:6379;
nchan_redis_tls on;
}Incorrectly configuring the Redis server with TLS may lead to connection failures.
Forcing TLS might increase latency due to the overhead of encryption, which should be considered in high-performance scenarios.