Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-26073

Allow configuring Redis in SSL mode and with custom TrustStore

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 10.3
    • Component/s: Redis
    • Tags:
    • Impact type:
      Configuration Change
    • Upgrade notes:
      Hide

      The following nuxeo.conf properties can be set to define appropriate TLS/SSL configuration for Redis:

      • nuxeo.redis.ssl=true
      • nuxeo.redis.truststore.path
      • nuxeo.redis.truststore.password
      • nuxeo.redis.truststore.type
      • nuxeo.redis.keystore.path
      • nuxeo.redis.keystore.password
      • nuxeo.redis.keystore.type

      If more fine-grained configuration is needed than properties, the following extension point can be used instead:

        <require>org.nuxeo.ecm.core.redis.config</require>
  <extension target="org.nuxeo.ecm.core.redis" point="configuration">
    <server>
      ...
      <ssl>true</ssl>
      <trustStorePath>/path/to/cacerts.jks</trustStorePath>
      <trustStorePassword>changeit</trustStorePassword>
      <trustStoreType>jks</trustStoreType>
      <keyStorePath>/path/to/keystore.jks</keyStorePath>
      <keyStorePassword>changeit</keyStorePassword>
      <keyStoreType>jks</keyStoreType>
    </server>
  </extension>
      Show
      The following nuxeo.conf properties can be set to define appropriate TLS/SSL configuration for Redis: nuxeo.redis.ssl=true nuxeo.redis.truststore.path nuxeo.redis.truststore.password nuxeo.redis.truststore.type nuxeo.redis.keystore.path nuxeo.redis.keystore.password nuxeo.redis.keystore.type If more fine-grained configuration is needed than properties, the following extension point can be used instead: <require> org.nuxeo.ecm.core.redis.config </require> <extension target= "org.nuxeo.ecm.core.redis" point= "configuration" > <server> ... <ssl> true </ssl> <trustStorePath> /path/to/cacerts.jks </trustStorePath> <trustStorePassword> changeit </trustStorePassword> <trustStoreType> jks </trustStoreType> <keyStorePath> /path/to/keystore.jks </keyStorePath> <keyStorePassword> changeit </keyStorePassword> <keyStoreType> jks </keyStoreType> </server> </extension>
    • Sprint:
      nxFG 10.3.9
    • Story Points:
      2

      Description

      Allow configuring Redis in SSL mode, and with a custom TrustStore.

      See linked NXP-26072 for the similar reasons why we need a custom TrustStore.

        Attachments

          Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. NXP-25956 Add simple configuration for Kafka SASL and TLS authentication

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved

          Improvement - An improvement or enhancement to an existing feature or task. NXP-26072 Enable use of a custom MongoDB Client TrustStore for in-flight encryption

          • Major - Major loss of function.
          • Resolved

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 1 hour
                  1h