Config below assumes you are not using client certificate authentication, e.g.:
Transport layer security (TLS): ON
and
TLS client authentication: OFF
in credentials, define redislabs:
redislabs:
username: whatsmyname
password: supersecret!
endpoint: redis-00000.abcd.url.url.example.redislabs.com:12345
OpenSSL::X509::Store.new.add_cert
only accepts one cert at a time, and can't handle chained certs in one .pem
file.
in config/environments/production.rb
redislabs = Rails.application.credentials.redislabs
keystore = OpenSSL::X509::Store.new
pem_chain = File.read(Rails.root.join("config/redislabs/ca.pem"))
pem_chain.scan(/-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----/m).each do |cert|
keystore.add_cert(OpenSSL::X509::Certificate.new(cert))
end
config.cache_store = :redis_cache_store, {
url: ["rediss://#{redislabs.username}:#{redislabs.password}@#{redislabs.endpoint}/0"],
ssl_params: {cert_store: keystore},
connect_timeout: 3, # Defaults to 20 seconds
read_timeout: 1, # Defaults to 1 second
write_timeout: 1, # Defaults to 1 second
reconnect_attempts: 0, # Defaults to 0
}
test it out:
irb(main):002:0> Rails.cache.fetch "booya"
=> nil
irb(main):003:0> Rails.cache.fetch( "booya") {'hey!'}
=> "hey!"
irb(main):004:0> Rails.cache.fetch "booya"
=> "hey!"