diff options
| author | Viktor Söderqvist <viktor.soderqvist@est.tech> | 2021-03-30 22:11:32 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2021-03-30 23:11:32 +0300 |
| commit | 5629dbe7155f2534cd44404743003dc37c444b2a (patch) | |
| tree | 732a71d84f855dfdbe2482047fa3e1f0922edd9a /redis.conf | |
| parent | 8cbd858d450db5399f4b8b907c0374ce8ea152d6 (diff) | |
| download | redis-5629dbe7155f2534cd44404743003dc37c444b2a.tar.gz | |
Add support for plaintext clients in TLS cluster (#8587)
The cluster bus is established over TLS or non-TLS depending on the configuration tls-cluster. The client ports distributed in the cluster and sent to clients are assumed to be TLS or non-TLS also depending on tls-cluster.
The cluster bus is now extended to also contain the non-TLS port of clients in a TLS cluster, when available. The non-TLS port of a cluster node, when available, is sent to clients connected without TLS in responses to CLUSTER SLOTS, CLUSTER NODES, CLUSTER SLAVES and MOVED and ASK redirects, instead of the TLS port.
The user was able to override the client port by defining cluster-announce-port. Now cluster-announce-tls-port is added, so the user can define an alternative announce port for both TLS and non-TLS clients.
Fixes #8134
Diffstat (limited to 'redis.conf')
| -rw-r--r-- | redis.conf | 18 |
1 files changed, 12 insertions, 6 deletions
diff --git a/redis.conf b/redis.conf index 057149ed0..a78d958c3 100644 --- a/redis.conf +++ b/redis.conf @@ -1500,16 +1500,21 @@ lua-time-limit 5000 # # In order to make Redis Cluster working in such environments, a static # configuration where each node knows its public address is needed. The -# following two options are used for this scope, and are: +# following four options are used for this scope, and are: # # * cluster-announce-ip # * cluster-announce-port +# * cluster-announce-tls-port # * cluster-announce-bus-port # -# Each instructs the node about its address, client port, and cluster message -# bus port. The information is then published in the header of the bus packets -# so that other nodes will be able to correctly map the address of the node -# publishing the information. +# Each instructs the node about its address, client ports (for connections +# without and with TLS) and cluster message bus port. The information is then +# published in the header of the bus packets so that other nodes will be able to +# correctly map the address of the node publishing the information. +# +# If cluster-tls is set to yes and cluster-announce-tls-port is omitted or set +# to zero, then cluster-announce-port refers to the TLS port. Note also that +# cluster-announce-tls-port has no effect if cluster-tls is set to no. # # If the above options are not used, the normal Redis Cluster auto-detection # will be used instead. @@ -1522,7 +1527,8 @@ lua-time-limit 5000 # Example: # # cluster-announce-ip 10.1.1.5 -# cluster-announce-port 6379 +# cluster-announce-tls-port 6379 +# cluster-announce-port 0 # cluster-announce-bus-port 6380 ################################## SLOW LOG ################################### |