starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-02-12 20:07:42 +01:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

document in REDIS config section

Browse Source
This commit is contained in:
Arthur
2026-02-11 10:54:43 -08:00
parent bb309fcfea
commit a74c8a72db
2 changed files with 42 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docs/configuration/required-parameters.md
View File

@@ -200,6 +200,48 @@ REDIS = {
!!! note
It is permissible to use Sentinel for only one database and not the other.
### SSL Configuration
If you need to configure SSL/TLS for Redis beyond the basic `SSL`, `CA_CERT_PATH`, and `INSECURE_SKIP_TLS_VERIFY` options (for example, client certificates, a specific TLS version, or custom ciphers), you can pass additional parameters via the `KWARGS` key in either the `tasks` or `caching` subsection.
NetBox already maps `CA_CERT_PATH` to `ssl_ca_certs` and (for caching) `INSECURE_SKIP_TLS_VERIFY` to `ssl_cert_reqs`; only add `KWARGS` when you need to override or extend those settings (for example, to supply client certificates or restrict TLS version or ciphers).
* `KWARGS` - Optional dictionary of additional SSL/TLS (or other) parameters passed to the Redis client. These are passed directly to the underlying Redis client: for `tasks` to [redis-py](https://redis-py.readthedocs.io/en/stable/connections.html), and for `caching` to the [django-redis](https://github.com/jazzband/django-redis#configure-as-cache-backend) connection pool.
Example:
```python
REDIS = {
'tasks': {
'HOST': 'redis.example.com',
'PORT': 1234,
'SSL': True,
'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
'KWARGS': {
'ssl_certfile': '/path/to/client-cert.pem',
'ssl_keyfile': '/path/to/client-key.pem',
'ssl_min_version': ssl.TLSVersion.TLSv1_2,
'ssl_ciphers': 'HIGH:!aNULL',
},
},
'caching': {
'HOST': 'redis.example.com',
'PORT': 1234,
'SSL': True,
'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
'KWARGS': {
'ssl_certfile': '/path/to/client-cert.pem',
'ssl_keyfile': '/path/to/client-key.pem',
'ssl_min_version': ssl.TLSVersion.TLSv1_2,
'ssl_ciphers': 'HIGH:!aNULL',
},
}
}
```
!!! note
If you use `ssl.TLSVersion` in your configuration (e.g. `ssl_min_version`), add `import ssl` at the top of your configuration file.
---
## SECRET_KEY

21
netbox/netbox/configuration_example.py
View File

@@ -43,16 +43,6 @@ REDIS = {
# 'INSECURE_SKIP_TLS_VERIFY': False,
# Set a path to a certificate authority, typically used with a self signed certificate.
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
# Advanced Redis client parameters (SSL/TLS, timeouts, etc.)
# Passed directly to redis-py. See: https://redis-py.readthedocs.io/en/stable/connections.html
# NOTE: The CA_CERT_PATH setting above is already mapped to 'ssl_ca_certs' in KWARGS.
# Only override these parameters in KWARGS if you have a specific reason to do so.
# 'KWARGS': {
# 'ssl_certfile': '/path/to/client-cert.pem',
# 'ssl_keyfile': '/path/to/client-key.pem',
# 'ssl_min_version': ssl.TLSVersion.TLSv1_2,
# 'ssl_ciphers': 'HIGH:!aNULL',
# },
},
'caching': {
'HOST': 'localhost',
@@ -69,17 +59,6 @@ REDIS = {
# 'INSECURE_SKIP_TLS_VERIFY': False,
# Set a path to a certificate authority, typically used with a self signed certificate.
# 'CA_CERT_PATH': '/etc/ssl/certs/ca.crt',
# Advanced Redis client parameters (SSL/TLS, timeouts, etc.)
# Passed directly to Redis connection pool. See: https://github.com/jazzband/django-redis#configure-as-cache-backend
# NOTE: The INSECURE_SKIP_TLS_VERIFY setting above is already mapped to 'ssl_cert_reqs' and
# CA_CERT_PATH is mapped to 'ssl_ca_certs' in KWARGS. Only override these parameters
# in KWARGS if you have a specific reason to do so.
# 'KWARGS': {
# 'ssl_certfile': '/path/to/client-cert.pem',
# 'ssl_keyfile': '/path/to/client-key.pem',
# 'ssl_min_version': ssl.TLSVersion.TLSv1_2,
# 'ssl_ciphers': 'HIGH:!aNULL',
# },
}
}