https://github.com/osquery/osquery logo
#fleet
Title
# fleet
r

Ryan

02/02/2022, 5:12 PM
I’m just looking at adding TLS to our Redis instance used by Fleet, but it uses a self signed certificate. Is it possible to
--tls-skip-verify
for Redis instances? I see the option is available for MySQL, but it’s not listed in the docs for Redis. https://fleetdm.com/docs/deploying/configuration#redis
k

koo

02/02/2022, 5:18 PM
I think the
redis_use_tls
option is the equivalent for Redis https://fleetdm.com/docs/deploying/configuration#redis-use-tls
r

Ryan

02/02/2022, 5:27 PM
Hiya @koo thanks for the answer, I actually got further thanks to the really handy
./tools/redis-tests/tlsconnect.go
utility, and the issue was the missing server_name parameter. https://fleetdm.com/docs/deploying/configuration#redis-tls-server-name Now the weird behaviour - if I try to set that parameter using the fleet.yml config file with the key
server_name
in the
redis
section, it doesn’t work. But if I set it using the environment variable
FLEET_REDIS_TLS_SERVER_NAME
then it works. Is this a bug?
I think a documentation bug actually I tried
tls_server_name
in fleet.yml and it works! 😅
k

koo

02/02/2022, 5:33 PM
Oh thanks. I will submit a PR to fix this.
@Ryan I submitted a PR to update the Docs on this note. Thanks for catching that https://github.com/fleetdm/fleet/pull/3986
m

Michael Thomas

02/03/2022, 5:00 AM
Docs updated, thanks for letting us know 🙌🏻
r

Ryan

02/03/2022, 11:10 AM
Nice, thanks! 🙂
2 Views