SSL configuration in cable.yml

AFAIK when you intend to run a redis connection via SSL you have to overwrite

ActionCable::SubscriptionAdapter::Redis.redis_connector . My current solution

looks something like:

cert = config[:ssl_params][:cert]

key  = config[:ssl_params][:key]

config = config.merge(

  ssl_params: {

    ca_file: config[:ssl_params][:ca_file],





which lives in an initializer.

I’m wondering if a change to the redis subscription adapter, which would allow a cable.yml configurations like:


  adapter: redis

  url: rediss://redis-cluster


    ca_file: /certs/ca.pem

    cert:    /certs/cert.pem

    key:     /certs/key.pem

would be a welcome addition to the rails/action-cable? If that’s the case I’d be happy to start on a patch. If this is more

of an edge case and the change is not welcome, I understand but would appreciate some feedback on my current approach

and would like to submit a patch to at least mention this option in the documentation .

Thanks in advance for solution.

IIRC the ActionCable configuration already picks up all options and passes them through to the redis connection. This is the setup we had to do e.g. to work with Heroku Redis, no monkeypatching required:


class Application < Rails::Application
  redis_params = { url: ENV["REDIS_URL"] || 'redis://localhost:6379' }
  redis_params[:ssl_params] = { verify_mode: OpenSSL::SSL::VERIFY_NONE } if ENV['ENABLE_REDIS_TLS']

  config.redis_params = redis_params


default: &default
  adapter: redis
  url: <%= Rails.configuration.redis_params.fetch(:url) %>
  <% if Rails.configuration.redis_params[:ssl_params].present? %>
    verify_mode: <%= Rails.configuration.redis_params.dig(:ssl_params, :verify_mode) %>
  <% end %>

  <<: *default

You can have HTTP and HTTPS servers in the same server section

server { listen 80; listen [::]:80 ipv6only=on; listen 443 ssl; … }

For complete SSL related configuration I would recommend to use Mozilla generator

Yes, but you shouldn’t. Nginx will match your first server section even if you haven’t set server_name properly, but such configuration is hard to support and troubleshoot.