authelia/docs/configuration/session/redis.md
James Elliott 08e674b62f
docs: refactor several areas of documentation (#1726)
Updated all links to use https://www.authelia.com/docs/.
Removed all comment sections from documented configuration on the documentation site and replaced them with their own sections.
Made all documentation inside config.template.yml double hashes, and made all commented configuration sections single quoted.
Added .yamllint.yaml to express our desired YAML styles.
Added a style guide.
Refactored many documentation areas to be 120 char widths where possible. It's by no means exhaustive but is a large start.
Added a statelessness guide for the pending Kubernetes chart introduction.
Added labels to configuration documentation and made many areas uniform.
2021-04-11 21:25:03 +10:00

5.7 KiB

layout title parent grand_parent nav_order
default Redis Session Configuration 1

Redis

This is a session provider. By default Authelia uses an in-memory provider. Not configuring redis leaves Authelia stateful. It's important in highly available scenarios to configure this option and we highly recommend it in production environments. It requires you setup redis as well.

Configuration

session:
  redis:
    host: 127.0.0.1
    port: 6379
    username: authelia
    password: authelia
    database_index: 0
    maximum_active_connections: 8
    minimum_idle_connections: 0
    tls:
      server_name: myredis.example.com
      skip_verify: false
      minimum_version: TLS1.2
    high_availability:
      sentinel_name: mysentinel
      sentinel_password: sentinel_specific_pass
      nodes:
        - host: sentinel-node1
          port: 26379
        - host: sentinel-node2
          port: 26379
      route_by_latency: false
      route_randomly: false

Options

host

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The redis host or unix socket path. If utilising an IPv6 literal address it must be enclosed by square brackets and quoted:

host: "[fd00:1111:2222:3333::1]"

port

type: integer {: .label .label-config .label-purple } default: 6379 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The port redis is listening on.

username

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The username for redis authentication. Only supported in redis 6.0+, and redis currently offers backwards compatibility with password-only auth. You probably do not need to set this unless you went through the process of setting up redis ACLs.

password

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The password for redis authentication.

database_index

type: integer {: .label .label-config .label-purple } default: 0 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The index number of the redis database, the same value as specified with the redis SELECT command.

maximum_active_connections

type: integer {: .label .label-config .label-purple } default: 8 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The maximum connections open to redis at the same time.

minimum_idle_connections

type: integer {: .label .label-config .label-purple } default: 0 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The minimum number of redis connections to keep open as long as they don't exceed the maximum active connections. This is useful if there are long delays in establishing connections.

tls

If defined enables redis over TLS, and additionally controls the TLS connection validation process. You can see how to configure the tls section here.

high_availability

When defining this session it enables redis sentinel connections. It's possible in the future we may add redis cluster.

sentinel_name

type: string {: .label .label-config .label-purple } required: yes {: .label .label-config .label-red }

The redis sentinel master name. This is defined in your redis sentinel configuration, it is not a hostname. This must be defined currently for a high availability configuration.

sentinel_password

type: string {: .label .label-config .label-purple } required: no {: .label .label-config .label-green }

The password for the redis sentinel connection. A redis sentinel username is not supported at this time due to the upstream library not supporting it.

nodes

A list of redis sentinel nodes to load balance over. This list is added to the host in the redis section above. It is required you either define the redis host or one redis sentinel node. The redis host must be a redis sentinel host, not a regular one. The individual redis hosts are determined using redis sentinel commands.

Each node has a host and port configuration. Example:

- host: redis-sentinel-0
  port: 26379
host
type: boolean {: .label .label-config .label-purple } default: false {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The host of this redis sentinel node.

port
type: integer {: .label .label-config .label-purple } default: 26379 {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

The port of this redis sentinel node.

route_by_latency

type: boolean {: .label .label-config .label-purple } default: false {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

Prioritizes low latency redis sentinel nodes when set to true.

route_randomly

type: boolean {: .label .label-config .label-purple } default: false {: .label .label-config .label-blue } required: no {: .label .label-config .label-green }

Randomly chooses redis sentinel nodes when set to true.