From 17e0c9176ea1b1f1b646a234b5072a3c28204c70 Mon Sep 17 00:00:00 2001
From: Alejandro Celaya <alejandrocelaya@gmail.com>
Date: Sat, 25 Nov 2023 13:04:30 +0100
Subject: [PATCH 1/2] Add support for SSL on Redis and RabbitMQ connections

---
 composer.json                        | 4 ++--
 config/autoload/installer.global.php | 1 +
 config/autoload/rabbit.global.php    | 1 +
 module/Core/src/Config/EnvVars.php   | 1 +
 4 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/composer.json b/composer.json
index 99641f50..27f8b9ed 100644
--- a/composer.json
+++ b/composer.json
@@ -46,11 +46,11 @@
         "php-middleware/request-id": "^4.1",
         "pugx/shortid-php": "^1.1",
         "ramsey/uuid": "^4.7",
-        "shlinkio/shlink-common": "dev-main#e24ea7b as 5.7",
+        "shlinkio/shlink-common": "dev-main#a9b5d21 as 5.7",
         "shlinkio/shlink-config": "dev-main#cde5d3b as 2.5",
         "shlinkio/shlink-event-dispatcher": "dev-main#35ccc0b as 3.1",
         "shlinkio/shlink-importer": "dev-main#d621b20 as 5.2",
-        "shlinkio/shlink-installer": "dev-develop#f31c242 as 8.6",
+        "shlinkio/shlink-installer": "dev-develop#18829f7 as 8.6",
         "shlinkio/shlink-ip-geolocation": "dev-main#4a1cef8 as 3.3",
         "shlinkio/shlink-json": "dev-main#e5a111c as 1.1",
         "spiral/roadrunner": "^2023.2",
diff --git a/config/autoload/installer.global.php b/config/autoload/installer.global.php
index 4b31c46f..32f71ea6 100644
--- a/config/autoload/installer.global.php
+++ b/config/autoload/installer.global.php
@@ -64,6 +64,7 @@ return [
             Option\QrCode\DefaultRoundBlockSizeConfigOption::class,
             Option\RabbitMq\RabbitMqEnabledConfigOption::class,
             Option\RabbitMq\RabbitMqHostConfigOption::class,
+            Option\RabbitMq\RabbitMqUseSslConfigOption::class,
             Option\RabbitMq\RabbitMqPortConfigOption::class,
             Option\RabbitMq\RabbitMqUserConfigOption::class,
             Option\RabbitMq\RabbitMqPasswordConfigOption::class,
diff --git a/config/autoload/rabbit.global.php b/config/autoload/rabbit.global.php
index ea003809..bf9591e5 100644
--- a/config/autoload/rabbit.global.php
+++ b/config/autoload/rabbit.global.php
@@ -9,6 +9,7 @@ return [
     'rabbitmq' => [
         'enabled' => (bool) EnvVars::RABBITMQ_ENABLED->loadFromEnv(false),
         'host' => EnvVars::RABBITMQ_HOST->loadFromEnv(),
+        'use_ssl' => (bool) EnvVars::RABBITMQ_USE_SSL->loadFromEnv(false),
         'port' => (int) EnvVars::RABBITMQ_PORT->loadFromEnv('5672'),
         'user' => EnvVars::RABBITMQ_USER->loadFromEnv(),
         'password' => EnvVars::RABBITMQ_PASSWORD->loadFromEnv(),
diff --git a/module/Core/src/Config/EnvVars.php b/module/Core/src/Config/EnvVars.php
index d6877eb9..790bfe3a 100644
--- a/module/Core/src/Config/EnvVars.php
+++ b/module/Core/src/Config/EnvVars.php
@@ -31,6 +31,7 @@ enum EnvVars: string
     case RABBITMQ_USER = 'RABBITMQ_USER';
     case RABBITMQ_PASSWORD = 'RABBITMQ_PASSWORD';
     case RABBITMQ_VHOST = 'RABBITMQ_VHOST';
+    case RABBITMQ_USE_SSL = 'RABBITMQ_USE_SSL';
     /** @deprecated */
     case RABBITMQ_LEGACY_VISITS_PUBLISHING = 'RABBITMQ_LEGACY_VISITS_PUBLISHING';
     case MATOMO_ENABLED = 'MATOMO_ENABLED';

From 5d99b1aef02a68135eeb230f7c11d3fd262f9ddf Mon Sep 17 00:00:00 2001
From: Alejandro Celaya <alejandrocelaya@gmail.com>
Date: Sat, 25 Nov 2023 13:07:25 +0100
Subject: [PATCH 2/2] Update changelog

---
 CHANGELOG.md | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 40977d18..bc34660c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,7 +7,6 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this
 ## [Unreleased]
 ### Added
 * [#1798](https://github.com/shlinkio/shlink/issues/1798) Experimental support to send visits to an external Matomo instance.
-
 * [#1780](https://github.com/shlinkio/shlink/issues/1780) Add new `NO_ORPHAN_VISITS` API key role.
 
   Keys with this role will always get `0` when fetching orphan visits.
@@ -20,6 +19,15 @@ The format is based on [Keep a Changelog](https://keepachangelog.com), and this
 
 * [#1905](https://github.com/shlinkio/shlink/issues/1905) Add support for PHP 8.3.
 * [#1927](https://github.com/shlinkio/shlink/issues/1927) Allow redis credentials be URL-decoded before passing them to connection.
+* [#1834](https://github.com/shlinkio/shlink/issues/1834) Add support for redis encrypted connections using SSL/TLS.
+
+  Encryption should work out of the box if servers schema is set tp `tls` or `rediss`, including support for self-signed certificates.
+
+* [#1906](https://github.com/shlinkio/shlink/issues/1906) Add support for RabbitMQ encrypted connections using SSL/TLS.
+
+  In order to enable SLL, you need to pass `RABBITMQ_USE_SSL=true` or the corresponding config option.
+
+  Connections using self-signed certificates should work out of the box.
 
 ### Changed
 * [#1799](https://github.com/shlinkio/shlink/issues/1799) RoadRunner/openswoole jobs are not run anymore for tasks that are actually disabled.