Clarify documentation about replication traffic. (#13656)

It can be authenticated with the worker_replication_secret setting, but is always unencrypted.
2022-08-30 08:21:19 -04:00
parent 1c26acd815
commit e761e8b475
2 changed files with 5 additions and 1 deletions
--- a/changelog.d/13656.doc
+++ b/changelog.d/13656.doc
@@ -0,0 +1 @@
+Clarify documentation that HTTP replication traffic can be protected with a shared secret.
--- a/docs/workers.md
+++ b/docs/workers.md
@@ -120,7 +120,10 @@ redis:
 See the sample config for the full documentation of each option.

 Under **no circumstances** should the replication listener be exposed to the
-public internet; it has no authentication and is unencrypted.
+public internet; replication traffic is:
+
+* always unencrypted
+* unauthenticated, unless `worker_replication_secret` is configured


 ### Worker configuration
				`@@ -0,0 +1 @@`
				`Clarify documentation that HTTP replication traffic can be protected with a shared secret.`