Merge pull request #843 from ministryofjustice/ag--redis-tls

Ability to connect securely to Redis with SSL/TLS (REDIS_SCHEME setting)
ministryofjustice · Oct 9, 2020 · 3d03086 · 3d03086
2 parents 8cd6db2 + 6d1f2b5
commit 3d03086
Showing 1 changed file with 11 additions and 2 deletions.
diff --git a/controlpanel/settings/common.py b/controlpanel/settings/common.py
@@ -456,16 +456,25 @@
 REDIS_HOST = os.environ.get('REDIS_HOST', 'localhost')
 REDIS_PASSWORD = os.environ.get('REDIS_PASSWORD')
 REDIS_PORT = os.environ.get('REDIS_PORT', '6379')
+REDIS_SCHEME = os.environ.get("REDIS_SCHEME", "redis")
+if REDIS_SCHEME not in ["redis", "rediss"]:
+    raise ValueError(f"Invalid value for 'REDIS_SCHEME' environment variable. Must be 'redis' or 'rediss' (to use SSL/TLS). It was '{REDIS_SCHEME}' which is invalid.")
+
+REDIS_URI = f"{REDIS_SCHEME}://{REDIS_HOST}:{REDIS_PORT}/1"
 
 # -- Async
 
 ASGI_APPLICATION = f"{PROJECT_NAME}.routing.application"
 
+# See: https://pypi.org/project/channels-redis/
 CHANNEL_LAYERS = {
     'default': {
         'BACKEND': 'channels_redis.core.RedisChannelLayer',
         'CONFIG': {
-            'hosts': [{'address': (REDIS_HOST, REDIS_PORT)}],
+            'hosts': [{
+                "address": REDIS_URI,
+                "timeout": 30,
+            }],
         },
     },
 }
@@ -477,7 +486,7 @@
     CACHES = {
         "default": {
             "BACKEND": "django_redis.cache.RedisCache",
-            "LOCATION": f"redis://{REDIS_HOST}:{REDIS_PORT}/1",
+            "LOCATION": REDIS_URI,
             "OPTIONS": {
                 "CLIENT_CLASS": "django_redis.client.DefaultClient",
                 "PASSWORD": f"{REDIS_PASSWORD}"