Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow env specification of Redis connection SSL parameters #1751

Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Allow env specification of Redis connection SSL parameters #1751

wants to merge 3 commits into from
+22 −1

Conversation

taylor-fuller
Copy link

@taylor-fuller taylor-fuller commented Aug 13, 2024
edited
Loading

Proposed Changes

I decided to deploy this project in my Kubernetes cluster and it looks like by default there is no way to accept self-signed certificates when using TLS to connect to a Redis instance.

I am currently running a Redis instance on my local network requiring TLS for connections (setting port 0 and tls-port 6379 directives in /etc/redis/redis.conf) and using a self-signed cert. When attempting to connect to the Redis instance, django-redis is throwing the following error:

django_redis.exceptions.ConnectionInterrupted: Redis ConnectionError: Error 1 connecting to 192.168.xx.x:6379. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)

After doing a quick search, I came across this issue in django-redis that outlines the fix for this. Also, it does appear that configuration is outlined in the django-redis repo README as well.

While I was adding this I figured it would be good to also include the ability to specify other possible common SSL configuration parameters as outlined here in the redis-py project.

Assuming these changes are acceptable and once they are approved/merged I will open an accompanying PR in https://github.com/wger-project/docker to document these changes as well.

Please check that the PR fulfills these requirements

  • [ ] Tests for the changes have been added (for bug fixes / features) N/A given this is an env configuration
  • Added yourself to AUTHORS.rst

@rolandgeider
Copy link
Member

(sorry for the late reply). I'm guessing if the values are not set they are ignored right? In that case it, could you also open a PR on the docker repo adding these options as a comment to the env file so it's clear they can be set?

@taylor-fuller taylor-fuller mentioned this pull request Aug 29, 2024
Open
@taylor-fuller
Copy link
Author

(sorry for the late reply). I'm guessing if the values are not set they are ignored right? In that case it, could you also open a PR on the docker repo adding these options as a comment to the env file so it's clear they can be set?

@rolandgeider

All good!

I went ahead and made a slight adjustment so CONNECTION_POOL_KWARGS is only added to the CACHES config if at least one of the related env parameters is present.

Also, please see accompanying PR for the docker repo

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@taylor-fuller @rolandgeider