BIDMCDigitalPsychiatry / LAMP-platform

The LAMP Platform (issues and documentation).
https://docs.lamp.digital/
Other
13 stars 10 forks source link

Confirm that LAMP-server supports Redis TLS and Sentinel #452

Open avaidyam opened 2 years ago

avaidyam commented 2 years ago

The LAMP-server currently initializes Redis connections using:

RedisClient = new ioredis(
  parseInt(`${(process.env.REDIS_HOST as any).match(/([0-9]+)/g)?.[0]}`),
  (process.env.REDIS_HOST as any).match(/\/\/([0-9a-zA-Z._]+)/g)?.[0]
)

A collaborator suspects that this pattern will not work with TLS-encrypted connections to a Redis instance outside of the docker network that LAMP-server is on. They require this to support automatic failover for system upgrades to their on-premise hardware (i.e. not AWS/GCP/Azure/etc) using Redis Sentinel.

We need to confirm that LAMP-server/worker support TLS connections for this reason.

Linoy339 commented 2 years ago

@avaidyam . That's right. In that case (TLS encryption) we have to use the url (redis:// URL ) For example:

new Redis("redis://:authpassword@127.0.0.1:6380/4");

// Username can also be passed via URI.
// It's worth to noticing that for compatibility reasons `allowUsernameInURI`
// need to be provided, otherwise the username part will be ignored.
new Redis(
  "redis://username:authpassword@127.0.0.1:6380/4?allowUsernameInURI=true"
);

So that instead of deriving port and host from the env variable, we can use whole url from env : new ioredis(${process.env.REDIS_HOST}?allowUsernameInURI=true) which will work in both the cases