Deprecate Redis TLS proxy once Mastodon supports.... TLS on Redis

Five-Borough-Fedi-Project / masto.nyc-docean

masto.nyc IoC v2 hosted in Digital Ocean

2 stars 0 forks source link

Deprecate Redis TLS proxy once Mastodon supports.... TLS on Redis #3

Closed seano-vs closed 2 days ago

seano-vs commented 1 month ago

Currently, we are dependent on HAProxy (previously Stunnel) to proxy insecure connections from Mastodon to our TLS-Only digitalocean Redis (https://github.com/mastodon/mastodon/issues/19824).

Once this is supported on the app layer, we can deprecate it.

seano-vs commented 4 weeks ago

OK, so I discovered that this was merged: https://github.com/mastodon/mastodon/pull/30717

Now, I just need for it to be included in a release. PLEASE, GOD. This may just be reason enough to host a fork, but that's a last resort in all honesty. The Redis errors are pretty bad through HAProxy. There are a lot of consistent messages like this:

RedisCacheStore: write_entry failed, returned false: Redis::ConnectionError: Connection lost (ECONNRESET)

from both the web server and Sidekiq.

seano-vs commented 1 week ago

https://github.com/Five-Borough-Fedi-Project/masto.nyc-docean/commit/fd54847516e31887e3c5f0568481a2ca65910e08 bypasses haproxy. I'll deprecate it once this has been running for a few dats

seano-vs commented 2 days ago

38dcf95639ac0d1a2f6f3b15a139ef083fc61c16