Closed chriscrossman-ibm closed 3 years ago
Hi @chriscrossman-ibm!
Every env var prefixed with RATE_LIMITER_REDIS_
or CACHE_REDIS_
is passed on to the constructor of the ioredis
instance. If I understand your use case correctly, you should be able to add CACHE_REDIS_TLS="{}"
.
Hi rijkvanzanten!
So we tried adding the CACHE_REDIS_TLS to the environment, however the connection did not work. We are using node redis for our other services and this works (https://docs.upstash.com/howto/connectwithtls) when we pass blank object. However I am not sure how ioredis handles this. This is the error we got:
17:51:57¸ [cache] Error: connect ETIMEDOUT
17:51:57¸ [cache] Error: connect ETIMEDOUT
Error: Connection is closed.
at close (/directus/node_modules/@keyv/redis/node_modules/ioredis/built/redis/event_handler.js:179:25)
at TLSSocket.<anonymous> (/directus/node_modules/@keyv/redis/node_modules/ioredis/built/redis/event_handler.js:150:20)
at Object.onceWrapper (node:events:514:26)
at TLSSocket.emit (node:events:406:35)
at node:net:672:12
at TCP.done (node:_tls_wrap:580:7)
In our case we are not sending TLS cert, but just a blank object to the redis instance. Any thoughts would be greatly appreciated.
From what I understand from ioredis
' docs, another approach would be to use the rediss://
connection URL: https://github.com/luin/ioredis#tls-options
I've used successfully used that approach in the past (using rediss://user:secretPassword@my-managed-redis.b.db.ondigitalocean.com:25061
).
Hi @rijkvanzanten
We made an update to the Elasticache Redis instance and it we were able to successfully connect using the CACHE_REDIS_TLS= {}
. We also later updated the Elasticache Redis instance to use the Redis Access Control Lists (ACL) to connect. For this we passed CACHE_REDIS_USERNAME
and CACHE_REDIS_PASSWORD
as environment variables to Directus, and it connected correctly.
Thank you for your feedback @ReedMe1234
Since this
Hi @chriscrossman-ibm!
Every env var prefixed with
RATE_LIMITER_REDIS_
orCACHE_REDIS_
is passed on to the constructor of theioredis
instance. If I understand your use case correctly, you should be able to addCACHE_REDIS_TLS="{}"
.
seems to solve the issue, I am closing for now, but @chriscrossman-ibm if you could leave your feedback it would be helpful.
Hey @chriscrossman-ibm we're trying to do the same and connect our ECS Fargate Directus service to elasticache but been having issues. We've set the following:
CACHE_ENABLED: true
CACHE_STORE: redis
REDIS: redis://<username>:<password>@<elasticache master node URL>:6379
Wondering if we're missing anything?
@andrew-hossack Make sure to use rediss://
instead of redis://
to have it use SSL
Preflight Checklist
Describe the Bug
My team is using Directus and we recent migrated to AWS and are using AWS ElastiCache (Redis) which is looking for a TLS flag to be sent. Looking in the documentation I was not able to find any environment variable for sending TLS flag for Redis. Have you encountered this problem before? If not, is there any way we could get Redis TLS flag environment variable added?
NodeJS adding TLS: https://docs.upstash.com/howto/connectwithtls (for our other NodeJS services, we followed this and passed blank object for tls) AWS ElastiCache Redis with TLS: https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
To Reproduce
Setup Directus on AWS using Redis. No TLS flag is available as an environmental variable inside of Directus.
What version of Directus are you using?
9
What version of Node.js are you using?
14
What database are you using?
MSSQL
What browser are you using?
All
What operating system are you using?
Linux
How are you deploying Directus?
Docker