search

patrikx3 / redis-ui

📡 P3X Redis UI: A highly functional and convenient database GUI that fits in your pocket, accessible on both responsive web and desktop applications.
https://www.corifeus.com/redis-ui
MIT License
705 stars 73 forks source link

Connection with tls and empty certificates #61

Closed demelvin closed 2 years ago

demelvin commented 2 years ago

Hello,

Very nice work on this app. I've been playing around with it locally and its exactly what I have been looking for so thank you.

I'm attempting to connect redis-ui to a managed Redis Instance on DigitalOcean. When connecting from the command line (or terminal) I specify the --tls flag but I do not need to provide any type of certificate (e.g. redis.crt, redis.key, and ca.crt). However, I do not see an option for this when adding a new connection.

Is there a way to specify something similar to --tls without any certs when adding or editing a connection within redis-ui?

Command Line Example

redis-cli -h <hostname> -p <port> --tls -a "<password>"

Node Redis/RedisIO Code Example

new Redis({
    host: <hostname>
    port: <port>,
    password: <password>,
    username: <username>,
    tls: {}, // notice the empty object here
})

Things I've tried but did not work

All these options result in "Connection is closed." within the redis-ui GUI.

I'm happy to dig around int the code as well if you can point me in the right direction.

Thank you in advance

p3x-robot commented 2 years ago

well, if it is TLS, there must be a certificate, there is no redis server with tls without a certificate: https://redis.io/topics/encryption as i understand...

to work right away, you can download the certificates and enable in redis-ui using certificates.

i never thought i would enable TLS in an un-secure way. you know what i mean?

if you think it is a good thing to enable TLS in a un-secure way, i will think about it and possible to enable, but it is a little bit weird way.

let's keep this discussion open, as it is a really interesting issue...

p3x-robot commented 2 years ago

i saw that somehow you can enable empty tls configuration, but it was not working right away and the certificate started to work and at least i know it is secure.

if you do not care about security, why do you need tls???

p3x-robot commented 2 years ago

i am testing without the tls connection as you suggested.

demelvin commented 2 years ago

Hi @p3x-robot,

Thanks for the quick reply! See my responses to your questions below. All your questions are good and I completely agree but unfortunately I don't manage this database instance DigitalOcean does so I really have no control over this. It seems they have tls enabled on their end but they do not provide certificates for this and there is no way for me to actually shell into the server directly to generate them :(

I'll reach out to their support and see if I can get some of your questions answered or at least get them to provide me with the certificates if there are any.

As a side note, other Redis GUI tools I have used in the past have an option to enable TLS without providing a certificate. Just to name a few RedisInsight, Redily (no longer available) and Medis

i never thought i would enable TLS in an un-secure way. you know what i mean? I know what you mean and I agree, but I think there is a way to enable tls on Redis without certificates.

if you do not care about security, why do you need tls??? This isn't my decision its DigitalOceans and unfortunately its the only way to connect to their managed Redis instances using redis-cli

I'll let you know what I find out from DigitalOcean. As a workaround I think I can perhaps use this tool called Stunnel, I might try this if somehow enabling the --tls flag within your tool is not an option.

Thanks again for your help

p3x-robot commented 2 years ago

ok, i see, it is possible. but i dont have time to create a non self signed certificate. so you will have to test it. it will take about 20 minutes. i let you know it is pushed.

p3x-robot commented 2 years ago

ok, done, but i could not test. building, it will take about 5 minutes.

p3x-robot commented 2 years ago

https://github.com/patrikx3/redis-ui/releases/tag/v2021.10.227

p3x-robot commented 2 years ago

let me know if it works. i sleep in 1 hour. otherwise i can fix tomorrow... i am in europe.

i can sense, that once have to configure in the gui (etc. rejectUnauthorized: false|true) that might need another 45 minutes.

p3x-robot commented 2 years ago

https://github.com/patrikx3/redis-ui/releases/tag/v2021.10.231

demelvin commented 2 years ago

Thank you @p3x-robot . I'm testing this now and will report back once I confirmed the new build is working or not. I appreciate your patience and thank you again for your help in this matter.

demelvin commented 2 years ago

Hello @p3x-robot,

Really nice job on the toggle to enable tls certificate setting. I think we are close but I'm seeing the following error message now when connecting "ERR unknown command config, with args beginning with: get, databases, " Any ideas on what might be causing this? Also happy to look at the code or debug if needed, please just let me know what you would like me to try.

Thank you!

image

p3x-robot commented 2 years ago

try with azure or aws config, get databases is not available on DigitalOcean...

p3x-robot commented 2 years ago

try aws, i put in the label it that needed.

demelvin commented 2 years ago

I tried both. Looks like the command is failing now with the following:

ERR unknown command command, with args beginning with:

Seeing this with AWS enabled/disabled, tried with Azure too. Any ideas?

image image

p3x-robot commented 2 years ago

show the console from the redis-ui-server log...

p3x-robot commented 2 years ago

it looks like the command is not available, hang on i do a last try. i refactor. give me 10 minutes.

demelvin commented 2 years ago

Perhaps a dumb question but where can I find those server logs. I'm running the electron app. I checked my home directory but all I see is the .p3xrs-conns.json file. Its late for you so no worries! We can pick this up next week if you're still interested otherwise I'll see if I can't get DigitalOcean to shed some light on those certs.

I appreciate you trying to get this to work.

p3x-robot commented 2 years ago

ok, i refactored:

v2021.10.237

Released on 11/11/2021

p3x-robot commented 2 years ago

building, but this is the last try today, if more problems with that client, i will check tomorrow. it will take the building 5 minutes.

p3x-robot commented 2 years ago

Perhaps a dumb question but where can I find those server logs. I'm running the electron app. I checked my home directory but all I see is the .p3xrs-conns.json file. Its late for you so no worries! We can pick this up next week if you're still interested otherwise I'll see if I can't get DigitalOcean to shed some light on those certs.

I appreciate you trying to get this to work.

If you run from the terminal, it will show the log. The TLS is working now. DigitalOcean has more strict policy, than Azure, Google or AWS. That is why the command listing is not available there.

p3x-robot commented 2 years ago

I tried both. Looks like the command is failing now with the following:

ERR unknown command command, with args beginning with:

Seeing this with AWS enabled/disabled, tried with Azure too. Any ideas?

image image

Connection is OK, but the command console command is not available there...

p3x-robot commented 2 years ago

https://github.com/patrikx3/redis-ui/releases/tag/v2021.10.237

p3x-robot commented 2 years ago

going to sleep, ciao.

demelvin commented 2 years ago

It works 🔥 (https://github.com/patrikx3/redis-ui/releases/tag/v2021.10.237)

Thank you again for looking into this issue and so quickly as well. Have a great evening!