search

twitter / twemproxy

A fast, light-weight proxy for memcached and redis
Apache License 2.0
12.13k stars 2.06k forks source link

Does twemproxy support connection to tls redis server ? #583

Open kapilmittal opened 4 years ago

kapilmittal commented 4 years ago

We need tls support to connect to aws elasticache.

vitobotta commented 4 years ago

Hi @kapilmittal did you solve? I am having the same problem. Thanks!

amirkhonov commented 3 years ago

Is it actual for now?

premkumar-gg commented 3 years ago

@manjuraj could you shed some quick light on this please?

I doubt if it supports. In our case where we are trying to set up a proxy to an AWS redis cluster with TLS enabled, here is the config:

alpha:
    listen: 127.0.0.1:22121
    hash: fnv1a_64
    distribution: ketama
    auto_eject_hosts: true
    preconnect: true
    redis: true
    redis_db: 2
    redis_auth: aaaaa
    server_retry_timeout: 2000
    server_failure_limit: 1
    servers:
     - master.xxxxx-redis.abc012.euw1.cache.amazonaws.com:6379:1

The nutcracker log itself looks fine:

[2021-05-04 17:43:44.107] nc_connection.c:397 sendv on sd 15 5 of 5 in 1 buffers
[2021-05-04 17:43:44.107] nc_request.c:96 req 467 done on c 15 req_time 0.079 msec type REQ_REDIS_AUTH narg 2 req_len 51 rsp_len 5 key0 'aaaaa' peer '127.0.0.1:43578' done 1 error 0
[2021-05-04 17:43:44.107] nc_connection.c:346 recv on sd 15 54 of 16336
[2021-05-04 17:43:44.107] nc_redis.c:1102 parsed command 'GET'
[2021-05-04 17:43:44.107] nc_redis.c:1667 parsed req 469 res 0 type 43 state 0 rpos 54 of 54
00000000  2a 32 0d 0a 24 33 0d 0a  47 45 54 0d 0a 24 33 34   |*2..$3..GET..$34|
00000010  0d 0a 50 48 50 5f 53 45  53 53 6e 6c 75 64 63 35   |..PHP_SESSnludc5|
00000020  76 64 66 63 68 65 39 6f  74 32 75 74 68 6a 64 75   |vdfche9ot2uthjdu|
00000030  39 62 6d 68 0d 0a                                  |9bmh..|
[2021-05-04 17:43:44.107] nc_server.c:706 key 'PHP_SESSnludc5vdfche9ot2uthjdu9bmh' on dist 0 maps to server 'master.xxxxx-redis.abc012.euw1.cache.amazonaws.com:6379:1'

On the client side we have read errors.

In our case, we use phpredis >5, wrapped with Credis. The error: 

PHP Fatal error:  Uncaught RedisException: read error on connection to 127.0.0.1:22121

Please note, using direct connection to the cluster, the same client code works fine.

premkumar-gg commented 3 years ago

UPDATE: tried with a TLS disabled cluster and the proxy works absolutely fine.