Closed iKenndac closed 1 year ago
@0xTim Looks like a straightforward and clean addition of support for 1.x, once the conflicts are resolved.
Whoops, I saw those 5.0.0 alpha releases and thought they were on main, so I branched from 4.6.0. My bad — fixed now!
Thank you! :heart:
This PR adds TLS support to the current stable release of
vapor/redis
(and the underlying RediStack 1.x). There are three behaviour changes (all additive):The
RedisConfiguration
struct now has optionaltlsConfiguration
andtlsHostname
properties.The
RedisConfiguration
struct constructors that take URLs now handlerediss
URLs and will fill out thetlsConfiguration
andtlsHostname
properties with default values from the URL.If the
tlsConfiguration
andtlsHostname
properties are set, a customClientBootstrap
will be created when it's time to create aRedisConnectionPool
, adding aNIOSSLClientHandler
to the pipeline on top of the ones created byaddBaseRedisHandlers()
. If the properties aren't set, the behaviour is as before.This PR allows
vapor/redis
to be used with hosting services like Heroku, which (in certain configurations) require that you connect to Redis using TLS.Ramifications on Future Versions
The logic for this PR was "borrowed" from this PR on RediStack: https://gitlab.com/swift-server-community/RediStack/-/merge_requests/160
I'm aware that work is being done in RediStack to add this "properly". However, I need to use TLS now and I'd like to stay on stable releases as much as possible. I'm aware there's already work on the main branch here for RediStack 2.x. This PR is branched from the 4.6.0 release — hopefully it can be merged into a new 4.x release to tide us over until 5.x comes along.
Example Usage
Here's how I'm using this addition in my Vapor app running on Heroku. Heroku self-signs its TLS certificates, so I need to turn off certificate verification: