search

wger-project / wger

Self hosted FLOSS fitness/workout, nutrition and weight tracker
https://wger.de
GNU Affero General Public License v3.0
3.2k stars 585 forks source link

Allow env specification of Redis connection SSL parameters #1751

Closed taylor-fuller closed 1 month ago

taylor-fuller commented 3 months ago

Proposed Changes

I decided to deploy this project in my Kubernetes cluster and it looks like by default there is no way to accept self-signed certificates when using TLS to connect to a Redis instance.

I am currently running a Redis instance on my local network requiring TLS for connections (setting port 0 and tls-port 6379 directives in /etc/redis/redis.conf) and using a self-signed cert. When attempting to connect to the Redis instance, django-redis is throwing the following error:

django_redis.exceptions.ConnectionInterrupted: Redis ConnectionError: Error 1 connecting to 192.168.xx.x:6379. [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed: self-signed certificate (_ssl.c:1007)

After doing a quick search, I came across this issue in django-redis that outlines the fix for this. Also, it does appear that configuration is outlined in the django-redis repo README as well.

While I was adding this I figured it would be good to also include the ability to specify other possible common SSL configuration parameters as outlined here in the redis-py project.

Assuming these changes are acceptable and once they are approved/merged I will open an accompanying PR in https://github.com/wger-project/docker to document these changes as well.

Please check that the PR fulfills these requirements

rolandgeider commented 2 months ago

(sorry for the late reply). I'm guessing if the values are not set they are ignored right? In that case it, could you also open a PR on the docker repo adding these options as a comment to the env file so it's clear they can be set?

taylor-fuller commented 2 months ago

(sorry for the late reply). I'm guessing if the values are not set they are ignored right? In that case it, could you also open a PR on the docker repo adding these options as a comment to the env file so it's clear they can be set?

@rolandgeider

All good!

I went ahead and made a slight adjustment so CONNECTION_POOL_KWARGS is only added to the CACHES config if at least one of the related env parameters is present.

Also, please see accompanying PR for the docker repo