Closed hebbo closed 5 years ago
Hey @hebbo, thanks for the report. I don't really know what AtRestEncryptionEnabled
and TransitEncryptionEnabled
do except from what I've quickly read from the ElastiCache docs.
Could you please:
Redix should be compatible with any decently modern Redis (the protocol has been the same for a long time).
Hey,
thanks for your reply. We are using the following versions: Redis 0.9.3 phoenix_pubsub_redis 2.1.7
Found out a bit more about the issue: when setting AtRestEncryptionEnabled
to true my service can connect to the Redis instance. However, TransitEncryptionEnabled
seem to be the root of the problem.
Digging a bit in the AWS docs:
To access data from ElastiCache for Redis nodes enabled with in-transit encryption, you use clients that work with Secure Socket Layer (SSL). However, redis-cli doesn't support SSL or Transport Layer Security (TLS).
https://docs.aws.amazon.com/AmazonElastiCache/latest/red-ug/in-transit-encryption.html
Seems like Redis clients are generally not compatible with in-transit encrypted communication?
This is the error I am getting:
06:47:49.149 [error] Failed to connect to Redis (master.inr10p33bfd4jnw7.mk862x.usw2.cache.amazonaws.com:6379): :timeout
when:
TransitEncryptionEnabled
to true on my Redis ElastiCache instancephoenix_pubsub: [
adapter: Phoenix.PubSub.Redis,
host: System.get_env("REDIS_HOSTNAME") || raise("REDIS_HOSTNAME not set"),
node_name: System.get_env("REDIS_NODE_NAME") || raise("REDIS_NODE_NAME not set"),
password: System.get_env("REDIS_AUTH_TOKEN") || raise("REDIS_AUTH_TOKEN not set"),
pool_size: 1,
port: 6379
]
Not sure how useful this info is going to be for you but thought I may share it just in case.
We may just give on in-transit encryption for now :)
Thanks! Angel
Hey @hebbo, I see. Did you try using ssl: true
when connecting to Redis or using rediss://
as the scheme in the Redis URL you're using?
Hey @whatyouhide
Using the ssl: true
option actually did the job. Totally missed it!
We also set the Redix password
config entry to whatever value we set in the AuthToken
field in the Cloudformation configuration for the Redis instances.
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-elasticache-replicationgroup.html#cfn-elasticache-replicationgroup-authtoken
Thanks a lot for your help! We are almost there now! Angel
Hi there.
We are aiming to use the Phoenix Redis Pubsub (https://github.com/phoenixframework/phoenix_pubsub_redis) package in our Phoenix app and had some problems to connect to our ElastiCache Redis instance:
We found out that the problem was in the following settings:
Wondering whether there is any way we can check which Redis versions and features the Redix package is compatible with.
Any guidance will be very welcome! Thanks!