🔒️ Make Redis Client support TLS (#6342)

ITISFoundation · Sep 11, 2024 · 913ff92 · 913ff92
1 parent 4e4a70c
commit 913ff92
Show file tree

Hide file tree

Showing 3 changed files with 12 additions and 1 deletion.
diff --git a/.env-devel b/.env-devel
@@ -160,6 +160,7 @@ RABBIT_USER=admin
 REDIS_HOST=redis
 REDIS_PORT=6379
 REDIS_PASSWORD=adminadmin
+REDIS_SECURE=false
 
 REGISTRY_AUTH=True
 REGISTRY_PW=adminadminadmin

diff --git a/packages/settings-library/src/settings_library/redis.py b/packages/settings-library/src/settings_library/redis.py
@@ -21,6 +21,7 @@ class RedisDatabase(int, Enum):
 
 class RedisSettings(BaseCustomSettings):
     # host
+    REDIS_SECURE: bool = False
     REDIS_HOST: str = "redis"
     REDIS_PORT: PortInt = parse_obj_as(PortInt, 6789)
 
@@ -30,7 +31,7 @@ class RedisSettings(BaseCustomSettings):
 
     def build_redis_dsn(self, db_index: RedisDatabase):
         return RedisDsn.build(
-            scheme="redis",
+            scheme="rediss" if self.REDIS_SECURE else "redis",
             user=self.REDIS_USER or None,
             password=(
                 self.REDIS_PASSWORD.get_secret_value() if self.REDIS_PASSWORD else None

diff --git a/services/docker-compose.yml b/services/docker-compose.yml
@@ -116,6 +116,7 @@ services:
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REGISTRY_USER: ${REGISTRY_USER}
       REGISTRY_PW: ${REGISTRY_PW}
       REGISTRY_URL: ${REGISTRY_URL}
@@ -204,6 +205,7 @@ services:
       RABBIT_USER: ${RABBIT_USER}
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
       SWARM_STACK_NAME: ${SWARM_STACK_NAME}
       CLUSTERS_KEEPER_WORKERS_EC2_INSTANCES: ${CLUSTERS_KEEPER_WORKERS_EC2_INSTANCES}
@@ -331,6 +333,7 @@ services:
 
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
 
       REGISTRY_AUTH: ${REGISTRY_AUTH}
@@ -475,6 +478,7 @@ services:
       RABBIT_USER: ${RABBIT_USER}
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
       RESOURCE_USAGE_TRACKER_LOGLEVEL: ${RESOURCE_USAGE_TRACKER_LOGLEVEL}
       RESOURCE_USAGE_TRACKER_MISSED_HEARTBEAT_CHECK_ENABLED: ${RESOURCE_USAGE_TRACKER_MISSED_HEARTBEAT_CHECK_ENABLED}
@@ -498,6 +502,7 @@ services:
       RABBIT_USER: ${RABBIT_USER}
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
       DIRECTOR_V2_HOST: ${DIRECTOR_V2_HOST}
       DIRECTOR_V2_PORT: ${DIRECTOR_V2_PORT}
@@ -659,6 +664,7 @@ services:
       # WEBSERVER_REDIS
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
 
       # WEBSERVER_REST
@@ -846,6 +852,7 @@ services:
       # WEBSERVER_REDIS
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
 
       RESOURCE_MANAGER_RESOURCE_TTL_S: ${RESOURCE_MANAGER_RESOURCE_TTL_S}
@@ -894,6 +901,7 @@ services:
 
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
 
       SWARM_STACK_NAME: ${SWARM_STACK_NAME}
@@ -1032,6 +1040,7 @@ services:
       POSTGRES_USER: ${POSTGRES_USER}
       REDIS_HOST: ${REDIS_HOST}
       REDIS_PORT: ${REDIS_PORT}
+      REDIS_SECURE: ${REDIS_SECURE}
       REDIS_PASSWORD: ${REDIS_PASSWORD}
       S3_ACCESS_KEY: ${S3_ACCESS_KEY}
       S3_BUCKET_NAME: ${S3_BUCKET_NAME}