redis_dashboard icon indicating copy to clipboard operation
redis_dashboard copied to clipboard

Unable to use with rediss urls and self-signed certificates

Open prognostikos opened this issue 2 years ago • 1 comments

Right now the redis client will not work with rediss urls if the redis server presents a self-signed certificate. This is the case for e.g. Heroku Redis. The following error is raised:

OpenSSL::SSL::SSLError: SSL_connect returned=1 errno=0 peeraddr=x.x.x.x:20229 state=error: certificate verify failed (self signed certificate in certificate chain)

To enable this we can pass an additional parameter when calling Redis.new e.g.

Redis.new(
  url: ENV["REDIS_URL"],
  ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }
)

Would you accept a pull request to add a configuration option for this? Let me know if you have a preference as to what the configuration API should look like.

prognostikos avatar Jan 13 '23 09:01 prognostikos

Yes, sure, you're welcome. I prefer to leave the responsibility of creating the connections if it cannot work with a simple URL. Thus it should work for any case in the futur (I hope :-)), instead of adding an argument options.

# config/initializers/redis_dashboard.rb
# You can create any connections with any options.
# You're not forced to have the same options for all connections.
Redis.connections = [
  Redis.new(url: ENV["REDIS_URL1"], ssl_params: { verify_mode: OpenSSL::SSL::VERIFY_NONE }),
  Redis.new(url: ENV["REDIS_URL2"], reconnect_attempts: 10),
  # ...
)

If no connections has been set, it should fallback to Redis.urls to not break compatibility.

This change means that RedisDashboard::Client.new should accept both an URL and a connection.

It may break some views where the Redis URL is displayed. But I don't think it will be too hard to fix that.

Does it sounds good to you ?

alexisbernard avatar Jan 18 '23 11:01 alexisbernard