Learning Locker/xAPI doesn't appear to support SSL connections to Redis (Port 6380)

[ctm8788]

What version were you using?

If you were using open source, please add the "Open Source" label to this issue. v6.4.0 of learning locker and version 3.6.4 of xAPI , both Open Source

What steps can we follow to reproduce the behaviour?

Configure REDIS_URL for port 6380 and attempt to connect to Redis. I was unable to find any documentation on how Learning locker expects the redis:// option to be configured.

The best I could find on how to potentially specify an SSL connection was here... https://github.com/ddollar/redis-url Based on my redis connection string, I attempted to add the ssl=True parameter to the redis:// connection. redis://:[email protected]:1234/9?ssl=True&abortConnect=False

If SSL connections are supported, an example redis:// url showing a fully featured connection string would be nice to work from.

What is the actual behaviour?

If applicable, add screenshots to help explain your problem.

The app fails to connect and the below is logged... [ioredis] Unhandled error event: Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:111:27) [ioredis] Unhandled error event: MaxRetriesPerRequestError: Reached the max retries per request limit (which is 20). Refer to "maxRetriesPerRequest" option for details. at Socket. (/app/node_modules/ioredis/built/redis/event_handler.js:108:37) at Object.onceWrapper (events.js:286:20) at Socket.emit (events.js:198:13) at Socket.EventEmitter.emit (domain.js:448:20) at TCP._handle.close (net.js:607:12)

What is the expected behavior?

Learning Locker/xAPI are able to connect to redis and stay connected.

Is there any additional information that will help us replicate/understand the problem?

1. Setup Redis with SSL enabled listening on the standard Port 6380
2. Modify REDIS_URL= variable to connect to port 6380
3. Start Learning Locker Application/xAPI and review logs. Learning Locker will show errors almost immediately upon startup. xAPI will start showing errors as soon as the first request is sent to xAPI

[ctm8788]

This can be changed to a documentation request. Upon further research and testing. Support for TLS connections are present. But the pattern redis:// portion is different. Which in hindsight makes sense, but I had to dig into the ioredis github repository. Note the extra "s" in redis:// (rediss:// Secure/TLS rediss://user:secret@localhost:6380/0?foo=bar&qux=baz NonTls redis://user:secret@localhost:6379/0?foo=bar&qux=baz

[ctm8788]

Actually it appears that this is still an issue for Learning Locker.

Using the exact same connection string as was used in xAPI deployment, the connection fails when attempting to connect to a TLS port.

I tried both options in my env file. (I only used one option at a time (option 1 or option 2)

Option1 REDIS_URL=rediss://:[email protected]:6380/0

Option2 REDIS_HOST=hostname.redis.cache.windows.net REDIS_PASSWORD=password REDIS_PORT=6380 REDIS_DB=0

[ctm8788]

Update... Did some more troubleshooting.

It looks like this can connect initially... REDIS_URL=rediss://:[email protected]:6380 Note the missing /0 , But the connection is eventually reset.

Error when /0 is at the end of REDIS_URL (This error repeats continually.) [ioredis] Unhandled error event: Error: connect ENOENT /0 at PipeConnectWrap.afterConnect [as oncomplete] (net.js:1107:14)

When /0 isn't specified...It can connect initially but will eventually log the below error every couple of minutes rather than spamming like the other connection errors. [ioredis] Unhandled error event: Error: read ECONNRESET at TCP.onStreamRead (internal/stream_base_commons.js:111:27)