cube
cube copied to clipboard
How to configure redis TLS certificate
Describe the bug I want to connect to Redis Memory store in GCP and got the following error:
Error: Redis connection to <port> failed - unable to verify the first certificate at TLSSocket.onConnectSecure
(_tls_wrap.js:1502:34) at TLSSocket.emit (events.js:314:20) at TLSSocket._finishInit (_tls_wrap.js:937:8) at
TLSWrap.ssl.onhandshakedone (_tls_wrap.js:711:12)
To Reproduce Steps to reproduce the behavior:
- Create redis memory store instance with auth and TLS enabled
- Create cloud run instance in the same region with redis memory store
- set
REDIS_URL=rediss://<ip-address>:<port>
- set
REDIS_PASSWORD=<redis-auth>
- set
REDIS_TLS=true
Expected behavior Cubejs and redis should connect
Version: 0.26.45
My current workaround is to encode the CA certificate to base64 and store the value in the environment variable with name REDIS_TLS_CERT
.
base64 <your .pem file>
In cube.js
, I use redisPoolOptions
to create redis TLS connection.
const { createRedisClient } = require('@cubejs-backend/query-orchestrator');
module.exports = {
orchestratorOptions: {
redisPoolOptions: {
createClient: () => {
const { REDIS_URL, REDIS_TLS_CERT } = process.env;
const ca = Buffer.from(REDIS_TLS_CERT, 'base64').toString('ascii');
const checkServerIdentity = () => null;
return createRedisClient(REDIS_URL, {
tls: { ca, checkServerIdentity },
});
},
},
},
}
It's not supported to set SSL configuration for Redis driver by env variables/configuration.
Related to env variables, there is a code that already solves a similar problem (but for database drivers):
https://github.com/cube-js/cube.js/blob/v0.26.62/packages/cubejs-query-orchestrator/src/driver/BaseDriver.js#L96
Supporting SSL configuration by env variables can be done in a similar way.
If you are interested in working on this issue, please leave a comment below and we will be happy to assign the issue to you. If this is the first time you are contributing a Pull Request to Cube.js, please check our contribution guidelines. You can also post any questions while contributing in the #contributors channel in the Cube.js Slack.
👋 a quick reminder that we will be replacing Redis with Cube Store as announced in this blog post.
I believe that this issue is not relevant anymore since Cube Store has replaced Redis for query queue and cache management.
Docs: https://cube.dev/docs/product/deployment#redis
Announcement: https://cube.dev/blog/how-you-win-by-using-cube-store-part-1