chore: support SSL for redis (#8488)

* chore: support SSL for redis Signed-off-by: Matt Krick <[email protected]> * fix merge master * support REDIS_PASSWORD Signed-off-by: Matt Krick <[email protected]> * add REDIS_PASSWORD to .env.example Signed-off-by: Matt Krick <[email protected]> * add REDIS_SSL_REJECT_UNAUTHORIZED to .env.example Signed-off-by: Matt Krick <[email protected]> * add REDIS_SSL_DIR to .env.example Signed-off-by: Matt Krick <[email protected]> * getRedisSSL to ts Signed-off-by: Matt Krick <[email protected]> * dockerize * dockerize: empty file to build * dockerize Files inside the folder indicate which certificate they are. The folder must host only certificates for Redis * Removing empty.file * fix: redis TLS under all conditions * dockerize fix: quiet logs * remove old env var Signed-off-by: Matt Krick <[email protected]> * docs: add extra env var docs Signed-off-by: Matt Krick <[email protected]> --------- Signed-off-by: Matt Krick <[email protected]> Co-authored-by: Rafael Romero <[email protected]>
ParabolInc · Sep 1, 2023 · 46e35da · 46e35da
1 parent 7f4a8bb
commit 46e35da
Show file tree

Hide file tree

Showing 17 changed files with 270 additions and 28 deletions.
diff --git a/.env.example b/.env.example
@@ -66,10 +66,13 @@ POSTGRES_POOL_SIZE=5
 POSTGRES_SSL_REJECT_UNAUTHORIZED=false
 POSTGRES_SSL_DIR='/var/lib/postgresql'
 PROTO='http'
+REDIS_PASSWORD=''
 REDIS_URL='redis://localhost:6379'
+REDIS_TLS_CERT_FILE=./certs/redis.crt
+REDIS_TLS_KEY_FILE=./certs/redis.key
+REDIS_TLS_CA_FILE=./certs/redisCA.crt
+REDIS_TLS_REJECT_UNAUTHORIZED='false'
 RETHINKDB_URL='rethinkdb://localhost:28015/actionDevelopment'
-#REDIS_URL='redis://redis:6379'
-#RETHINKDB_URL='rethinkdb://db:28015/actionDevelopment'
 RETHINKDB_SSL='false'
 # SEGMENT_WRITE_KEY='key_SEGMENT_WRITE_KEY'
 SENTRY_AUTH_TOKEN='key_SENTRY_AUTH_TOKEN'

diff --git a/certs/README.md b/certs/README.md
@@ -0,0 +1,16 @@
+## Certs
+
+This directory is the preferred place for TLS certs.
+The certs that are checked into version control are self-signed and safe to share.
+
+### Env Vars
+
+All env vars should correspond with the vars in the redis instance.
+In development, that means vars in .env should match the vars in dev.yml.
+Any changes to dev.yml require running `yarn db:start`
+
+REDIS_PASSWORD: Use this if you'd like our app to connect to redis using a password
+REDIS_TLS_CERT_FILE: The cert file used to authorize clients. Not available in GCP
+REDIS_TLS_KEY_FILE: The key file used to authorize clients. Not available in GCP
+REDIS_TLS_CA_FILE: The CA file that proves our redis instance is who it says it is
+REDIS_TLS_REJECT_UNAUTHORIZED: Set to false if you're using a self-signed CA file
diff --git a/certs/gen-redis-certs.sh b/certs/gen-redis-certs.sh
@@ -0,0 +1,58 @@
+#!/bin/bash
+
+# Generate some test certificates which are used by the regression test suite:
+#
+#   tests/tls/ca.{crt,key}          Self signed CA certificate.
+#   tests/tls/redis.{crt,key}       A certificate with no key usage/policy restrictions.
+#   tests/tls/client.{crt,key}      A certificate restricted for SSL client usage.
+#   tests/tls/server.{crt,key}      A certificate restricted for SSL server usage.
+#   tests/tls/redis.dh              DH Params file.
+
+generate_cert() {
+    local name=$1
+    local cn="$2"
+    local opts="$3"
+
+    local keyfile=tests/tls/${name}.key
+    local certfile=tests/tls/${name}.crt
+
+    [ -f $keyfile ] || openssl genrsa -out $keyfile 2048
+    openssl req \
+        -new -sha256 \
+        -subj "/O=Redis Test/CN=$cn" \
+        -key $keyfile | \
+        openssl x509 \
+            -req -sha256 \
+            -CA tests/tls/ca.crt \
+            -CAkey tests/tls/ca.key \
+            -CAserial tests/tls/ca.txt \
+            -CAcreateserial \
+            -days 365 \
+            $opts \
+            -out $certfile
+}
+
+mkdir -p tests/tls
+[ -f tests/tls/ca.key ] || openssl genrsa -out tests/tls/ca.key 4096
+openssl req \
+    -x509 -new -nodes -sha256 \
+    -key tests/tls/ca.key \
+    -days 3650 \
+    -subj '/O=Redis Test/CN=Certificate Authority' \
+    -out tests/tls/ca.crt
+
+cat > tests/tls/openssl.cnf <<_END_
+[ server_cert ]
+keyUsage = digitalSignature, keyEncipherment
+nsCertType = server
+
+[ client_cert ]
+keyUsage = digitalSignature, keyEncipherment
+nsCertType = client
+_END_
+
+generate_cert server "Server-only" "-extfile tests/tls/openssl.cnf -extensions server_cert"
+generate_cert client "Client-only" "-extfile tests/tls/openssl.cnf -extensions client_cert"
+generate_cert redis "Generic-cert"
+
+[ -f tests/tls/redis.dh ] || openssl dhparam -out tests/tls/redis.dh 2048
diff --git a/certs/redis.crt b/certs/redis.crt
@@ -0,0 +1,23 @@
+-----BEGIN CERTIFICATE-----
+MIID6DCCAdACFCgVz9xx9vFSYlzSZevXgJcfY4cYMA0GCSqGSIb3DQEBCwUAMDUx
+EzARBgNVBAoMClJlZGlzIFRlc3QxHjAcBgNVBAMMFUNlcnRpZmljYXRlIEF1dGhv
+cml0eTAeFw0yMzA4MDcyMzQ5MjlaFw0yNDA4MDYyMzQ5MjlaMCwxEzARBgNVBAoM
+ClJlZGlzIFRlc3QxFTATBgNVBAMMDEdlbmVyaWMtY2VydDCCASIwDQYJKoZIhvcN
+AQEBBQADggEPADCCAQoCggEBAJ18FoBNvVEJgHy4ltPSFpANrE/WDIG2NJj58HRI
+8I+fuWMcH/zwLDL7BUOFGteYbE24OYWRJLQeC+7F5+bXVuPAX9XuFv4eDu0yJevB
+nzx4xCx0V0/dwYrFj8iBD8g1WEhS+I9pMj3ky4CL5Rb6dPAaI9o1yZEDcwTQC62a
+r3mU3PYUwiLaUVuMEDjKr2xkl89vcgMcWIPpuICFmU/Qe0dcesoume4Rxbt+oJ4Q
+7YBdmQ8AuNHP7zzE7kGVtv5DlUV8B4V7kJIKR/omMUKy2NePtXZs0/g2OLgwceUB
+gnOUtN+FX+0GwTeRBWUtGokGLGg2PanTYWUtsIQhJfA9GRsCAwEAATANBgkqhkiG
+9w0BAQsFAAOCAgEAdeqnbqxMA3myXUb8Re7luUvAzFxBxYcuF1UORXeES2dex44v
+5ZzYj2DSgU65Nz9usjVwKAsQ1gD+8N73RKgCiduAwhzL/P5WEtoM/NfY/ORH81B8
+jXEqm8vlHes6ElCkGNJbuCbkneZpXXE1Hsczpx+zV390ea1iS8s//I3rnBEdX4+X
+oD4gUGxGRbbmSjj9jp1mcqHipyDblt5CH/edPN0GxtZROrN2KQSwI3AMx81zPDP7
+Wp/qeukiP6MKU8SGIJJNplApaGxUOdVPLiI4ihCp3ET70L4Yp2Gfo9OVGG+Nev9f
+iSdalwQZNz1dzJYkWYKa34G8uqUJ0gFFlwoW6MYTfmbJD4QUd1F1UfVOjA7qSTPY
+ih3CidlRR3upDnqexIGXeA3kapT2hSc/Z+4Ch1/q0/9Zn8S1xOL9CmPtWFBe2pcB
+b6PnSit+A0pNPEeWLESLlj/pwK7beFcybqKj96MQnHJA+/7VjiNUJGtGiooviiwA
+jvh9a1xUzLRxZuq2E6QOHcuJ35k35ghaoHXemmg9ewq1FPjVRHUOym8J6bRveOVC
+FBCjOvz1Q6wd8oGNu3S77y5jpm+gNrgYYDsiAj3tK9RzNGUH1gMzM+A5wUlITc8Z
+ThHJD/SzEcEgHw54oWgqvRgqUll73Vni4NX9Syw08TIBUQZbOxpDvAQqDmo=
+-----END CERTIFICATE-----
diff --git a/certs/redis.key b/certs/redis.key
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCdfBaATb1RCYB8
+uJbT0haQDaxP1gyBtjSY+fB0SPCPn7ljHB/88Cwy+wVDhRrXmGxNuDmFkSS0Hgvu
+xefm11bjwF/V7hb+Hg7tMiXrwZ88eMQsdFdP3cGKxY/IgQ/INVhIUviPaTI95MuA
+i+UW+nTwGiPaNcmRA3ME0Autmq95lNz2FMIi2lFbjBA4yq9sZJfPb3IDHFiD6biA
+hZlP0HtHXHrKLpnuEcW7fqCeEO2AXZkPALjRz+88xO5Blbb+Q5VFfAeFe5CSCkf6
+JjFCstjXj7V2bNP4Nji4MHHlAYJzlLTfhV/tBsE3kQVlLRqJBixoNj2p02FlLbCE
+ISXwPRkbAgMBAAECggEABjOJXKAIYRUzXrXov9/j947c8X/c74v8jOblVbmRj3ZG
+AeXCSgmDFAwtFuLk6Fxzgf6hH+X+lgEg4ylz356B02doiVoIxGpBQuHYpcHywpos
+JLv9Zthf81ZNj82qkMMDqPAWIuo3ikG6KbkDL7ZzvbNUehaSy10MExfGKJ3mDwQt
+IiVwk6VnmCBT3Oid5tKzzWg+AVo87CSrrvy0zSXHbotyym6IRO/KdtfRndHe6wHK
+kq/hNoPvBTlajGUlgL0BkdN3pI3mXvKpm24NL+1r8o9yLVifuaPvdWBB6Gp79qXT
+fN87QDcPuZcZZMtMl+6jkde3yipoXR0izmCqPmPpUQKBgQDS853VmkjMFtw2Ebi+
+P8EHXQZ+hHqAXrS0TnRdfjYIm4D91exMPmnCkEPir2MenVhnvSHLnaEWL80vpaSz
+0MC67KN72iBRd3XerHky3fcYsb7BtMe/PGxRZt+0cfcj5O+OSr6ttBQ5XYrd8uFF
+oBHD/huLZ/jclpqSU0q/x913JwKBgQC/HYWqfcpnbD34+ul0XwnPQx7f5LeTIYtF
+Td7ciTJMJmFXNEbMDW02sIZrGpNqA2vOZ2KbW7+5hdJFFP6lWMcSR2qNprTUrZ9m
+hETn2CQN6/GuTfcck77y5J8L0OkANKjGSeicMGKhtgg9JgriR2b/z453FHeIGEvV
+sP05Nwom7QKBgAez34qCJLBXEVlkEkPYHhs/uVH7UmHHk3+V8cfMKPrteqtKGWO7
+T69MBz6KuurOQgEftdEyg0RFII/h037BW5g3tcx67X0sCIDF+XLzCee77cQy7qw7
+75SVVgvHsYd8/4ZJkmbTUX26vaxXBwS80IlAiQ7xD/Q2B5TaN7uC98I3AoGAV1Cv
+nwM1lCbZ8YUBYA+DtdPeqUAftvLeZF19cpikCDKIyoSxy8xel1vzLb/IlejWOkj1
+vjEe2S4QsUs0RGrZGLrULb96YqioaPgJWztezZV8p7wrKD1AQky9dXKO4W8tpNpj
+kehxR5yZCwb0dglVP46ecj1Bl0Yyb4EbUCabVskCgYAq7t/AiRY7uJgCwk1Z7ilW
+WpqgjaQvYvvCZQMYelJMmSORo0XNyJqVL5y/XqFqbSFLPCYHOv/CjRFCi2UUOjBN
+/THiCLEVLBtEkpSNDZr0KJw2X7W9ESOHgRlEF/skZ15xarXhJUa2y265usb1DT8k
+Al8XUzTAkpnZoJFfCiUHaQ==
+-----END PRIVATE KEY-----
diff --git a/certs/redisCA.crt b/certs/redisCA.crt
@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFSzCCAzOgAwIBAgIUE3AjdeBEjYNnrC8fc9naRo4GpSowDQYJKoZIhvcNAQEL
+BQAwNTETMBEGA1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUg
+QXV0aG9yaXR5MB4XDTIzMDgwNzIzNDkyOFoXDTMzMDgwNDIzNDkyOFowNTETMBEG
+A1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5
+MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAyorOJvHFcqrlftg70+Ah
+Fg8Q+nNyzOFN9R2YY43vnI28qSbX4j8NFUzVEztXUxvsfiMbwFR2LZn1VUc8qc9S
+5BIXdukoohIU0eDwaulskcIzY5//wr8Ous2DWHcbhD7PG2MtqtBFywhO6f0BNzuG
+ZRFa73Q8usl7PzsuKktw4fuBPgODVayHBlNeP4gJRr3MPLGYjVp2v4pPNhLXSeq6
+NXt7U/1lTaokZDYJb5bG5N0IH2FWR+1xS3a2kwLE/pKEJPSIXGoAL5lrZukgt8AH
+QFIFNFd01ZBMkVEHr9cfHAUECFpLlRcW45x60x2P3My035GQ+2m6Q7ftXPmMfOHA
+UB7/ZNwmLu80wf9XXuSWnDMGykAgkyYYMb+TdCeAcAYYre3u1vrUwLFMQapo9+BU
+MH/ObW1DhAqrhv4XMk9i9x8SOSKhknJyWv27xef6BJ2akFUUggzVKQU6vO9Saprq
+H86iiP8FC02Gb9uc03sNFJMT63UqnPc7KRCSk2RgTFDpabHFQC3+FJpbrrJ/izOy
+sfATpnhwB4g58gKblIyJauPKtnqLgYpCILM6kVj0JdQ5kEioCwnNZUZEWuWQSpLo
+ph2fcpYMwImYbHIdAIEjl/SeDpKzfx5KL1zZ/nms5yJW7s7+zmDdoPny+o+pugZT
+t6Jxoxw8kGfLix+ut61O3acCAwEAAaNTMFEwHQYDVR0OBBYEFKGElRQyHnukiigZ
+UoWg7rAzXEJWMB8GA1UdIwQYMBaAFKGElRQyHnukiigZUoWg7rAzXEJWMA8GA1Ud
+EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAC1Vud9ac3tkj5KVtVjNJfLd
+980wZv+lWwqwsr60dkK63HhDI1eE6Z7QP4YwwWsYFNeEnQXQHVLPyd5Oxdbqss9g
+dIpayevgPcq73UmqSyn2qNCw9v4H4ngOoICjgfLOv1NvMabuhGWMXDnmpBbxu2z6
+9W/inArw/H2gbp3w3BZ1nr73wdJDxlFwaPYdgpNtXJUpfH4OFyhF8YxCVOK7l8i7
+sZaDXD8Zh/nCOy1sSJ9Xi2Br0HEb4rB8JgvbgTTqPp2wtSBBhUvZlvE2nZ9ZgxJf
+iV5oiK+Z0ciOoqBFcnY4Dc1VEGCwua4Z+ZdoDl6D9+xFWJUcUoeDgjq77hn5bxkj
+gORxx1rwm0elK1yZT5uGlGY3Udpcfm6ZrD/omreYBdFz7+tvIAGG3JrT2Z9A6Fin
+1TvTMQGPDY/lTTwd50modGzLuIDjPe4V5fRceIVuAxhrewpCDvBNNkKYYu+y8ztY
+fqIxXhwUhhQegmVtSjZ6ALMyXN2vR0HBiH5B45iFctT/LDi26xeQ1VAX2UYACYen
+88pW3XVibPD9om/Nhi33wCdaK//N0C/voOGMovdzB9vUk/YE5U1rHaT6TkaTwGMX
+DePwn3469IFqTHy5C/CQ0hc0WpQU3F4N8y8fKVQJPbI5yMUynZJ9p+XnkjPEnNnG
+fFRwEKI9ysWmR/aovt0y
+-----END CERTIFICATE-----
diff --git a/docker/dev.yml b/docker/dev.yml
@@ -51,12 +51,21 @@ services:
       - parabol-network
     restart: unless-stopped
   redis:
-    image: redis:6
+    image: bitnami/redis:6.2
     restart: unless-stopped
+    environment:
+      - ALLOW_EMPTY_PASSWORD=yes
+      - REDIS_PASSWORD=''
+      - REDIS_TLS_ENABLED=no
+      - REDIS_TLS_AUTH_CLIENTS=no
+      - REDIS_TLS_CERT_FILE=/opt/bitnami/redis/certs/redis.crt
+      - REDIS_TLS_KEY_FILE=/opt/bitnami/redis/certs/redis.key
+      - REDIS_TLS_CA_FILE=/opt/bitnami/redis/certs/redisCA.crt
     ports:
       - "6379:6379"
     volumes:
-      - redis-data:/data
+      - bitnami-redis-data:/bitnami/redis/data
+      - ../certs:/opt/bitnami/redis/certs
     networks:
       - parabol-network
   redis-commander:
@@ -73,7 +82,7 @@ services:
 networks:
   parabol-network:
 volumes:
-  redis-data: {}
+  bitnami-redis-data: {}
   rethink-data: {}
   postgres-data: {}
   pgadmin-data: {}
diff --git a/packages/gql-executor/RedisStream.ts b/packages/gql-executor/RedisStream.ts
@@ -1,6 +1,4 @@
-import Redis from 'ioredis'
-
-const {REDIS_URL} = process.env
+import RedisInstance from 'parabol-server/utils/RedisInstance'
 
 type MessageValue = [prop: string, stringifiedData: string]
 type Message = [messageId: string, value: MessageValue]
@@ -9,7 +7,7 @@ export default class RedisStream<T> implements AsyncIterableIterator<T> {
   private stream: string
   private consumerGroup: string
   // xreadgroup blocks until a response is received, so this needs its own connection
-  private redis = new Redis(REDIS_URL)
+  private redis = new RedisInstance('gql_stream')
   private consumer: string
 
   constructor(stream: string, consumerGroup: string, consumer: string) {

diff --git a/packages/gql-executor/gqlExecutor.ts b/packages/gql-executor/gqlExecutor.ts
@@ -1,11 +1,11 @@
 import tracer from 'dd-trace'
-import Redis from 'ioredis'
 import {ServerChannel} from 'parabol-client/types/constEnums'
 import GQLExecutorChannelId from '../client/shared/gqlIds/GQLExecutorChannelId'
 import SocketServerChannelId from '../client/shared/gqlIds/SocketServerChannelId'
 import executeGraphQL, {GQLRequest} from '../server/graphql/executeGraphQL'
 import '../server/initSentry'
 import '../server/monkeyPatchFetch'
+import RedisInstance from '../server/utils/RedisInstance'
 import RedisStream from './RedisStream'
 
 tracer.init({
@@ -23,8 +23,8 @@ interface PubSubPromiseMessage {
 }
 
 const run = async () => {
-  const publisher = new Redis(REDIS_URL, {connectionName: 'gql_pub'})
-  const subscriber = new Redis(REDIS_URL, {connectionName: 'gql_sub'})
+  const publisher = new RedisInstance('gql_pub')
+  const subscriber = new RedisInstance('gql_sub')
   const executorChannel = GQLExecutorChannelId.join(SERVER_ID)
 
   // subscribe to direct messages

diff --git a/packages/server/dataloader/RedisCache.ts b/packages/server/dataloader/RedisCache.ts
@@ -2,10 +2,10 @@ import Redis from 'ioredis'
 import ms from 'ms'
 import {Unpromise} from 'parabol-client/types/generics'
 import {DBType} from '../database/rethinkDriver'
+import RedisInstance from '../utils/RedisInstance'
 import customRedisQueries from './customRedisQueries'
 import hydrateRedisDoc from './hydrateRedisDoc'
 import RethinkDBCache, {RWrite} from './RethinkDBCache'
-
 export type RedisType = {
   [P in keyof typeof customRedisQueries]: Unpromise<ReturnType<typeof customRedisQueries[P]>>[0]
 }
@@ -51,7 +51,7 @@ export default class RedisCache<T extends keyof CacheType> {
   // }
   private getRedis() {
     if (!this.redis) {
-      this.redis = new Redis(process.env.REDIS_URL!, {connectionName: 'redisCache'})
+      this.redis = new RedisInstance('redisCache')
     }
     return this.redis
   }

diff --git a/packages/server/utils/PubSubPromise.ts b/packages/server/utils/PubSubPromise.ts
@@ -1,7 +1,7 @@
-import Redis from 'ioredis'
 import ms from 'ms'
 import GQLExecutorChannelId from '../../client/shared/gqlIds/GQLExecutorChannelId'
 import numToBase64 from './numToBase64'
+import RedisInstance from './RedisInstance'
 import sendToSentry from './sendToSentry'
 
 const STANDARD_TIMEOUT = ms('10s')
@@ -12,7 +12,7 @@ interface Job {
   timeoutId: NodeJS.Timeout
 }
 
-const {SERVER_ID, REDIS_URL} = process.env
+const {SERVER_ID} = process.env
 
 interface BaseRequest {
   executorServerId?: string
@@ -21,8 +21,8 @@ interface BaseRequest {
 
 export default class PubSubPromise<Request extends BaseRequest, Response> {
   jobs = {} as {[jobId: string]: Job}
-  publisher = new Redis(REDIS_URL!, {connectionName: 'pubsubPromise_pub'})
-  subscriber = new Redis(REDIS_URL!, {connectionName: 'pubsubPromise_sub'})
+  publisher = new RedisInstance('pubsubPromise_pub')
+  subscriber = new RedisInstance('pubsubPromise_sub')
   subChannel: string
   stream: string
   jobCounter = 0

diff --git a/packages/server/utils/RedisInstance.ts b/packages/server/utils/RedisInstance.ts
@@ -0,0 +1,11 @@
+import Redis from 'ioredis'
+import {getRedisOptions} from './getRedisOptions'
+
+// options in outer scope to read from fs only once
+const options = getRedisOptions()
+
+export default class RedisInstance extends Redis {
+  constructor(connectionName: string) {
+    super(process.env.REDIS_URL!, {connectionName, ...options})
+  }
+}
diff --git a/packages/server/utils/getPubSub.ts b/packages/server/utils/getPubSub.ts
@@ -1,11 +1,11 @@
-import Redis from 'ioredis'
 import GraphQLRedisPubSub from './GraphQLRedisPubSub'
+import RedisInstance from './RedisInstance'
 
 let pubsub: GraphQLRedisPubSub
 const getPubSub = () => {
   if (!pubsub) {
-    const pub = new Redis(process.env.REDIS_URL!, {connectionName: 'getPubSub_pub'})
-    const sub = new Redis(process.env.REDIS_URL!, {connectionName: 'getPubSub_sub'})
+    const pub = new RedisInstance('getPubSub_pub')
+    const sub = new RedisInstance('getPubSub_sub')
     pubsub = new GraphQLRedisPubSub(pub, sub)
   }
   return pubsub

diff --git a/packages/server/utils/getRedis.ts b/packages/server/utils/getRedis.ts
@@ -1,4 +1,5 @@
 import Redis from 'ioredis'
+import RedisInstance from './RedisInstance'
 
 let redis: Redis
 type RedisPipelineError = [Error, null]
@@ -7,7 +8,7 @@ export type RedisPipelineResponse<TSuccess> = RedisPipelineError | RedisPipeline
 
 const getRedis = () => {
   if (!redis) {
-    redis = new Redis(process.env.REDIS_URL!, {connectionName: 'getRedis'})
+    redis = new RedisInstance('getRedis')
   }
   return redis
 }