Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support Heroku Redis v6 rediss:// URLs #35

Closed
acorncom opened this issue Nov 29, 2020 · 3 comments
Closed

Support Heroku Redis v6 rediss:// URLs #35

acorncom opened this issue Nov 29, 2020 · 3 comments

Comments

@acorncom
Copy link

acorncom commented Nov 29, 2020
edited
Loading

In new apps that use a premium-0 Redis addon (or higher) that is a Redis v6 addon, the url provided ends up being a rediss url. When combined with this addon, that should lead to a smooth connection. But the rediss url provides an accurate port number (not one that should be auto-bumped to the port one above, the behavior this buildpack currently expects and relies upon).

As seen in this PR:
opencounter@61c7ae6

It's possible to use the rediss url and not bump a URI port and in testing just now, I've confirmed that that works fine. But that commit isn't backwards compatible and so isn't likely to fit the needs of this buildpack.

For now, I'll be using the above buildpack (or a fork to fit our needs) but thought it worth writing up an issue as this snag had me scratching my head for a bit

Edited logs seen in debug mode when things are failing:

LOG7[ui]: Found 1 ready file descriptor(s)
LOG7[ui]: FD=4 events=0x2001 revents=0x0
LOG7[ui]: FD=9 events=0x2001 revents=0x1
LOG7[ui]: Service [REDIS_URL] accepted (FD=3) from 127.0.0.1:38934
LOG7[0]: Service [REDIS_URL] started
LOG7[0]: Option TCP_NODELAY set on local socket
LOG5[0]: Service [REDIS_URL] accepted connection from 127.0.0.1:38934
LOG6[0]: s_connect: connecting <host-ip>:13850
LOG7[0]: s_connect: s_poll_wait <host-ip>:13850: waiting 10 seconds
LOG3[0]: s_connect: connect <host-ip>:13850: Connection refused (111)
LOG3[0]: No more addresses to connect
LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
LOG7[0]: Local descriptor (FD=3) closed
LOG7[0]: Service [REDIS_URL] finished (0 left)

Edited logs seen when things go through properly using the above commit:

LOG7[ui]: Found 1 ready file descriptor(s)
LOG7[ui]: FD=4 events=0x2001 revents=0x0
LOG7[ui]: FD=9 events=0x2001 revents=0x1
LOG7[ui]: Service [REDIS_URL] accepted (FD=3) from 127.0.0.1:43782
LOG7[0]: Service [REDIS_URL] started
LOG7[0]: Option TCP_NODELAY set on local socket
LOG5[0]: Service [REDIS_URL] accepted connection from 127.0.0.1:43782
LOG6[0]: s_connect: connecting <host-ip>:13849
LOG7[0]: s_connect: s_poll_wait <host-ip>:13849: waiting 10 seconds
LOG5[0]: s_connect: connected <host-ip>:13849
LOG5[0]: Service [REDIS_URL] connected remote server from <remote-server-ip>:55492
LOG7[0]: Option TCP_NODELAY set on remote socket
LOG7[0]: Remote descriptor (FD=10) initialized
LOG6[0]: SNI: sending servername: <host-servername>
LOG6[0]: Peer certificate not required
LOG7[0]: TLS state (connect): before SSL initialization
LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
LOG7[0]: TLS state (connect): SSLv3/TLS read server hello
LOG6[0]: Certificate verification disabled
LOG6[0]: Certificate verification disabled
LOG6[0]: Certificate verification disabled
LOG6[0]: Certificate verification disabled
LOG7[0]: TLS state (connect): SSLv3/TLS read server certificate
LOG7[0]: TLS state (connect): SSLv3/TLS read server key exchange
LOG6[0]: Client certificate not requested
LOG7[0]: TLS state (connect): SSLv3/TLS read server done
LOG7[0]: TLS state (connect): SSLv3/TLS write client key exchange
LOG7[0]: TLS state (connect): SSLv3/TLS write change cipher spec
LOG7[0]: TLS state (connect): SSLv3/TLS write finished
LOG7[0]: TLS state (connect): SSLv3/TLS write finished
LOG7[0]: TLS state (connect): SSLv3/TLS read server session ticket
LOG7[0]: TLS state (connect): SSLv3/TLS read change cipher spec
LOG7[0]: TLS state (connect): SSLv3/TLS read finished
LOG7[0]:      1 client connect(s) requested
LOG7[0]:      1 client connect(s) succeeded
LOG7[0]:      0 client renegotiation(s) requested
LOG7[0]:      0 session reuse(s)
LOG6[0]: TLS connected: new session negotiated
LOG7[0]: Peer certificate was cached (4616 bytes)
@mtShaikh
Copy link

mtShaikh commented Sep 2, 2021

Will this be fixed? I've manually bumped down the port to make my app work

@edmorley
Copy link
Member

edmorley commented Dec 21, 2021
edited
Loading

@acorncom @mtShaikh Hi! For Heroku Redis 6+, this buildpack should not be used, and instead Redis' native TLS support used instead. As such, this buildpack will be eventually sunset since it's no longer required, rather than support for Redis 6 be added.

I've opened #40 to add a mention of this to the readme.

For using native TLS see:
https://devcenter.heroku.com/articles/heroku-redis#connecting-to-redis

@beanieboi I wonder if this buildpack should do a build-time check for a rediss:// (note the extra s) URL in REDIS_URL, and if found, abort the build with an error that the buildpack should not be used for Redis 6+?

@acorncom
Copy link
Author

@edmorley thx, that's helpful. We'll plan on migrating our usage over now that things are stable there

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@edmorley @acorncom @mtShaikh