Configuring Redis w/SSL


#1

Trying to configure Sentry on-prem to use the new authentication + encryption features in Elasticache - one of them is the ability to force SSL.

I believe I’ve successfully configured one of the Redis configuration options to use ssl simply by adding 'ssl': True to the options dict in sentry.conf.py:

            'hosts': {
                0: {
                    'host': redis,
                    'password': redis_password,
                    'port': redis_port,
                    'db': redis_db,
                    'ssl': True
                },
            }

this enables the frontend to come up & pass health checks. The other piece that I believe needs reconfiguring is the BROKER_URL, since the cron + worker logs are full of kombu Redis connection errors:

BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db

but I don’t know if it’s possible/how to configure SSL w/celery using a urlstring as connection config (it’s rejecting rediss://, for instance)


#2

I am running into the same problem with sentry 9.0.
I can confirm that rediss:// will lead to several errors.

Did you solve the problem in the meantime?


#3

I ended up modifying /usr/local/lib/python2.7/site-packages/kombu/transport/redis.py to force it to use redis.SSLConnection.

My Dockerfile just replaces the library file with that patched version.