Configuring Redis w/SSL

thomasm · December 18, 2017, 3:29pm

Trying to configure Sentry on-prem to use the new authentication + encryption features in Elasticache - one of them is the ability to force SSL.

I believe I’ve successfully configured one of the Redis configuration options to use ssl simply by adding 'ssl': True to the options dict in sentry.conf.py:

            'hosts': {
                0: {
                    'host': redis,
                    'password': redis_password,
                    'port': redis_port,
                    'db': redis_db,
                    'ssl': True
                },
            }

this enables the frontend to come up & pass health checks. The other piece that I believe needs reconfiguring is the BROKER_URL, since the cron + worker logs are full of kombu Redis connection errors:

BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db

but I don’t know if it’s possible/how to configure SSL w/celery using a urlstring as connection config (it’s rejecting rediss://, for instance)

ZuSe · July 7, 2018, 2:36pm

I am running into the same problem with sentry 9.0.
I can confirm that rediss:// will lead to several errors.

Did you solve the problem in the meantime?

thomasm · July 14, 2018, 8:38pm

I ended up modifying /usr/local/lib/python2.7/site-packages/kombu/transport/redis.py to force it to use redis.SSLConnection.

My Dockerfile just replaces the library file with that patched version.

Topic		Replies	Views
SSL to encrypt connections to RDS postgres	3	1578	May 1, 2020
About relay config.yml On-Premise	2	1832	January 4, 2021
Sentry.conf.py for RabbitMQ On-Premise	2	2674	November 29, 2016
SSL for onpremise 20.10.1 On-Premise	2	1058	October 26, 2020
Redis Sentinel Support On-Premise	4	3079	February 11, 2019

Configuring Redis w/SSL

Related topics