feat: update codis fe / proxy with tls; topom updated

[kolinfluence]

codis fe / proxy tls + topom update

[sprappcom]

@AlexStocks please look into it.

[machinly]

It's better not to provide the public key file. Instead, you can add a generation command in the readme.

[kolinfluence]

@machinly the public key file is definitely a dummy one.
you put "filesystem" as default, surely a dummy version is fine right? ... maybe you can modify with error message generated when there's no cert / key files present after you merge this and delete them. will that do fine?

[machinly]

Do not modify the default configuration

[kolinfluence]

can you only pull what is needed?

[machinly]

It's better not to provide the private key file. Instead, you can add a generation command in the readme.

[machinly]

Do not modify the default parameter values

[kolinfluence]

can you only pull what is needed?

[machinly]

Do not modify the default parameter values

[kolinfluence]

can you only pull what is needed?

[luky116]

Do not modify the default configuration

[luky116]

Comment this code

[kolinfluence]

Can you help add the rest?

[kolinfluence]

noted. will revert.

[kolinfluence]

@machinly pls check again, i've done all. sorry for the issues.
for code generation, do provide what examples you think is good. for the cert is just dummy test like your "filesystem" thing.

[luky116]

codis-fe cannot access, have you tried in you local env?

[luky116]

proxy cannot connect?

[luky116]

Judging from your code, you want to add the TLS protocol to the redis protocol port of the proxy layer. If so, can dashboard and fe not add TLS? Because they interact through the http protocol, the proxy's redis protocol port is only responsible for the user's redis client connection.

[kolinfluence]

@luky116 sorry was busy playing with lru benchmark tests update here so a bit lagged behind on pika (but it's on my radar daily).
https://github.com/cloudxaas/gocache/tree/main/lrux/bytes
need fast lru. (promoting it coz may be able to be used in codis too and would hope for improvement to make it faster, kind of applicable to cache)

back to your question...

1. the dashboard and fe is added for remote users to the dashboard and fe. it's optional configuration parameter. if you set tls = true, then it will do the tls feature, else wont affect performance at runtime.

2. it'll be useful for wider adoption considering a lot of dev can remotely access their dashboard / fe etc knowing it's more secure. basically it wont affect the runtime performance.

3. dashboard and fe why not add tls to interact with https protocol too?
   ok i see your point. so maybe we can also do a tlsfe = 1, tlsdashboard = 1, tlspika = 1 etc kind of parameter too. we can allow http/https to run concurrently without affecting performance and the fe/dashboard choosing which to connect to.

good?

[kolinfluence]

proxy cannot connect?

you need to use redis-cli with secure tls to connect put
redis-cli --tls
as option parameter

pls remember it will only use tls for proxy if it's set to true. so accordingly, we will need to put tls-something for everything else etc where we want tls to have. so maybe tls-pika = true in future when pika has tls? but proxy shld definitely have tls.