Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request - Support TLS #193

Open
gwharton opened this issue Jan 24, 2023 · 5 comments
Open

Feature Request - Support TLS #193

gwharton opened this issue Jan 24, 2023 · 5 comments

Comments

@gwharton
Copy link

Please support tls connections for redis servers.

AWS Elasticache redis instances with AUTH enabled now only support tls connections.
@erikdubbelboer
Copy link
Owner

In theory this is already possible. I don't have a setup to test. But I think you can set host to something like tls://hostname?ssl[verify_peer]=0 or tls://hostname?ssl[cafile]=private.pem&ssl[verify_peer]=1. Can you check if that works?

@gwharton
Copy link
Author

Ahh yes, it should work, but looking at the code, only if you do not set the port variable.

phpRedisAdmin/includes/common.inc.php

Lines 116 to 121 in bf71b74

// Setup a connection to Redis.
if(isset($server['scheme']) && $server['scheme'] === 'unix' && $server['path']) {
$redis = new Predis\Client(array('scheme' => 'unix', 'path' => $server['path']));
} else {
$redis = !$server['port'] ? new Predis\Client($server['host']) : new Predis\Client('tcp://'.$server['host'].':'.$server['port']);
}

@gwharton
Copy link
Author

gwharton commented Jan 27, 2023
edited

I tried not setting the port variable to see if I could use a full connection string, and alas the following code automatically sets the port setting if it doesn't exist.

phpRedisAdmin/includes/config.environment.inc.php

Lines 45 to 54 in bf71b74

if (empty($server_port)) {
$server_port = 6379;
}
$config['servers'][] = array(
'name' => $server_name,
'host' => $server_host,
'port' => $server_port,
'filter' => '*',
);

I'm guessing this only becomes an issue when setting the servers from environment variables, i.e in docker. I haven't been able to try this when setting the servers from config.inc.php which I suspect will work if you don't declare a port.

@gwharton
Copy link
Author

OK, ive tried it using the config file instead of environment variables.

      array(
          'name'   => 'master.xxxx.xxxx.euw2.cache.amazonaws.com',
          'host'   => 'tls://master.xxxx.xxxx.euw2.cache.amazonaws.com:6379',
          'port'   => '',
          'filter' => '*',
          'scheme' => 'tcp',
          'path'   => '',
          'hide'   => false,
          'auth' => 'xxxx'
      )

This works and seems to connect to the redis server.

@erikdubbelboer
Copy link
Owner

Great, I'll keep this task open for if one day I have time to improve support and fix that port logic.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@erikdubbelboer @gwharton