Add support for secure Redis (TLS support) #5526
Conversation
base.py(286~287) - CELERY_BROKER_USE_SSL - CELERY_REDIS_BACKEND_USE_SSL production.py(51~54) - REDIS_SSL - Set to default=False, no impact on existing environments You only need to set REDIS_SSL=True in Heroku environment Add only new options without modifying existing settings
How to use Redis TLS in Heroku
That's it! Your Redis connection will now use TLS encryption. Note: These settings are optional and default to False, so they won't affect existing deployments unless explicitly enabled. |
|
We probably should update the documentation accordingly: https://cookiecutter-django.readthedocs.io/en/latest/3-deployment/deployment-on-heroku.html The source is here: https://github.com/cookiecutter/cookiecutter-django/blob/master/docs/3-deployment/deployment-on-heroku.rst |
|
I've updated the documentation as requested: deployment-on-heroku.rst
Please let me know if any further changes are needed. |
| @@ -14,6 +14,14 @@ Run these commands to deploy the project to Heroku: | |||
|
|
|||
| # Note: this is not a free plan | |||
| heroku addons:create heroku-postgresql:essential-0 | |||
|
|
|||
| heroku addons:create heroku-redis:mini | |||
There was a problem hiding this comment.
That's already present at line 30
| # Enable Redis TLS support (required for new Heroku Redis instances) | ||
| heroku config:set REDIS_SSL=True | ||
| heroku config:set CELERY_BROKER_USE_SSL=True | ||
| heroku config:set CELERY_REDIS_BACKEND_USE_SSL=True |
There was a problem hiding this comment.
Let's put it after the existing line, please
| Redis Configuration | ||
| +++++++++++++++++++ | ||
|
|
||
| Heroku Redis now requires TLS connections by default. The script above includes the necessary TLS configuration. These settings are optional and default to False, so they won't affect existing deployments unless explicitly enabled. |
There was a problem hiding this comment.
No need for this. While it seems like an important information right now, in month+ time, it will be irrelevant, so I'd rather not have this part in our docs
|
I've made the requested changes:
Thank you for your kind explanation |
| CELERY_BROKER_USE_SSL = env.bool("CELERY_BROKER_USE_SSL", default=False) | ||
| CELERY_REDIS_BACKEND_USE_SSL = env.bool("CELERY_REDIS_BACKEND_USE_SSL", default=False) |
There was a problem hiding this comment.
Maybe we can simplify things?
| CELERY_BROKER_USE_SSL = env.bool("CELERY_BROKER_USE_SSL", default=False) | |
| CELERY_REDIS_BACKEND_USE_SSL = env.bool("CELERY_REDIS_BACKEND_USE_SSL", default=False) | |
| CELERY_BROKER_USE_SSL = env.bool("REDIS_SSL", default=False) | |
| CELERY_REDIS_BACKEND_USE_SSL = env.bool("REDIS_SSL", default=False) |
|
I've simplified the Redis TLS configuration as advised. It's much better! |
|
These changes will not work, please check #5500 |
Could you be a bit more specific as to why? Do you have any suggestions on how to improve the patch to make it work? |
qwerrrqw
force-pushed
the
fix/redis-TLS-support
branch
from
6b57535 to
d93e629
Compare
qwerrrqw
force-pushed
the
fix/redis-TLS-support
branch
from
d93e629 to
1f785bd
Compare
for more information, see https://pre-commit.ci
…-django into fix/redis-TLS-support
Ruff/redis tls support
- Move Redis SSL configuration to base settings - Remove redundant Redis SSL settings from production - Remove REDIS_SSL env var from Heroku deployment docs - Use rediss:// URL scheme detection for SSL
fix: Redis SSL configuration
The ssl module is only used in Celery SSL settings, so it is not actually used when the use_celery option is 'n'. I modified it to import conditionally as follows.
Change import ssl settings to conditional
Modifying to ruff rules
browniebroke
changed the title
|
Thanks for the contribution 🎉 |
Add Redis TLS support for Heroku
Fixes #5500
base.py(286~287)
production.py(51~54)
You only need to set REDIS_SSL=True in Heroku environment
Add only new options without modifying existing settings