Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update channels redis config to have SSL options #686

Closed
3 of 4 tasks
sambles opened this issue Sep 1, 2022 · 0 comments · Fixed by #687
Closed
3 of 4 tasks

Update channels redis config to have SSL options #686

sambles opened this issue Sep 1, 2022 · 0 comments · Fixed by #687
Assignees
@sambles
Labels
feature A main feature, captured on the backlog kubernetes
Projects
Oasis Support Calls
Milestone
2.1.1

Comments

@sambles
Copy link
Contributor

sambles commented Sep 1, 2022
edited

Issue Description

To get SSL working the following changes to Django's setting.py are needed

  • Add a chanel_ssl option which switches the protoco from redis to rediss
  • Fix the helm chart so channel_layer_port is correctly set, currently its defaulting to 6379
  • Add Ignore CERTIFICATE_VERIFY option which sets check_hostname = False
CHANNEL_LAYER_SSL=True
CHANNEL_LAYER_PROTO='redis'+'s'*CHANNEL_LAYER_SSL                                                                                                                                                                                                            

import ssl
ssl_context = ssl.SSLContext()
ssl_context.check_hostname = False


CHANNEL_LAYERS = {
    'default': {
        'BACKEND': 'channels_redis.core.RedisChannelLayer',
        'CONFIG': {
            'hosts': [{
                'address': f'{CHANNEL_LAYER_PROTO}://{CHANNEL_LAYER_USER}:{CHANNEL_LAYER_PASS}@{CHANNEL_LAYER_HOST}:{CHANNEL_LAYER_PORT}/0',
                'ssl': ssl_context
            }],
            'symmetric_encryption_keys': [SECRET_KEY],
            "capacity": 1500,
        },
    },
}

Example data / logs
@sambles sambles changed the title Update channels_redis config to use SSL by default Update channels redis config to have SSL options Sep 1, 2022
@sambles sambles added kubernetes Enhancement Small improvement or refinement. labels Sep 1, 2022
@sambles sambles added this to To Do in Oasis Support Calls via automation Sep 1, 2022
@sambles sambles linked a pull request Sep 2, 2022 that will close this issue
Add option for ssl redis #687
Merged
1 task
@sambles sambles moved this from To Do to In Progress in Oasis Support Calls Sep 2, 2022
@sambles sambles self-assigned this Sep 6, 2022
@benhayes21 benhayes21 moved this from In Progress to Done in Oasis Support Calls Sep 6, 2022
@benhayes21 benhayes21 added feature A main feature, captured on the backlog and removed Enhancement Small improvement or refinement. labels Jan 10, 2023
@sambles sambles closed this as completed Jan 18, 2023
@awsbuild awsbuild added this to the 2.1.1 milestone Apr 6, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sambles sambles

Labels
feature A main feature, captured on the backlog kubernetes
Projects
Oasis Dev Team Tasks
Status: Done
Oasis Support Calls
  
Done
Milestone
2.1.1
Development

Successfully merging a pull request may close this issue.

Add option for ssl redis OasisLMF/OasisPlatform
3 participants
@sambles @benhayes21 @awsbuild