[change] Add support for `rediss://` URLs

[nemesifier]

Support for rediss:// URLs with authentication in Redis configuration.

Description

It's currently not possible to easily use a Redis server that requires a secure connection over TLS (rediss://) and password authentication.

Here’s the relevant code logic we observed:

if not REDIS_PASS:
    CHANNEL_REDIS_HOST = f'redis://{REDIS_HOST}:{REDIS_PORT}/1'
else:
    CHANNEL_REDIS_HOST = f'redis://:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/1'

if not REDIS_PASS:
    CELERY_BROKER_URL = f'redis://{REDIS_HOST}:{REDIS_PORT}/2'
else:
    CELERY_BROKER_URL = f'redis://:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/2'

CACHES = {
    'default': {
        'BACKEND': 'django_redis.cache.RedisCache',
        'LOCATION': f'redis://{REDIS_HOST}:{REDIS_PORT}/0',
    }
}

Suggested improvement

Allow full override of Redis URLs via environment variables (e.g., CHANNEL_REDIS_URL, CELERY_BROKER_URL, REDIS_CACHE_URL) so users can specify secure schemes like rediss:// and custom credentials.

Alternatively, extend the logic to support:

• Custom Redis scheme (redis:// vs rediss://)
• Custom Redis user
• Optional authentication

This would improve compatibility with Redis services that enforce TLS and user-based authentication.

[saurabh21316]

Hello @nemesifier Thanks for the update...

what about the 'LOCATION' inside the cache block? how should I define REDIS_CACHE_URL for
CACHES = {
'default': {
'BACKEND': 'django_redis.cache.RedisCache',
'LOCATION': f'redis://{REDIS_HOST}:{REDIS_PORT}/0',
}
}

[jim12321]

@nemesifier

So I would say the requirements are:

1. Support for Redis SSL.

Reason: For security purposes that require the communication with Redis to be secured.

This should probably be done via a REDIS_SSL with values of true or false with the default value of false if it has not been defined.

So if we are using Python then when defining the redis client, you should have ssl=True parameter defined when enabling SSL.

2. Support for Redis username

Would like a new ENV of REDIS_USERNAME which by default is None or '' blank.

Reason: We are using Aiven for the Redis hosting and they mandate having a user defined in the Redis URL connection string. This is blocking us from using OpenWISP in production. We have requirements around redundancy and availability where we would require it to be using this Aiven solution.

You have a URL of:

CHANNEL_REDIS_HOST = f'redis://:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/1'
CELERY_BROKER_URL = f'redis://:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/2'
'LOCATION': f'redis://{REDIS_HOST}:{REDIS_PORT}/0',

need to look like (not counting the SSL part of it):

CHANNEL_REDIS_HOST = f'redis://{REDIS_USERNAME}:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/1'
CELERY_BROKER_URL = f'redis://{REDIS_USERNAME}:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/2'
'LOCATION': f'redis://{REDIS_USERNAME}:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/0',

3. Support for control over the DB IDs for the 3 DB IDs that you currently use

Reason: So that way we do not have to spin up multiple Redis instances for each OpenWISP instance. This way we host 5 OpenWISP instances on the same Redis instance.

Would like to have 3 new ENVs:

• REDIS_DB_ID_LOCATION - defaulting to 0
• REDIS_DB_ID_CHANNEL - defaulting to 1
• REDIS_DB_ID_CELERY - defaulting to 2

These ENVs should validate that it is an integer and the number is between 0 and 15. Also that the numbers are unique so they do not conflict with each other.

So instead of this:

You have a URL of:

CHANNEL_REDIS_HOST = f'redis://:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/1'
CELERY_BROKER_URL = f'redis://:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/2'
'LOCATION': f'redis://{REDIS_HOST}:{REDIS_PORT}/0',

need to look like (not counting the SSL part of it):

CHANNEL_REDIS_HOST = f'redis://{REDIS_USERNAME}:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/{REDIS_DB_ID_CHANNEL}'
CELERY_BROKER_URL = f'redis://{REDIS_USERNAME}:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/{REDIS_DB_ID_CELERY}'
'LOCATION': f'redis://{REDIS_USERNAME}:{REDIS_PASS}@{REDIS_HOST}:{REDIS_PORT}/{REDIS_DB_ID_LOCATION}',

4. Optional. Redis URL ENVs override

So again this would be an optional way of doing it where if 3 ENVs are defined say:

• REDIS_URL_LOCATION
• REDIS_URL_CHANNEL
• REDIS_URL_CELERY

would override the other settings.

It would need support for SSL so if the URL started with rediss that would mean SSL should be set to True vs redis where SSL would be set to False.