Support Heroku Redis v6 rediss:// URLs
Closed this issue · 3 comments
In new apps that use a premium-0 Redis addon (or higher) that is a Redis v6 addon, the url provided ends up being a rediss url. When combined with this addon, that should lead to a smooth connection. But the rediss url provides an accurate port number (not one that should be auto-bumped to the port one above, the behavior this buildpack currently expects and relies upon).
As seen in this PR:
opencounter@61c7ae6
It's possible to use the rediss url and not bump a URI port and in testing just now, I've confirmed that that works fine. But that commit isn't backwards compatible and so isn't likely to fit the needs of this buildpack.
For now, I'll be using the above buildpack (or a fork to fit our needs) but thought it worth writing up an issue as this snag had me scratching my head for a bit
Edited logs seen in debug mode when things are failing:
LOG7[ui]: Found 1 ready file descriptor(s)
LOG7[ui]: FD=4 events=0x2001 revents=0x0
LOG7[ui]: FD=9 events=0x2001 revents=0x1
LOG7[ui]: Service [REDIS_URL] accepted (FD=3) from 127.0.0.1:38934
LOG7[0]: Service [REDIS_URL] started
LOG7[0]: Option TCP_NODELAY set on local socket
LOG5[0]: Service [REDIS_URL] accepted connection from 127.0.0.1:38934
LOG6[0]: s_connect: connecting <host-ip>:13850
LOG7[0]: s_connect: s_poll_wait <host-ip>:13850: waiting 10 seconds
LOG3[0]: s_connect: connect <host-ip>:13850: Connection refused (111)
LOG3[0]: No more addresses to connect
LOG5[0]: Connection reset: 0 byte(s) sent to TLS, 0 byte(s) sent to socket
LOG7[0]: Local descriptor (FD=3) closed
LOG7[0]: Service [REDIS_URL] finished (0 left)
Edited logs seen when things go through properly using the above commit:
LOG7[ui]: Found 1 ready file descriptor(s)
LOG7[ui]: FD=4 events=0x2001 revents=0x0
LOG7[ui]: FD=9 events=0x2001 revents=0x1
LOG7[ui]: Service [REDIS_URL] accepted (FD=3) from 127.0.0.1:43782
LOG7[0]: Service [REDIS_URL] started
LOG7[0]: Option TCP_NODELAY set on local socket
LOG5[0]: Service [REDIS_URL] accepted connection from 127.0.0.1:43782
LOG6[0]: s_connect: connecting <host-ip>:13849
LOG7[0]: s_connect: s_poll_wait <host-ip>:13849: waiting 10 seconds
LOG5[0]: s_connect: connected <host-ip>:13849
LOG5[0]: Service [REDIS_URL] connected remote server from <remote-server-ip>:55492
LOG7[0]: Option TCP_NODELAY set on remote socket
LOG7[0]: Remote descriptor (FD=10) initialized
LOG6[0]: SNI: sending servername: <host-servername>
LOG6[0]: Peer certificate not required
LOG7[0]: TLS state (connect): before SSL initialization
LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
LOG7[0]: TLS state (connect): SSLv3/TLS write client hello
LOG7[0]: TLS state (connect): SSLv3/TLS read server hello
LOG6[0]: Certificate verification disabled
LOG6[0]: Certificate verification disabled
LOG6[0]: Certificate verification disabled
LOG6[0]: Certificate verification disabled
LOG7[0]: TLS state (connect): SSLv3/TLS read server certificate
LOG7[0]: TLS state (connect): SSLv3/TLS read server key exchange
LOG6[0]: Client certificate not requested
LOG7[0]: TLS state (connect): SSLv3/TLS read server done
LOG7[0]: TLS state (connect): SSLv3/TLS write client key exchange
LOG7[0]: TLS state (connect): SSLv3/TLS write change cipher spec
LOG7[0]: TLS state (connect): SSLv3/TLS write finished
LOG7[0]: TLS state (connect): SSLv3/TLS write finished
LOG7[0]: TLS state (connect): SSLv3/TLS read server session ticket
LOG7[0]: TLS state (connect): SSLv3/TLS read change cipher spec
LOG7[0]: TLS state (connect): SSLv3/TLS read finished
LOG7[0]: 1 client connect(s) requested
LOG7[0]: 1 client connect(s) succeeded
LOG7[0]: 0 client renegotiation(s) requested
LOG7[0]: 0 session reuse(s)
LOG6[0]: TLS connected: new session negotiated
LOG7[0]: Peer certificate was cached (4616 bytes)
Will this be fixed? I've manually bumped down the port to make my app work
@acorncom @mtShaikh Hi! For Heroku Redis 6+, this buildpack should not be used, and instead Redis' native TLS support used instead. As such, this buildpack will be eventually sunset since it's no longer required, rather than support for Redis 6 be added.
I've opened #40 to add a mention of this to the readme.
For using native TLS see:
https://devcenter.heroku.com/articles/heroku-redis#connecting-to-redis
@beanieboi I wonder if this buildpack should do a build-time check for a rediss:// (note the extra s) URL in REDIS_URL, and if found, abort the build with an error that the buildpack should not be used for Redis 6+?