[#446] Redis authentication support

Previously we did not support authentication for redis anywhere. Also in the docker compose we were exposing redis port 6379 without any authentication. In the app side for the connections that app server (for storing keys as well as for socket connections made using action cable) and Sidekiq were making to redis server did not support authentication. With this commit, we support authentication for redis connections from app side and Sidekiq. This is supported in docker-compose as well. The changes include : * Added support for new env variable REDIS_PASSWORD * This redis password is now supported by action cable connections, Sidekiq connections and app side redis connections * Since Sidekiq did not have an initializer, added an initializer to pass custom config to Sidekiq (for now it's options for redis) * Changes in docker-compose to pickup a password set in .env file to protect the redis server running in docker * Added necessary documentation changes in `docker.md` and `environment-variables.md`
2020-01-26 22:46:34 +05:45 · 2020-01-26 22:46:34 +05:45 · 2168f823a5
commit 2168f823a5
parent e04ff6441b
7 changed files with 46 additions and 6 deletions
--- a/.env.example
+++ b/.env.example
@ -1,6 +1,12 @@
-REDIS_URL=redis://redis:6379
 SECRET_KEY_BASE=

+#redis config
+REDIS_URL=redis://redis:6379
+# If you are using docker-compose, set this variable's value to be any string,
+# which will be the password for the redis service running inside the docker-compose
+# to make it secure
+REDIS_PASSWORD=
+
 # Postgres Database config variables
 POSTGRES_HOST=postgres
 POSTGRES_USERNAME=postgres
--- a/config/cable.yml
+++ b/config/cable.yml
@ -1,5 +1,7 @@
 development:
-  adapter: async
+  adapter: redis
+  url: <%= ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379') %>
+  password: <%= ENV.fetch('REDIS_PASSWORD', nil) %>

 test:
  adapter: test
@ -7,7 +9,9 @@ test:
 staging:
  adapter: redis
  url: <%= ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379') %>
+  password: <%= ENV.fetch('REDIS_PASSWORD', nil) %>

 production:
  adapter: redis
  url: <%= ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379') %>
+  password: <%= ENV.fetch('REDIS_PASSWORD', nil) %>
--- a/config/initializers/redis.rb
+++ b/config/initializers/redis.rb
@ -1,5 +1,8 @@
-uri = URI.parse(ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379'))
-redis = Rails.env.test? ? MockRedis.new : Redis.new(url: uri)
+app_redis_config = {
+    url: URI.parse(ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379')),
+    password: ENV.fetch('REDIS_PASSWORD', nil)
+}
+redis = Rails.env.test? ? MockRedis.new : Redis.new(app_redis_config)
 Nightfury.redis = Redis::Namespace.new('reports', redis: redis)

 # Alfred - Used currently for Round Robin. Add here as you use it for more features
--- a/config/initializers/sidekiq.rb
+++ b/config/initializers/sidekiq.rb
@ -0,0 +1,11 @@
+sidekiq_redis_config = {
+    url: ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379'),
+    password: ENV.fetch('REDIS_PASSWORD', nil)
+}
+Sidekiq.configure_client do |config|
+    config.redis = sidekiq_redis_config
+end
+
+Sidekiq.configure_server do |config|
+    config.redis = sidekiq_redis_config
+end
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@ -53,7 +53,7 @@ services:
      - cache:/app/tmp/cache
    ports:
      - "3035" # Webpack dev server
-    env_file: .env.example
+    env_file: .env
    environment:
      - WEBPACKER_DEV_SERVER_HOST=0.0.0.0
      - NODE_ENV=development
@ -76,6 +76,8 @@ services:
  redis:
    image: redis:alpine
    restart: always
+    command: ["sh", "-c", "redis-server --requirepass \"$REDIS_PASSWORD\""]
+    env_file: .env
    volumes:
      - redis:/data/redis
    ports:
--- a/docs/development/environment-setup/docker.md
+++ b/docs/development/environment-setup/docker.md
@ -7,6 +7,13 @@ title: "Docker Setup and Debugging Guide"

 After cloning the repo and installing docker on your machine, run the following command from the root directory of the project.

+```bash
+cp .env.example .env
+```
+
+Make changes to the `.env` file as required [Optional]. If you want to set the password for redis when you run
+docker-compose, set any string value to the environment variable `REDIS_PASSWORD` in the `.env` file. which will secure the redis running inside docker-compose with this password. This will be automatically picked up by app server and sidekiq, to authenticate while making connections to redis server.
+
 ```bash
 docker-compose build
 ```
--- a/docs/development/project-setup/environment-variables.md
+++ b/docs/development/project-setup/environment-variables.md
@ -60,7 +60,7 @@ AWS_SECRET_ACCESS_KEY=
 AWS_REGION=
 ```

-### Configure Redis URL
+### Configure Redis

 For development, you can use the following url to connect to redis.

@ -68,6 +68,13 @@ For development, you can use the following url to connect to redis.
 REDIS_URL='redis:://127.0.0.1:6379'
 ```

+To authenticate redis connections made by app server and sidekiq, if it's protected by a password, use the following
+environment variable to set the password.
+
+```bash
+REDIS_PASSWORD=
+```
+
 ### Configure Postgres host

 You can set the following environment variable to set the host for postgres.