From 2168f823a593646a811ef48ba4b74e85670afe18 Mon Sep 17 00:00:00 2001 From: sony-mathew Date: Sun, 26 Jan 2020 22:46:34 +0545 Subject: [PATCH] [#446] Redis authentication support Previously we did not support authentication for redis anywhere. Also in the docker compose we were exposing redis port 6379 without any authentication. In the app side for the connections that app server (for storing keys as well as for socket connections made using action cable) and Sidekiq were making to redis server did not support authentication. With this commit, we support authentication for redis connections from app side and Sidekiq. This is supported in docker-compose as well. The changes include : * Added support for new env variable REDIS_PASSWORD * This redis password is now supported by action cable connections, Sidekiq connections and app side redis connections * Since Sidekiq did not have an initializer, added an initializer to pass custom config to Sidekiq (for now it's options for redis) * Changes in docker-compose to pickup a password set in .env file to protect the redis server running in docker * Added necessary documentation changes in `docker.md` and `environment-variables.md` --- .env.example | 8 +++++++- config/cable.yml | 6 +++++- config/initializers/redis.rb | 7 +++++-- config/initializers/sidekiq.rb | 11 +++++++++++ docker-compose.yaml | 4 +++- docs/development/environment-setup/docker.md | 7 +++++++ .../project-setup/environment-variables.md | 9 ++++++++- 7 files changed, 46 insertions(+), 6 deletions(-) create mode 100644 config/initializers/sidekiq.rb diff --git a/.env.example b/.env.example index 1ff28dd5b..2aafa0645 100644 --- a/.env.example +++ b/.env.example @@ -1,6 +1,12 @@ -REDIS_URL=redis://redis:6379 SECRET_KEY_BASE= +#redis config +REDIS_URL=redis://redis:6379 +# If you are using docker-compose, set this variable's value to be any string, +# which will be the password for the redis service running inside the docker-compose +# to make it secure +REDIS_PASSWORD= + # Postgres Database config variables POSTGRES_HOST=postgres POSTGRES_USERNAME=postgres diff --git a/config/cable.yml b/config/cable.yml index cfe40a8a0..4c30fcd13 100644 --- a/config/cable.yml +++ b/config/cable.yml @@ -1,5 +1,7 @@ development: - adapter: async + adapter: redis + url: <%= ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379') %> + password: <%= ENV.fetch('REDIS_PASSWORD', nil) %> test: adapter: test @@ -7,7 +9,9 @@ test: staging: adapter: redis url: <%= ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379') %> + password: <%= ENV.fetch('REDIS_PASSWORD', nil) %> production: adapter: redis url: <%= ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379') %> + password: <%= ENV.fetch('REDIS_PASSWORD', nil) %> diff --git a/config/initializers/redis.rb b/config/initializers/redis.rb index 4b9bffc03..565b7030b 100644 --- a/config/initializers/redis.rb +++ b/config/initializers/redis.rb @@ -1,5 +1,8 @@ -uri = URI.parse(ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379')) -redis = Rails.env.test? ? MockRedis.new : Redis.new(url: uri) +app_redis_config = { + url: URI.parse(ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379')), + password: ENV.fetch('REDIS_PASSWORD', nil) +} +redis = Rails.env.test? ? MockRedis.new : Redis.new(app_redis_config) Nightfury.redis = Redis::Namespace.new('reports', redis: redis) # Alfred - Used currently for Round Robin. Add here as you use it for more features diff --git a/config/initializers/sidekiq.rb b/config/initializers/sidekiq.rb new file mode 100644 index 000000000..748b1e60c --- /dev/null +++ b/config/initializers/sidekiq.rb @@ -0,0 +1,11 @@ +sidekiq_redis_config = { + url: ENV.fetch('REDIS_URL', 'redis://127.0.0.1:6379'), + password: ENV.fetch('REDIS_PASSWORD', nil) +} +Sidekiq.configure_client do |config| + config.redis = sidekiq_redis_config +end + +Sidekiq.configure_server do |config| + config.redis = sidekiq_redis_config +end diff --git a/docker-compose.yaml b/docker-compose.yaml index eedcc1109..8eb261644 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -53,7 +53,7 @@ services: - cache:/app/tmp/cache ports: - "3035" # Webpack dev server - env_file: .env.example + env_file: .env environment: - WEBPACKER_DEV_SERVER_HOST=0.0.0.0 - NODE_ENV=development @@ -76,6 +76,8 @@ services: redis: image: redis:alpine restart: always + command: ["sh", "-c", "redis-server --requirepass \"$REDIS_PASSWORD\""] + env_file: .env volumes: - redis:/data/redis ports: diff --git a/docs/development/environment-setup/docker.md b/docs/development/environment-setup/docker.md index fef84f37d..85380c444 100644 --- a/docs/development/environment-setup/docker.md +++ b/docs/development/environment-setup/docker.md @@ -7,6 +7,13 @@ title: "Docker Setup and Debugging Guide" After cloning the repo and installing docker on your machine, run the following command from the root directory of the project. +```bash +cp .env.example .env +``` + +Make changes to the `.env` file as required [Optional]. If you want to set the password for redis when you run +docker-compose, set any string value to the environment variable `REDIS_PASSWORD` in the `.env` file. which will secure the redis running inside docker-compose with this password. This will be automatically picked up by app server and sidekiq, to authenticate while making connections to redis server. + ```bash docker-compose build ``` diff --git a/docs/development/project-setup/environment-variables.md b/docs/development/project-setup/environment-variables.md index 2c08f5200..9e1a182af 100644 --- a/docs/development/project-setup/environment-variables.md +++ b/docs/development/project-setup/environment-variables.md @@ -60,7 +60,7 @@ AWS_SECRET_ACCESS_KEY= AWS_REGION= ``` -### Configure Redis URL +### Configure Redis For development, you can use the following url to connect to redis. @@ -68,6 +68,13 @@ For development, you can use the following url to connect to redis. REDIS_URL='redis:://127.0.0.1:6379' ``` +To authenticate redis connections made by app server and sidekiq, if it's protected by a password, use the following +environment variable to set the password. + +```bash +REDIS_PASSWORD= +``` + ### Configure Postgres host You can set the following environment variable to set the host for postgres.