Encryption in-transit for Redis is not reachable by Redash

ed_xplor · November 16, 2021, 4:06pm

We self-host Redash in AWS with Fargate, Elasticache Redis & RDS. Redis was reachable when Encryption in-transit was OFF. After we changed the REDASH_REDIS_URL to encryption enabled endpoint, there is no connection.

Fargate started the service with the latest Redash docker image to spin up. All security groups configured inbound allowing port 6379 & 443. Without “encryption in-transit”, the data is vulnerable. Does anyone have experience to make Redis Encryption in-transit work for Redash? Assistance highly appreciated.

Original URL was http://<fargate_ip>:5000/ reachable when Redis is direct to non encryption in-transit Redis url.

Redash Version: V.10.0.0
Browser/OS: Chrome 90.0.4430.212

jesse · November 17, 2021, 3:27pm

Try changing the redis URL in your environment from:

redis://<ip address of your elasticache>:6379/0

to

rediss://<ip address of your elasticache>:6379/0

Background

ElasticCache uses SSL for encrypted-in-transit connections.

Redash uses the official redis python client (see here), which requires an extra s on the connection string to support SSL.

ed_xplor · November 17, 2021, 11:01pm

Thank you @jesse That works!! New revision I changed REDASH_REDIS_URL=rediss://…, no more pending, logs normally.