Skip to content

Commit

Permalink
Conditionally disable the TLS unauthorized cert check based on REDIS_…
Browse files Browse the repository at this point in the history
…URL (github#17978)

* Conditionally disable the TLS unauthorized cert check based on REDIS_URL

* Update middleware/rate-limit.js
  • Loading branch information
JamesMGreene authored Feb 24, 2021
1 parent 63cf0c8 commit e94b52d
Show file tree
Hide file tree
Showing 3 changed files with 24 additions and 9 deletions.
11 changes: 8 additions & 3 deletions lib/redis-accessor.js
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,14 @@ class RedisAccessor {
? new Redis(REDIS_URL, {
...redisBaseOptions,
db: databaseNumber,
tls: {
// Required for production Heroku Redis
rejectUnauthorized: false

// Only add this configuration for TLS-enabled REDIS_URL values.
// Otherwise, it breaks for local Redis instances without TLS enabled.
...REDIS_URL.startsWith('rediss://') && {
tls: {
// Required for production Heroku Redis
rejectUnauthorized: false
}
}
})
: new InMemoryRedis()
Expand Down
11 changes: 8 additions & 3 deletions middleware/rate-limit.js
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,14 @@ module.exports = rateLimit({
store: REDIS_URL && new RedisStore({
client: new Redis(REDIS_URL, {
db: rateLimitDatabaseNumber,
tls: {
// Required for production Heroku Redis
rejectUnauthorized: false

// Only add this configuration for TLS-enabled REDIS_URL values.
// Otherwise, it breaks for local Redis instances without TLS enabled.
...REDIS_URL.startsWith('rediss://') && {
tls: {
// Required for production Heroku Redis
rejectUnauthorized: false
}
}
}),
// 1 minute (or practically unlimited outside of production)
Expand Down
11 changes: 8 additions & 3 deletions script/purge-redis-pages.js
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,14 @@ purgeRenderedPageCache()
function purgeRenderedPageCache () {
const redisClient = new Redis(REDIS_URL, {
db: pageCacheDatabaseNumber,
tls: {
// Required for production Heroku Redis
rejectUnauthorized: false

// Only add this configuration for TLS-enabled REDIS_URL values.
// Otherwise, it breaks for local Redis instances without TLS enabled.
...REDIS_URL.startsWith('rediss://') && {
tls: {
// Required for production Heroku Redis
rejectUnauthorized: false
}
}
})
let totalKeyCount = 0
Expand Down

0 comments on commit e94b52d

Please sign in to comment.