mirror of
https://github.com/cookiecutter/cookiecutter-django.git
synced 2025-08-05 04:30:16 +03:00
fix: Redis SSL configuration
- Move Redis SSL configuration to base settings - Remove redundant Redis SSL settings from production - Remove REDIS_SSL env var from Heroku deployment docs - Use rediss:// URL scheme detection for SSL
This commit is contained in:
parent
345ed77162
commit
92a0fdcf1b
|
@ -22,9 +22,6 @@ Run these commands to deploy the project to Heroku:
|
|||
|
||||
heroku addons:create heroku-redis:mini
|
||||
|
||||
# Enable Redis TLS support (required for new Heroku Redis instances)
|
||||
heroku config:set REDIS_SSL=True
|
||||
|
||||
# Assuming you chose Mailgun as mail service (see below for others)
|
||||
heroku addons:create mailgun:starter
|
||||
|
||||
|
|
|
@ -2,6 +2,7 @@
|
|||
"""Base settings to build other settings files upon."""
|
||||
|
||||
from pathlib import Path
|
||||
import ssl
|
||||
|
||||
import environ
|
||||
|
||||
|
@ -283,9 +284,7 @@ LOGGING = {
|
|||
}
|
||||
|
||||
REDIS_URL = env("REDIS_URL", default="redis://{% if cookiecutter.use_docker == 'y' %}redis{%else%}localhost{% endif %}:6379/0")
|
||||
CELERY_BROKER_USE_SSL = env.bool("REDIS_SSL", default=False)
|
||||
CELERY_REDIS_BACKEND_USE_SSL = env.bool("REDIS_SSL", default=False)
|
||||
|
||||
REDIS_SSL = REDIS_URL.startswith("rediss://")
|
||||
|
||||
{% if cookiecutter.use_celery == 'y' -%}
|
||||
# Celery
|
||||
|
@ -295,8 +294,12 @@ if USE_TZ:
|
|||
CELERY_TIMEZONE = TIME_ZONE
|
||||
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#std:setting-broker_url
|
||||
CELERY_BROKER_URL = REDIS_URL
|
||||
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#redis-backend-use-ssl
|
||||
CELERY_BROKER_USE_SSL = {"ssl_cert_reqs": ssl.CERT_NONE} if REDIS_SSL else None
|
||||
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#std:setting-result_backend
|
||||
CELERY_RESULT_BACKEND = REDIS_URL
|
||||
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#redis-backend-use-ssl
|
||||
CELERY_REDIS_BACKEND_USE_SSL = CELERY_BROKER_USE_SSL
|
||||
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#result-extended
|
||||
CELERY_RESULT_EXTENDED = True
|
||||
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#result-backend-always-retry
|
||||
|
|
|
@ -48,20 +48,6 @@ CACHES = {
|
|||
},
|
||||
}
|
||||
|
||||
|
||||
REDIS_URL = env("REDIS_TLS_URL", default=env("REDIS_URL"))
|
||||
REDIS_SSL = env.bool("REDIS_SSL", default=False)
|
||||
|
||||
CERT_NONE = 0
|
||||
|
||||
if REDIS_SSL:
|
||||
CELERY_REDIS_BACKEND_USE_SSL = {"ssl_cert_reqs": CERT_NONE}
|
||||
CELERY_BROKER_USE_SSL = {"ssl_cert_reqs": CERT_NONE}
|
||||
CACHES["default"]["OPTIONS"]["CONNECTION_POOL_CLASS"] = "redis.connection.SSLConnection"
|
||||
CACHES["default"]["OPTIONS"]["SSL_CERT_REQS"] = CERT_NONE
|
||||
|
||||
CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP = True
|
||||
|
||||
# SECURITY
|
||||
# ------------------------------------------------------------------------------
|
||||
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
|
||||
|
|
Loading…
Reference in New Issue
Block a user