cookiecutter/cookiecutter-django
1
1
Fork 0
mirror of https://github.com/cookiecutter/cookiecutter-django.git synced 2025-08-05 04:30:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

fix: Redis SSL configuration

Browse Source 
- Move Redis SSL configuration to base settings
- Remove redundant Redis SSL settings from production
- Remove REDIS_SSL env var from Heroku deployment docs
- Use rediss:// URL scheme detection for SSL
This commit is contained in:
qwerrrqw 2024-11-21 13:20:44 +09:00
parent 345ed77162
commit 92a0fdcf1b
3 changed files with 6 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
docs/3-deployment/deployment-on-heroku.rst
View File

@ -22,9 +22,6 @@ Run these commands to deploy the project to Heroku:
heroku addons:create heroku-redis:mini
# Enable Redis TLS support (required for new Heroku Redis instances)
heroku config:set REDIS_SSL=True
# Assuming you chose Mailgun as mail service (see below for others)
heroku addons:create mailgun:starter

9
{{cookiecutter.project_slug}}/config/settings/base.py
View File

@ -2,6 +2,7 @@
"""Base settings to build other settings files upon."""
from pathlib import Path
import ssl
import environ
@ -283,9 +284,7 @@ LOGGING = {
}
REDIS_URL = env("REDIS_URL", default="redis://{% if cookiecutter.use_docker == 'y' %}redis{%else%}localhost{% endif %}:6379/0")
CELERY_BROKER_USE_SSL = env.bool("REDIS_SSL", default=False)
CELERY_REDIS_BACKEND_USE_SSL = env.bool("REDIS_SSL", default=False)
REDIS_SSL = REDIS_URL.startswith("rediss://")
{% if cookiecutter.use_celery == 'y' -%}
# Celery
@ -295,8 +294,12 @@ if USE_TZ:
CELERY_TIMEZONE = TIME_ZONE
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#std:setting-broker_url
CELERY_BROKER_URL = REDIS_URL
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#redis-backend-use-ssl
CELERY_BROKER_USE_SSL = {"ssl_cert_reqs": ssl.CERT_NONE} if REDIS_SSL else None
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#std:setting-result_backend
CELERY_RESULT_BACKEND = REDIS_URL
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#redis-backend-use-ssl
CELERY_REDIS_BACKEND_USE_SSL = CELERY_BROKER_USE_SSL
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#result-extended
CELERY_RESULT_EXTENDED = True
# https://docs.celeryq.dev/en/stable/userguide/configuration.html#result-backend-always-retry

14
{{cookiecutter.project_slug}}/config/settings/production.py
View File

@ -48,20 +48,6 @@ CACHES = {
},
}
REDIS_URL = env("REDIS_TLS_URL", default=env("REDIS_URL"))
REDIS_SSL = env.bool("REDIS_SSL", default=False)
CERT_NONE = 0
if REDIS_SSL:
CELERY_REDIS_BACKEND_USE_SSL = {"ssl_cert_reqs": CERT_NONE}
CELERY_BROKER_USE_SSL = {"ssl_cert_reqs": CERT_NONE}
CACHES["default"]["OPTIONS"]["CONNECTION_POOL_CLASS"] = "redis.connection.SSLConnection"
CACHES["default"]["OPTIONS"]["SSL_CERT_REQS"] = CERT_NONE
CELERY_BROKER_CONNECTION_RETRY_ON_STARTUP = True
# SECURITY
# ------------------------------------------------------------------------------
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header