Redis user:password issues?

  • Resolved brndnl0

    (@brndnl0)


    5 months, 2 weeks ago

    I’m sharing a single Redis instance amongst a few sites and trying to lock down each site to have it’s own ACLs within Redis.

    But similar to the previous issue here – I can’t seem to get Redis to work using the syntax type of redis://user:pass@localhost:6379.

    I can confirm the credentials work via redis-cli and there are no firewall issues. I also have the same details working for object cache on other plugins, albeit via different methods.

    On reading the documentation for the DSN configuration – it seems that maybe user+password syntax is limited to a method (2nd below) that doesn’t seem to be supported within the Crowdsec WP plugin?:

    A?Data Source Name (DSN)?for this adapter must use either one of the following formats.?

    redis[s]://[pass@][ip|host|socket[:port]][/db-index]
    redis[s]:[[user]:pass@]?[ip|host|socket[:port]][&params]

    Values for placeholders [user][:port][/db-index] and [&params] are optional.

    Oddly enough the redis default user will work if a password is assigned – ie. default:pass@localhost or pass@localhost – but this defeats the purpose of what I would like to achieve by having seperate redis acls/users per site to create some isolation.

    Hope you can help, thanks in advance.

Viewing 7 replies - 1 through 7 (of 7 total)
  • Thread Starter brndnl0

    (@brndnl0)

    Just to add – I seem to be able to use redis:user:pass@?host[localhost:6379], but only with default redis user.

    Hi @brndnl0 ,
    thanks for your message.

    I think it should work unless there’s a problem with the Symfony cache component itself.

    On reading the documentation, you may have to use redis:user:pass@localhost:6379

    Can you try with this ?
    Can you also try a password without special characters (especially @)?
    Just in case, maybe try also redis:user:[email protected]:6379

    Do you have an error message somewhere ? (maybe in wp-content/uploads/crowdsec if you activate the debug log mode in the advanced settings of the plugin, or in the admin view when you save settings or try the bouncer)

    Thanks

    Thread Starter brndnl0

    (@brndnl0)

    Thanks for getting back.

    So as per the previous issue post I have been testing this without any special characters in the username or password. I’m also testing each user with redis-cli auth command and they work fine, as well as with other plugins.

    When testing DSN using redis:user:pass@localhost:6379 or redis:user:[email protected]:6379 I get the below message:

    There was an error while testing new DSN (redis:test:test@localhost:6379): Error when creating Redis cache adapter:Redis connection failed: php_network_getaddresses: getaddrinfo for localhost:6379 failed: Name or service not known

    I’ve also checked logs – debug.log just prints the config without any errors.

    prod.log will only show errors if I don’t add a password for the default user (ie. redis://pass@localhost:6379 or redis://defaultuser:pass@localhost:6379) as it seems to accept redis://localhost:6379 as a valid endpoint and will give the impression it is working but will quickly fill the logs with NOAUTH messages – not sure if this is a bug?

    I’ve noticed the server I’m working on has a fairly old version of Redis (6.0.16) – is this potentially incompatible with the Symfony adapter?

    Thanks again for your help.

    • This reply was modified 5 months, 2 weeks ago by brndnl0.

    Hi @brndnl0,

    I was able to reproduce the bug: Redis connection failed with a user/password pair when the user is not the default one.

    I discovered that there was an issue about it in the Symfony repo.

    This has been fixed and, for some reason, the version included in this plugin doesn’t have the fix.

    I’ll see as soon as possible how to fix this in the plugin code as well.


    Thanks again for pointing this out.


    P.S: It’s not important but I don’t see your last post in this topic. It’s probably a bug in this WordPress forum. Luckily, I received an email with the content of your last post.

    Thread Starter brndnl0

    (@brndnl0)

    No worries, thanks for your help.

    And yes re: last post I edited a typo after posting and it was flagged for moderation, seems to be public now.

    Looking forward to the update!

    Hi @brndnl0,

    I’ve just published release 2.6.4 of the plugin, with the Redis DSN fix.

    Now, you should be able to use the following DSN settings:

    • redis:redis_user:redis_password@?host[redis_host:6379]

      or
    • redis://redis_user:redis_password@redis_host:6379

    Please let me know if it works for you.

    Thanks

    Thread Starter brndnl0

    (@brndnl0)

    Can confirm that is now working perfectly, thanks!

Viewing 7 replies - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.

Tags