通过 SSL 的 Laravel + Redis 缓存?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/41762751/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Laravel + Redis Cache via SSL?
提问by Lech Migdal
I am trying to connect to Redis with predis 1.1 and SSL, using information https://github.com/nrk/predis, where in the example the following configuration is used:
我正在尝试使用信息https://github.com/nrk/predis连接到带有 predis 1.1 和 SSL 的 Redis ,其中在示例中使用了以下配置:
// Named array of connection parameters:
$client = new Predis\Client([
'scheme' => 'tls',
'ssl' => ['cafile' => 'private.pem', 'verify_peer' => true],
]);
My Laravel configuration looks like below:
我的 Laravel 配置如下所示:
'redis' => [
'client' => 'predis',
'cluster' => env('REDIS_CLUSTER', false),
'default' => [
'host' => env('REDIS_HOST', 'localhost'),
'password' => env('REDIS_PASSWORD', null),
'port' => env('REDIS_PORT', 6379),
'database' => 0,
],
'options' => [
'cluster' => 'redis',
'parameters' => ['password' => env('REDIS_PASSWORD', null)],
'scheme' => 'tls',
'ssl' => ['verify_peer' => false],
],
],
Since I don't have the key used for SSL I disabled the peer verification (as per http://php.net/manual/en/context.ssl.php).
由于我没有用于 SSL 的密钥,因此我禁用了对等验证(根据http://php.net/manual/en/context.ssl.php)。
Unfortunately I am getting the following error:
不幸的是,我收到以下错误:
ConnectionException in AbstractConnection.php line 155:
Error while reading line from the server. [tcp://MY_REDIS_SERVER_URL:6380]
Suggestions are appreciated :)
建议表示赞赏:)
回答by CenterOrbit
I was able to get it to work!
我能够让它工作!
You need to move 'scheme' from 'options'to 'default':
您需要将“方案”从'options'移至'default':
My working config:
我的工作配置:
'redis' => [
'client' => 'predis',
'cluster' => env('REDIS_CLUSTER', false),
'default' => [
'scheme' => 'tls',
'host' => env('REDIS_HOST', 'localhost'),
'password' => env('REDIS_PASSWORD', null),
'port' => env('REDIS_PORT', 6379),
'database' => 0,
],
'options' => [
'parameters' => ['password' => env('REDIS_PASSWORD', null)],
'ssl' => ['verify_peer' => false],
],
],
Note: I had also removed the 'cluster'option from 'options', but I don't suspect this to be the make-or-break with this problem.
注意:我也'cluster'从 中删除了该选项'options',但我不怀疑这是此问题的成败。
In my final-final config, I changed it to: 'scheme' => env('REDIS_SCHEME', 'tcp'),and then defined REDIS_SCHEME=tlsin my env file instead.
在我的 final-final 配置中,我将其更改为:'scheme' => env('REDIS_SCHEME', 'tcp'),然后REDIS_SCHEME=tls在我的 env 文件中定义。
Tested with AWS ElastiCache with TLS enabled.
使用启用 TLS 的 AWS ElastiCache 进行测试。
Edit:The above config only works with single-node redis. If you happen to enable clustering andTLS then you'll need a different config entirely.
编辑:上述配置仅适用于单节点 redis。如果您碰巧启用了集群和TLS,那么您将需要完全不同的配置。
'redis' => [
'client' => 'predis',
'cluster' => env('REDIS_CLUSTER', false),
// Note! for single redis nodes, the default is defined here.
// keeping it here for clusters will actually prevent the cluster config
// from being used, it'll assume single node only.
//'default' => [
// ...
//],
// #pro-tip, you can use the Cluster config even for single instances!
'clusters' => [
'default' => [
[
'scheme' => env('REDIS_SCHEME', 'tcp'),
'host' => env('REDIS_HOST', 'localhost'),
'password' => env('REDIS_PASSWORD', null),
'port' => env('REDIS_PORT', 6379),
'database' => env('REDIS_DATABASE', 0),
],
],
'options' => [ // Clustering specific options
'cluster' => 'redis', // This tells Redis Client lib to follow redirects (from cluster)
]
],
'options' => [
'parameters' => [ // Parameters provide defaults for the Connection Factory
'password' => env('REDIS_PASSWORD', null), // Redirects need PW for the other nodes
'scheme' => env('REDIS_SCHEME', 'tcp'), // Redirects also must match scheme
],
'ssl' => ['verify_peer' => false], // Since we dont have TLS cert to verify
]
]
Explaining the above:
解释以上内容:
'client' => 'predis': This specifies the PHP Library Redis driver to use (predis).'cluster' => 'redis': This tells Predis to assume server-side clustering. Which just means "follow redirects" (e.g.-MOVEDresponses). When running with a cluster, a node will respond with a-MOVEDto the node that you must ask for a specific key.- If you don't have this enabled with Redis Clusters, Laravel will throw a
-MOVEDexception 1/ntimes, nbeing the number of nodes in Redis cluster (it'll get lucky and ask the right node every once in awhile)
- If you don't have this enabled with Redis Clusters, Laravel will throw a
'clusters' => [...]: Specifies a list of nodes, but setting just a 'default' and pointing it to the AWS 'Configuration endpoint'will let it find any/all other nodes dynamically (recommended for Elasticache, because you don't know when nodes are comin' or goin').'options': For Laravel, can be specified at the top-level, cluster-level, and node option. (they get combined in Illuminate before being passed off to Predis)'parameters': These 'override' the default connection settings/assumptions that Predis uses for new connections. Since we set them explicitly for the 'default' connection, these aren't used. But for a cluster setup, they are critical. A 'master' node may send back a redirect (-MOVED) and unless the parameters are set forpasswordandschemeit'll assume defaults, and that new connection to the new node will fail.
'client' => 'predis':这指定要使用的 PHP 库 Redis 驱动程序 (predis)。'cluster' => 'redis':这告诉 Predis 假设服务器端集群。这只是意味着“跟随重定向”(例如-MOVED响应)。与集群一起运行时,节点将响应-MOVED您必须请求特定密钥的节点。- 如果您没有在 Redis Clusters 中启用此功能,Laravel 将抛出
-MOVED1/ n次异常,n是 Redis 集群中的节点数(它会很幸运并每隔一段时间询问正确的节点)
- 如果您没有在 Redis Clusters 中启用此功能,Laravel 将抛出
'clusters' => [...]:指定节点列表,但仅设置一个“默认”并将其指向AWS 的“配置端点”将使其动态查找任何/所有其他节点(推荐用于 Elasticache,因为您不知道节点何时到来)或去')。'options':对于Laravel,可以在top-level、cluster-level、node选项中指定。(在传递给 Predis 之前,它们在 Illuminate 中组合在一起)'parameters':这些“覆盖” Predis 用于新连接的默认连接设置/假设。由于我们为“默认”连接明确设置了它们,因此不使用它们。但对于集群设置,它们至关重要。“主”节点可能会发回重定向 (-MOVED) 并且除非设置了参数password并且scheme它将采用默认值,否则到新节点的新连接将失败。
回答by Jason Klein
Thank you CenterOrbit!!
谢谢中心轨道!!
I can confirm the first solution does allow Laravel to connect to a Redis serverover TLS. Tested with Redis 3.2.6 on AWS ElastiCache with TLS, configured as single node and single shard.
我可以确认第一个解决方案确实允许 Laravel通过 TLS连接到 Redis服务器。在带有 TLS 的 AWS ElastiCache 上使用 Redis 3.2.6 进行测试,配置为单节点和单分片。
I can also confirm the second solution does allow Laravel to connect to a Redis Clusterover TLS. Tested with Redis 3.2.6 on AWS ElastiCache with TLS, configured with "Cluster Mode Enabled", 1 shard, 1 replica per shard.
我还可以确认第二个解决方案确实允许 Laravel通过 TLS连接到 Redis集群。在带有 TLS 的 AWS ElastiCache 上使用 Redis 3.2.6 进行测试,配置为“启用集群模式”,1 个分片,每个分片 1 个副本。
I was receiving the following error when I first tried to implement the cluster solution:
我第一次尝试实施集群解决方案时收到以下错误:
Error: Unsupported operand types
I missed the additional set of array brackets when I moved the "default" settings into the "clusters" array.
当我将“默认”设置移动到“集群”数组时,我错过了一组额外的数组括号。
INCORRECT
不正确
'clusters' => [
'default' => [
'scheme' ...
]
]
CORRECT
正确的
'clusters' => [
'default' => [
[
'scheme' ...
]
]
]
I hope this saves someone else a bit of troubleshooting time.
我希望这可以为其他人节省一些故障排除时间。
