Redis authentication support?

[jathek]

📋 Description

Please support Redis password protected instances. I went through the documentation and it appears that Shields can only connect to unprotected Redis instances.

[calebcartwright]

it appears that Shields can only connect to unprotected Redis instances.

That's incorrect.

Additionally, it's very rare that a self-hosted Shields server actually needs to utilize a Redis instance for a pool of GitHub tokens as opposed to just using a single token (https://github.com/badges/shields/blob/master/doc/server-secrets.md#github). The only time you'd actually need to use Redis with a self-hosted instance is if you have a single self-hosted Shields server that's hitting GitHub's rate limits (5k requests/hour to GitHub, or 15k/hour for GitHub Enterprise Cloud).

Are you hitting such rate limits using a single GitHub token? If not could you expand on why you need the Redis-backed pool of GitHub tokens?

Regarding the Redis piece itself, for Shields.io we use, and strongly encourage any self-hosters to use, TLS connections (not enabled by default). We utilize Compose.io for Shields.io Redis hosting with TLS connections utilizing the ioredis package, and we include the auth information within the Redis URL (e.g. rediss://user:password@....). We just use this as the means for specifying Redis authentication credentials as opposed to having an additional set of configuration variables.

https://www.compose.com/articles/ssl-connections-arrive-for-redis-on-compose/

[jathek]

Are you hitting such rate limits using a single GitHub token? If not could you expand on why you need the Redis-backed pool of GitHub tokens?

No I'm not, I just had a redis server so I thought I might as well connect it.

Regarding the Redis piece itself, for Shields.io we use, and strongly encourage any self-hosters to use, TLS connections (not enabled by default). We utilize Compose.io for Shields.io Redis hosting with TLS connections utilizing the ioredis package, and we include the auth information within the Redis URL (e.g. rediss://user:password@....). We just use this as the means for specifying Redis authentication credentials as opposed to having an additional set of configuration variables.

I'm sorry I missed this if it was documented somewhere, thanks.

[calebcartwright]

I'm sorry I missed this if it was documented somewhere, thanks.

No worries! I actually don't think it's called out specifically anywhere, though including auth in the url/connection string with Redis is pretty common and well known. It might be helpful to expand the documentation a bit.

No I'm not, I just had a redis server so I thought I might as well connect it.

Gotcha. Definitely not needed, and definitely won't do anything for your server so would advise skipping it.

[jathek]

I did get it working with my redis container after your comment, just out of curiosity, but I'll take it out since I'll never need it.

Nothing else to do here, so I'll close. Thanks!

[paulmelnikow]

@nearcatch If you have a few minutes to try to improve the self-hosting documentation to clarify this point about not needing Redis for the next person, contributions would be welcome!