Laravel + Redis缓存通过SSL? [英] Laravel + Redis Cache via SSL?

问题描述

我正在尝试使用信息 https://github.com/nrk使用predis 1.1和SSL连接到Redis. /predis ，其中在示例中使用以下配置:

I am trying to connect to Redis with predis 1.1 and SSL, using information https://github.com/nrk/predis, where in the example the following configuration is used:

// Named array of connection parameters:
$client = new Predis\Client([
  'scheme' => 'tls',
  'ssl'    => ['cafile' => 'private.pem', 'verify_peer' => true],
]);

我的Laravel配置如下所示:

My Laravel configuration looks like below:

'redis' => [
        'client' => 'predis',
        'cluster' => env('REDIS_CLUSTER', false),

        'default' => [
            'host' => env('REDIS_HOST', 'localhost'),
            'password' => env('REDIS_PASSWORD', null),
            'port' => env('REDIS_PORT', 6379),
            'database' => 0,
        ],

        'options' => [
            'cluster' => 'redis',
            'parameters' => ['password' => env('REDIS_PASSWORD', null)],
            'scheme' => 'tls',
            'ssl'    => ['verify_peer' => false],
        ],
    ],

由于我没有用于SSL的密钥，因此我禁用了对等验证(根据 http://php.net/manual/zh/context.ssl.php ).

Since I don't have the key used for SSL I disabled the peer verification (as per http://php.net/manual/en/context.ssl.php).

不幸的是，我遇到以下错误:

Unfortunately I am getting the following error:

ConnectionException in AbstractConnection.php line 155:
Error while reading line from the server. [tcp://MY_REDIS_SERVER_URL:6380]

建议表示赞赏:)

推荐答案

我能够使它正常工作！

您需要将方案"从'options'移至'default':

You need to move 'scheme' from 'options' to 'default':

我的工作配置:

'redis' => [
    'client' => 'predis',
    'cluster' => env('REDIS_CLUSTER', false),

    'default' => [
        'scheme' => 'tls',
        'host' => env('REDIS_HOST', 'localhost'),
        'password' => env('REDIS_PASSWORD', null),
        'port' => env('REDIS_PORT', 6379),
        'database' => 0,
    ],

    'options' => [
        'parameters' => ['password' => env('REDIS_PASSWORD', null)],
        'ssl'    => ['verify_peer' => false],
    ],
],

注意:我还从'options'中删除了'cluster'选项，但我不怀疑这是此问题的成败关键.

Note: I had also removed the 'cluster' option from 'options', but I don't suspect this to be the make-or-break with this problem.

在最终配置中，将其更改为:'scheme' => env('REDIS_SCHEME', 'tcp'),，然后在我的环境文件中定义了REDIS_SCHEME=tls.

In my final-final config, I changed it to: 'scheme' => env('REDIS_SCHEME', 'tcp'), and then defined REDIS_SCHEME=tls in my env file instead.

在启用了TLS的AWS ElastiCache上进行了测试.

Tested with AWS ElastiCache with TLS enabled.

修改: 上面的配置仅适用于单节点redis.如果碰巧启用群集和 TLS，那么您将完全需要其他配置.

The above config only works with single-node redis. If you happen to enable clustering and TLS then you'll need a different config entirely.

'redis' => [
        'client' => 'predis',
        'cluster' => env('REDIS_CLUSTER', false),

        // Note! for single redis nodes, the default is defined here.
        // keeping it here for clusters will actually prevent the cluster config
        // from being used, it'll assume single node only.
        //'default' => [
        //    ...
        //],

        // #pro-tip, you can use the Cluster config even for single instances!
        'clusters' => [
            'default' => [
                [
                    'scheme'   => env('REDIS_SCHEME', 'tcp'),
                    'host'     => env('REDIS_HOST', 'localhost'),
                    'password' => env('REDIS_PASSWORD', null),
                    'port'     => env('REDIS_PORT', 6379),
                    'database' => env('REDIS_DATABASE', 0),
                ],
            ],
            'options' => [ // Clustering specific options
                'cluster' => 'redis', // This tells Redis Client lib to follow redirects (from cluster)
            ]
        ],
        'options' => [
            'parameters' => [ // Parameters provide defaults for the Connection Factory
                'password' => env('REDIS_PASSWORD', null), // Redirects need PW for the other nodes
                'scheme'   => env('REDIS_SCHEME', 'tcp'),  // Redirects also must match scheme
            ],
            'ssl'    => ['verify_peer' => false], // Since we dont have TLS cert to verify
        ]
    ]

解释以上内容:

• 'client' => 'predis':这指定要使用的PHP库Redis驱动程序(predis).
• 'cluster' => 'redis':这告诉Predis假定服务器端集群.这仅表示遵循重定向"(例如-MOVED响应).在群集上运行时，节点将以-MOVED响应您必须要求特定密钥的节点.
  • 如果未对Redis集群启用此功能，Laravel将抛出-MOVED异常1/ n 次， n 是Redis中的节点数集群(这很幸运，每隔一段时间会询问一次正确的节点)
  • 'client' => 'predis': This specifies the PHP Library Redis driver to use (predis).
  • 'cluster' => 'redis': This tells Predis to assume server-side clustering. Which just means "follow redirects" (e.g. -MOVED responses). When running with a cluster, a node will respond with a -MOVED to the node that you must ask for a specific key.
    • If you don't have this enabled with Redis Clusters, Laravel will throw a -MOVED exception 1/n times, n being the number of nodes in Redis cluster (it'll get lucky and ask the right node every once in awhile)

    这篇关于Laravel + Redis缓存通过SSL?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！