Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Relax Redis requirement #739

Merged
merged 3 commits into from
Nov 1, 2023
Merged

Relax Redis requirement #739

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
ac62b5b
docs: Note that Redis must have TLS enabled
tsibley Oct 25, 2023
dc0ab05
authn: Store user "stale before" markers durably in SQLite when Redis…
tsibley Oct 25, 2023
64f7d92
Allow and document how to run safely in production mode without Redis
tsibley Oct 25, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@
# local sessions
/sessions/

# local key-value storage (e.g. when Redis isn't configured)
/data/kv.db

# Generated by scripts/collect-datasets.js
/data/datasets_influenza.json
/data/datasets_staging.json
Expand Down
26 changes: 23 additions & 3 deletions docs/production.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -106,9 +106,9 @@ set in the environment.
Redis
=====

Redis 6 is required for session storage and related data. It must be
configured with persistence_ enabled (preferrably both RDB and AOF) and a
specific `key eviction policy`_::
Redis 6 is required by default for session storage and related data. It must
be configured with `TLS support`_, persistence_ enabled (preferrably both RDB
and AOF), and a specific `key eviction policy`_::

maxmemory-policy volatile-ttl

Expand All @@ -122,9 +122,29 @@ TLS (i.e. the `rediss` protocol) is required, but certificate host name
checking is not enabled so a self-signed certificate may be used. User
authentication is recommended but not required.

.. _TLS support: https://redis.io/docs/management/security/encryption/
.. _persistence: https://redis.io/docs/management/persistence/
.. _key eviction policy: https://redis.io/docs/reference/eviction/#eviction-policies

Disabling
---------

Two other requirements must be met to safely disable the requirement for Redis:

1. The app server's filesystem must be persistent and durable (e.g. across
host restarts).

2. Only a single app server instance must be run, *or*, in a load-balancing
configuration of multiple app server instances (e.g. horizontal scaling),
all instances must use a shared filesystem that's consistent and supports
atomic rename-based writes.

If these are met, then the requirement for Redis can be disabled by setting::

REDIS_REQUIRED=false

in the environment or config file.


Session encryption
==================
Expand Down
5 changes: 3 additions & 2 deletions docs/sessions.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -65,8 +65,9 @@ Session objects are stored in Redis under keys like
as JSON.

.. note::
If Redis is not configured (e.g. in local development), then sessions are
stored on the filesystem under :file:`sessions/{session.id}.json`.
If Redis is not configured (e.g. in local development or single-instance
production), then sessions are stored on the filesystem under
:file:`sessions/{session.id}.json`.


Lifetime
Expand Down
Loading
Loading