From 7e7d6d94e6c31cf621f5ed283f8d60b2ecd5cacc Mon Sep 17 00:00:00 2001 From: Bryan Date: Fri, 18 Nov 2022 13:44:41 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E4=BF=AE=E5=A4=8D=20channels-redis=20?= =?UTF-8?q?=E5=BA=93=E5=8D=87=E7=BA=A7=E5=AF=BC=E8=87=B4=20ws=20=E6=9F=A5?= =?UTF-8?q?=E7=9C=8B=E4=BB=BB=E5=8A=A1=E6=97=A5=E5=BF=97=E5=A4=B1=E8=B4=A5?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98;=20=E4=BF=AE=E6=94=B9=20REDIS=5FLAY?= =?UTF-8?q?ERS=5FHOST=20=E5=8F=98=E9=87=8F;=20=E4=BF=AE=E6=94=B9=20Channel?= =?UTF-8?q?=20SSL=20=E9=85=8D=E7=BD=AE=E9=A1=B9;?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- apps/jumpserver/settings/libs.py | 48 +++++++++++++++++++------------- 1 file changed, 28 insertions(+), 20 deletions(-) diff --git a/apps/jumpserver/settings/libs.py b/apps/jumpserver/settings/libs.py index 28437fe05..8ee84dd0f 100644 --- a/apps/jumpserver/settings/libs.py +++ b/apps/jumpserver/settings/libs.py @@ -1,11 +1,11 @@ # -*- coding: utf-8 -*- # import os -import ssl +from urllib.parse import urlencode from .base import ( REDIS_SSL_CA, REDIS_SSL_CERT, REDIS_SSL_KEY, REDIS_SSL_REQUIRED, REDIS_USE_SSL, - REDIS_SENTINEL_SERVICE_NAME, REDIS_SENTINELS, REDIS_SENTINEL_PASSWORD, + REDIS_PROTOCOL, REDIS_SENTINEL_SERVICE_NAME, REDIS_SENTINELS, REDIS_SENTINEL_PASSWORD, REDIS_SENTINEL_SOCKET_TIMEOUT ) from ..const import CONFIG, PROJECT_DIR @@ -81,41 +81,49 @@ BOOTSTRAP3 = { } # Django channels support websocket -if not REDIS_USE_SSL: - redis_ssl = None -else: - redis_ssl = ssl.SSLContext() - redis_ssl.check_hostname = bool(CONFIG.REDIS_SSL_REQUIRED) - if REDIS_SSL_CA: - redis_ssl.load_verify_locations(REDIS_SSL_CA) - if REDIS_SSL_CERT and REDIS_SSL_KEY: - redis_ssl.load_cert_chain(REDIS_SSL_CERT, REDIS_SSL_KEY) - -REDIS_HOST = { +REDIS_LAYERS_HOST = { 'db': CONFIG.REDIS_DB_WS, 'password': CONFIG.REDIS_PASSWORD or None, - 'ssl': redis_ssl, } +REDIS_LAYERS_SSL_PARAMS = {} +if REDIS_USE_SSL: + REDIS_LAYERS_SSL_PARAMS.update({ + 'ssl': REDIS_USE_SSL, + 'ssl_cert_reqs': REDIS_SSL_REQUIRED, + "ssl_keyfile": REDIS_SSL_KEY, + "ssl_certfile": REDIS_SSL_CERT, + "ssl_ca_certs": REDIS_SSL_CA + }) + REDIS_LAYERS_HOST.update(REDIS_LAYERS_SSL_PARAMS) + if REDIS_SENTINEL_SERVICE_NAME and REDIS_SENTINELS: - REDIS_HOST['sentinels'] = REDIS_SENTINELS - REDIS_HOST['master_name'] = REDIS_SENTINEL_SERVICE_NAME - REDIS_HOST['sentinel_kwargs'] = { + REDIS_LAYERS_HOST['sentinels'] = REDIS_SENTINELS + REDIS_LAYERS_HOST['master_name'] = REDIS_SENTINEL_SERVICE_NAME + REDIS_LAYERS_HOST['sentinel_kwargs'] = { 'password': REDIS_SENTINEL_PASSWORD, 'socket_timeout': REDIS_SENTINEL_SOCKET_TIMEOUT } else: - REDIS_HOST['address'] = (CONFIG.REDIS_HOST, CONFIG.REDIS_PORT) + # More info see: https://github.com/django/channels_redis/issues/334 + # REDIS_LAYERS_HOST['address'] = (CONFIG.REDIS_HOST, CONFIG.REDIS_PORT) + REDIS_LAYERS_ADDRESS = '{protocol}://:{password}@{host}:{port}/{db}'.format( + protocol=REDIS_PROTOCOL, password=CONFIG.REDIS_PASSWORD, + host=CONFIG.REDIS_HOST, port=CONFIG.REDIS_PORT, db=CONFIG.REDIS_DB_WS + ) + REDIS_LAYERS_SSL_PARAMS.pop('ssl', None) + REDIS_LAYERS_HOST['address'] = '{}?{}'.format(REDIS_LAYERS_ADDRESS, urlencode(REDIS_LAYERS_SSL_PARAMS)) CHANNEL_LAYERS = { 'default': { 'BACKEND': 'common.cache.RedisChannelLayer', 'CONFIG': { - "hosts": [REDIS_HOST], + "hosts": [REDIS_LAYERS_HOST], }, }, } + ASGI_APPLICATION = 'jumpserver.routing.application' # Dump all celery log to here @@ -138,7 +146,7 @@ if REDIS_SENTINEL_SERVICE_NAME and REDIS_SENTINELS: CELERY_BROKER_TRANSPORT_OPTIONS = CELERY_RESULT_BACKEND_TRANSPORT_OPTIONS = SENTINEL_OPTIONS else: CELERY_BROKER_URL = CELERY_BROKER_URL_FORMAT % { - 'protocol': 'rediss' if REDIS_USE_SSL else 'redis', + 'protocol': REDIS_PROTOCOL, 'password': CONFIG.REDIS_PASSWORD, 'host': CONFIG.REDIS_HOST, 'port': CONFIG.REDIS_PORT,