Hi @all ,
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'redis' => [
'host' => 'foo.foo.foo',
'port' => '6379',
'password' => [
'user' => 'my_user',
'password' => 'my_pw,
],
],
But when nc connects to the redis server it fails on redis with:Error accepting a client connection: error:1408F10B:SSL routines:ssl3_get_record:wrong version number (conn: fd=8)
$redis->pconnect('tls://127.0.0.1', 6379); // enable transport level security.
But set the host name simple to tls://ffo… will only result in an hanging php.
Environment:
Thank for any ideas.
Now I have found the problem. NC can’t handle redis6
if (isset($config['password']) && $config['password'] !== '') {
$this->instance->auth([$config['user'], $config['password']]);
}
I added an user filed. And set phpredis only to use tls1.2 because there exits an bug using tls 1.3 under php:
opened 02:12PM - 17 Mar 20 UTC
closed 05:54PM - 01 Jul 20 UTC
Hi,
After upgrading to PHP 7.4 has been appeared a problem with random auth()… freezing.
The same script executed with php 7.3.15 (with same phpredis version) works fine.
It seems that execution is stopped until server-side TCP keepalive timeout reached.
As there are the same phpredis versions, I'm not sure that it is a phpredis issue. But maybe somebody can help in future investigation.
But it seems strange that read timeout option does not affects the auth call.
### Expected behaviour
auth() should throw read timeout exception after 5 seconds
### Actual behaviour
execution stopped for 300 seconds until TCP keepalive timeout reached
### I'm seeing this behaviour on
- OS: Ubuntu 18.04.4 LTS
- Redis: 5.0.6 (digitalocean managed instance)
- PHP: 7.4.3
- phpredis: 5.2.0
### Steps to reproduce, backtrace or example script
example script:
```php
<?php
function l($message)
{
global $current;
echo $message . ' (' . (microtime(true) - $current) . ')' . PHP_EOL;
$current = microtime(true);
}
ini_set('default_socket_timeout', 5);
$start = microtime(true);
$current = microtime(true);
l('start');
$redis = new Redis();
if (!$redis->connect('tls://redis-instance', 25061, 5, null, 5, 5)) {
throw new RuntimeException($redis->getLastError());
}
l('connected');
$redis->setOption(Redis::OPT_READ_TIMEOUT, 5);
l('option is set');
$redis->auth('some-password');
l('auth complete');
$redis->select(4);
l('db selected');
echo 'Total: ' . (microtime(true) - $start) . PHP_EOL;
```
occasionally this script hangs up for 300 seconds:
```
user:~$ while true; do php redis.php; done
start (5.9604644775391E-6)
connected (0.017167091369629)
option is set (5.0067901611328E-6)
auth complete (0.00058794021606445)
db selected (0.00032281875610352)
Total: 0.018187999725342
start (4.0531158447266E-6)
connected (0.012931108474731)
option is set (7.1525573730469E-6)
auth complete (0.00078892707824707)
db selected (0.00040698051452637)
Total: 0.014256000518799
start (4.0531158447266E-6)
connected (0.01163911819458)
option is set (1.0967254638672E-5)
auth complete (300.07370495796)
db selected (0.00037598609924316)
Total: 300.08729100227
```
strace log:
```
write(3, "\27\3\3\0006[O\21\240\275|H\243\356\344\16\277\215\243\362h;\350*<N@\24\25\225\254["..., 59) = 59
fcntl(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl(3, F_SETFL, O_RDWR) = 0
poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
read(3, "\27\3\3\0\26", 5) = 5
read(3, "\262\341\277k3\317O\3143X\232\313\310\2742\246\v\203\341\332T\261", 22) = 22
fcntl(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl(3, F_SETFL, O_RDWR) = 0
write(1, "2020-03-17 10:49:05 auth complet"..., 522020-03-17 10:49:05 auth complete (300.79558706284)
) = 52
poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
write(3, "\27\3\3\0(\245\360\223\217\252\375p\311\324\246\323\1\303\243\360\343\302\2:\214\5'\"\224\32\2500"..., 45) = 45
fcntl(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl(3, F_SETFL, O_RDWR) = 0
poll([{fd=3, events=POLLIN|POLLPRI|POLLERR|POLLHUP}], 1, 0) = 0 (Timeout)
fcntl(3, F_GETFL) = 0x2 (flags O_RDWR)
fcntl(3, F_SETFL, O_RDWR|O_NONBLOCK) = 0
read(3, "\27\3\3\0\26", 5) = 5
read(3, "\327n\353\321\367\354\317[\274&\316)\237C\304\305\275\343\4\266\334\10", 22) = 22
fcntl(3, F_GETFL) = 0x802 (flags O_RDWR|O_NONBLOCK)
fcntl(3, F_SETFL, O_RDWR) = 0
write(1, "2020-03-17 10:49:05 db selected "..., 542020-03-17 10:49:05 db selected (0.00063395500183105)
```
### I've checked
- [x] There is no similar issue from other users
- [x] Issue isn't fixed in `develop` branch
My new config:
'memcache.locking' => '\OC\Memcache\Redis',
'memcache.distributed' => '\OC\Memcache\Redis',
'memcache.local' =>'\OC\Memcache\Redis' ,
'redis' => [
'host' => 'tlsv1.2://foo.foo.foo',
'port' => '6379',
'password' => 'my_pw',
'user' => 'my_user'
],
I hope it will fixed by the developers.
Hi,
Could you share your redis.conf please?
Hi @skjnldsv ,
bind XXX.XXX.XXX.XXX
protected-mode yes
port 0
tcp-backlog 511
timeout 0
tcp-keepalive 300
daemonize no
supervised no
pidfile /var/run/redis_6379.pid
loglevel notice
logfile /var/log/redis/redis.log
databases 16
always-show-logo yes
save 900 1
save 300 10
save 60 10000
stop-writes-on-bgsave-error yes
rdbcompression yes
rdbchecksum yes
dbfilename dump.rdb
rdb-del-sync-files no
dir /var/lib/redis
replica-serve-stale-data yes
replica-read-only yes
repl-diskless-sync no
repl-diskless-sync-delay 5
repl-diskless-load disabled
repl-disable-tcp-nodelay no
replica-priority 100
acllog-max-len 128
lazyfree-lazy-eviction no
lazyfree-lazy-expire no
lazyfree-lazy-server-del no
replica-lazy-flush no
lazyfree-lazy-user-del no
oom-score-adj no
oom-score-adj-values 0 200 800
appendonly no
appendfilename "appendonly.aof"
appendfsync everysec
no-appendfsync-on-rewrite no
auto-aof-rewrite-percentage 100
auto-aof-rewrite-min-size 64mb
aof-load-truncated yes
aof-use-rdb-preamble yes
lua-time-limit 5000
slowlog-log-slower-than 10000
slowlog-max-len 128
latency-monitor-threshold 0
notify-keyspace-events ""
hash-max-ziplist-entries 512
hash-max-ziplist-value 64
list-max-ziplist-size -2
list-compress-depth 0
set-max-intset-entries 512
zset-max-ziplist-entries 128
zset-max-ziplist-value 64
hll-sparse-max-bytes 3000
stream-node-max-bytes 4096
stream-node-max-entries 100
activerehashing yes
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit replica 256mb 64mb 60
client-output-buffer-limit pubsub 32mb 8mb 60
hz 10
dynamic-hz yes
aof-rewrite-incremental-fsync yes
rdb-save-incremental-fsync yes
jemalloc-bg-thread yes
aclfile /etc/redis/acl
tls-port 6379
tls-ca-cert-file /etc/pki/tls/certs/ca-bundle.crt
tls-key-file /etc/pki/tls/private/redis.key
tls-cert-file /etc/pki/tls/certs/redis_full.pem
tls-auth-clients optional
tls-protocols "TLSv1.2 TLSv1.3"
#tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
tls-session-caching no
tls-replication yes
tls-cluster yes
unixsocket /var/run/redis/redis.socke
unixsocketperm 660
tls-dh-params-file /etc/pki/tls/private/redis.dh
tls-ciphersuites TLS_CHACHA20_POLY1305_SHA256
Hi, I’m a bit confused by the usage of user/pass while your config does not have those set?
Hi @skjnldsv this line is the trick:
aclfile /etc/redis/acl
With this line you instruct redis to read the user/passwords from an external file. This will be used, when you use an config management system like puppet. So that the user management can be spilt out from the main config file.
Thanks,
But can you connect to your redis server without providing the certificates?
Yes, I only send the user/password true the tls connection without presenting an client certificate.
CJ056
August 26, 2023, 5:19am
9
