feat: add Redis SSL/TLS certificate authentication support#23624
Merged
GarfieldDai merged 1 commit intomainfrom Aug 18, 2025
Merged
feat: add Redis SSL/TLS certificate authentication support#23624GarfieldDai merged 1 commit intomainfrom
GarfieldDai merged 1 commit intomainfrom
Conversation
dosubot
bot
added
size:L
laipz8200
force-pushed
the
clock
branch
2 times, most recently
from
5503dc0 to
0980054
Compare
- Add comprehensive SSL configuration parameters for Redis connections - Support client certificate authentication with cert/key files - Add configurable certificate verification modes (CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED) - Fix SSL constant usage by replacing None with ssl.CERT_NONE - Refactor Redis client initialization for better code organization - Update environment variables and Docker compose configuration Closes #23623 fix: add SSL/TLS support for Celery Redis connections - Extract SSL configuration logic into _get_celery_ssl_options() function - Use REDIS_USE_SSL flag consistently with main Redis client configuration - Apply same SSL certificate settings (CA cert, client cert/key) to Celery - Support all certificate verification modes (CERT_NONE, CERT_OPTIONAL, CERT_REQUIRED) - Apply SSL configuration to both broker and backend when using Redis - Add comprehensive unit tests for SSL configuration scenarios This ensures Celery workers can connect to Redis with SSL/TLS enabled, using the same security configuration as the main application. [autofix.ci] apply automated fixes fix: resolve type error and formatting issues for dev/reformat - Add validation check for REDIS_SENTINEL_SERVICE_NAME to fix mypy type error - Ensure service name is set when using Redis Sentinel configuration - Clean up test file formatting (remove unused import, fix EOF newline) - All checks now pass: ruff, mypy, and tests
bowenliang123
pushed a commit
to bowenliang123/dify
that referenced
this pull request
Aug 18, 2025
asukaminato0721
added a commit
to asukaminato0721/dify
that referenced
this pull request
Aug 20, 2025
* Restore useLabelStore mistakenly removed in commit 403e2d5 (langgenius#24052) Co-authored-by: Yongtao Huang <[email protected]> Co-authored-by: crazywoola <[email protected]> * chore: synchronize translations (langgenius#24044) * feat: add testcontainers based tests for metadata service (langgenius#24048) * feat: add testcontainers based tests for model loadbalancing service (langgenius#24066) * feat: add select input support to the conversation opener (langgenius#24043) * feat: add CLAUDE.md for LLM-assisted development guidance (langgenius#23946) * feat: add Redis SSL/TLS certificate authentication support (langgenius#23624) * Fix sticky table header transparency with backdrop-filter blur in dark mode (langgenius#23999) * fix: update first_id logic to use the oldest answer item in chat messages (langgenius#23992) Co-authored-by: Copilot <[email protected]> Co-authored-by: crazywoola <[email protected]> * refactor: improve loading animation and debug panel styles (langgenius#24075) * fix(oauth): redis compatibility (langgenius#23959) * feat: enchance prompt and code (langgenius#23633) Co-authored-by: stream <[email protected]> Co-authored-by: Stream <[email protected]> Co-authored-by: Stream <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * fix: return empty list instead of raising exception for qdrant search when score_threshold is 1 (langgenius#24032) * chore: translate i18n files (langgenius#24081) Co-authored-by: Stream29 <[email protected]> * fix: no current code caused code generation show error (langgenius#24086) * fix(ui): Optimize UI component styles and layouts (langgenius#24090) (langgenius#24092) * feat: no longer enable auto upgrade when marketplace is disabled (langgenius#24… (langgenius#24101) * Feature/improve goto anything commands (langgenius#24091) * chore: translate i18n files (langgenius#24102) Co-authored-by: crazywoola <[email protected]> * fix pg_vector extension requires SUPERUSER, but not available on Huawei Cloud RDS (langgenius#24093) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * Revert "fix pg_vector extension requires SUPERUSER, but not availabl… (langgenius#24108) * fix: validate checklist before publishing workflow (langgenius#24104) * Chore: remove some dead code in experience-enhance-group (langgenius#24110) Co-authored-by: Yongtao Huang <[email protected]> * fix: treat default template of code as empty (langgenius#24106) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * Bump pyobvector to 0.2.15 (langgenius#24120) * Use typing.Literal to replace str places (langgenius#24099) Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * feat: add delete avatar functionality with confirmation modal (langgenius#24127) Co-authored-by: crazywoola <[email protected]> * chore: translate i18n files (langgenius#24131) Co-authored-by: crazywoola <[email protected]> * an example of suppress (langgenius#24136) * feat: add testcontainers based tests for feature service (langgenius#24026) * feat: Implements periodic deletion of workflow run logs that exceed t… (langgenius#23881) Co-authored-by: shiyun.li973792 <[email protected]> Co-authored-by: 1wangshu <[email protected]> Co-authored-by: Blackoutta <[email protected]> Co-authored-by: crazywoola <[email protected]> * try ast-grep (langgenius#24149) * fix: correct behaviour of code fix (langgenius#24152) Co-authored-by: Joel <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> * Fix number input in tool configure form of agent node tool item (langgenius#24154) * Remove the second `if self.runtime is None:` check (langgenius#24171) Co-authored-by: Yongtao Huang <[email protected]> * Fix: correctly match http/https URLs in image upload file (langgenius#24180) * feat: add testcontainers based tests for model provider service (langgenius#24193) * Fix: replace `get_builtin_provider` with `get_plugin_provider` (langgenius#24191) * docs: format all md files (langgenius#24195) Signed-off-by: yihong0618 <[email protected]> * hotfix: fix multiple case match syntax (langgenius#24204) --------- Signed-off-by: yihong0618 <[email protected]> Co-authored-by: Yongtao Huang <[email protected]> Co-authored-by: Yongtao Huang <[email protected]> Co-authored-by: crazywoola <[email protected]> Co-authored-by: lyzno1 <[email protected]> Co-authored-by: NeatGuyCoding <[email protected]> Co-authored-by: Zhehao Peng <[email protected]> Co-authored-by: -LAN- <[email protected]> Co-authored-by: Guangdong Liu <[email protected]> Co-authored-by: Copilot <[email protected]> Co-authored-by: Wu Tianwei <[email protected]> Co-authored-by: Maries <[email protected]> Co-authored-by: Joel <[email protected]> Co-authored-by: stream <[email protected]> Co-authored-by: Stream <[email protected]> Co-authored-by: Stream <[email protected]> Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com> Co-authored-by: Bo Wu <[email protected]> Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com> Co-authored-by: Stream29 <[email protected]> Co-authored-by: HyaCinth <[email protected]> Co-authored-by: Junyan Qin (Chin) <[email protected]> Co-authored-by: GuanMu <[email protected]> Co-authored-by: Elvis_LEE <[email protected]> Co-authored-by: He Wang <[email protected]> Co-authored-by: crazywoola <[email protected]> Co-authored-by: 9527MrLi <[email protected]> Co-authored-by: shiyun.li973792 <[email protected]> Co-authored-by: 1wangshu <[email protected]> Co-authored-by: Blackoutta <[email protected]> Co-authored-by: KVOJJJin <[email protected]> Co-authored-by: yihong <[email protected]>
qiqizjl
pushed a commit
to qiqizjl/dify
that referenced
this pull request
Aug 27, 2025
6 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Changes
New Features
Technical Improvements
Nonewith properssl.CERT_NONE)Configuration
New environment variables added:
REDIS_SSL_CERT_REQS: Certificate verification modeREDIS_SSL_CA_CERTS: Path to CA certificate fileREDIS_SSL_CERTFILE: Path to client certificate fileREDIS_SSL_KEYFILE: Path to client private key fileTesting
Security Considerations