TLS support for redis

[toriath]

Summary

As discussed in #1833 we'd like to connect shlink to redis using tls.

Passing the REDIS_SERVERS variable as tls://<host>:<port> does not seem to be sufficient for this.

[acelaya]

Hey @toriath, I have been testing this, and connecting to a redis server through TLS works for me by just using tls or rediss for the server schema.

I have tried it creating a redis server in Digital Ocean, because they are exposed to the internet by default and they use encryption by default.

If I set tcp as the schema, the connection fails, so I assume it is working.

I had the intention to test with an AWS instance, but they do not seem to allow exposing ElasticCache clusters to the internet anymore, which makes debugging a bit harder for me, as I would have to set-up an EC2 instance on the VPC, SSH to it, and build all the reproduction steps there.

But I suppose there's something different on AWS side that needs extra config. Perhaps they use self-signed certificates or something like that.

Could you try running latest Shlink connecting to your redis cluster via tls, but passing the env var SHELL_VERBOSITY=3? That should print more detailed information on why the connection to redis fails.

[acelaya]

Ok, no worries. I set-up a VPC + Elasticache server with in-transit encryption + a Shlink docker container, and verified it does not work with v3.6.4, but it works with v3.7.0-beta.1, which includes some extra changes for TLS connections 🙂

Later today or tomorrow, I'll release v3.7.0