From ea158f94a14090cdc2ca6ea8ac49434a69473c58 Mon Sep 17 00:00:00 2001 From: Kevin De Pelseneer Date: Wed, 3 Jun 2026 16:53:12 +0200 Subject: [PATCH 1/4] Add password authentication to redis --- docker-compose.yml | 19 ++++++++++++++++--- docker/redis.env | 1 + 2 files changed, 17 insertions(+), 3 deletions(-) create mode 100644 docker/redis.env diff --git a/docker-compose.yml b/docker-compose.yml index 6d9145b17f..cc911de4e1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,9 +9,10 @@ x-shared: SOLR_PORT: 8983 SOLR_HOST: solr RAILS_LOG_LEVEL: info # debug, info, warn, error or fatal - REDIS_URL: redis://redis_store:6379/0 + REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379/0 env_file: - docker/db.env + - docker/redis.env volumes: - seek-filestore:/seek/filestore - seek-cache:/seek/tmp/cache @@ -56,12 +57,24 @@ services: redis_store: image: redis:8.6-alpine container_name: seek-session-store - command: ["redis-server", "--appendonly", "yes"] + command: + - redis-server + - --appendonly + - "yes" + - --requirepass + - "${REDIS_PASSWORD}" + env_file: + - docker/redis.env volumes: - seek-redis-data:/data restart: always healthcheck: - test: ["CMD", "redis-cli", "ping"] + test: + [ + "CMD", + "redis-cli -a \"$${REDIS_PASSWORD}\"", + "ping | grep PONG" + ] interval: 5s timeout: 3s retries: 5 diff --git a/docker/redis.env b/docker/redis.env new file mode 100644 index 0000000000..5cbae9a4a1 --- /dev/null +++ b/docker/redis.env @@ -0,0 +1 @@ +REDIS_PASSWORD=seek_redis_password \ No newline at end of file From 78168cacaf443d2c024bedd63eb12be152bd1d1e Mon Sep 17 00:00:00 2001 From: Kevin De Pelseneer Date: Wed, 1 Jul 2026 14:20:58 +0200 Subject: [PATCH 2/4] Fix authentication --- docker-compose.yml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index cc911de4e1..58e089db60 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,7 @@ x-shared: SOLR_PORT: 8983 SOLR_HOST: solr RAILS_LOG_LEVEL: info # debug, info, warn, error or fatal - REDIS_URL: redis://:${REDIS_PASSWORD}@redis:6379/0 + REDIS_URL: "redis://:$$REDIS_PASSWORD@redis_store:6379/0" env_file: - docker/db.env - docker/redis.env @@ -58,11 +58,9 @@ services: image: redis:8.6-alpine container_name: seek-session-store command: - - redis-server - - --appendonly - - "yes" - - --requirepass - - "${REDIS_PASSWORD}" + - sh + - -c + - redis-server --appendonly yes --requirepass "$$REDIS_PASSWORD" env_file: - docker/redis.env volumes: @@ -71,9 +69,8 @@ services: healthcheck: test: [ - "CMD", - "redis-cli -a \"$${REDIS_PASSWORD}\"", - "ping | grep PONG" + "CMD-SHELL", + "redis-cli -a \"$$REDIS_PASSWORD\" ping | grep PONG" ] interval: 5s timeout: 3s From abe3ff453afde0d09e38027b6d4922b56a25bc1a Mon Sep 17 00:00:00 2001 From: Kevin De Pelseneer Date: Wed, 1 Jul 2026 16:30:36 +0200 Subject: [PATCH 3/4] Pass host and password separately --- config/initializers/session_store.rb | 9 ++++++++- docker-compose.yml | 1 - docker/redis.env | 3 ++- 3 files changed, 10 insertions(+), 3 deletions(-) diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index df8993cf93..053098f5b3 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -1,6 +1,13 @@ # Be sure to restart your server when you modify this file. -session_url = "#{ENV.fetch('REDIS_URL', 'redis://localhost:6379/0')}/session" +redis_host = ENV.fetch('REDIS_HOST', 'localhost') +redis_password = ENV.fetch('REDIS_PASSWORD', nil) +session_url = + if redis_password.present? + "redis://:#{redis_password}@#{redis_host}:6379/0/session" + else + "redis://#{redis_host}:6379/0/session" + end session_options = { servers: [session_url], diff --git a/docker-compose.yml b/docker-compose.yml index 58e089db60..044979183a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -9,7 +9,6 @@ x-shared: SOLR_PORT: 8983 SOLR_HOST: solr RAILS_LOG_LEVEL: info # debug, info, warn, error or fatal - REDIS_URL: "redis://:$$REDIS_PASSWORD@redis_store:6379/0" env_file: - docker/db.env - docker/redis.env diff --git a/docker/redis.env b/docker/redis.env index 5cbae9a4a1..3075830eae 100644 --- a/docker/redis.env +++ b/docker/redis.env @@ -1 +1,2 @@ -REDIS_PASSWORD=seek_redis_password \ No newline at end of file +REDIS_PASSWORD=seek_redis_password +REDIS_HOST=redis_store \ No newline at end of file From 9aebeafb289230b55f828cfea6e38a56d404ef2d Mon Sep 17 00:00:00 2001 From: Kevin De Pelseneer Date: Wed, 1 Jul 2026 16:45:51 +0200 Subject: [PATCH 4/4] URL encode password --- config/initializers/session_store.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/initializers/session_store.rb b/config/initializers/session_store.rb index 053098f5b3..0cfabd8412 100644 --- a/config/initializers/session_store.rb +++ b/config/initializers/session_store.rb @@ -4,7 +4,7 @@ redis_password = ENV.fetch('REDIS_PASSWORD', nil) session_url = if redis_password.present? - "redis://:#{redis_password}@#{redis_host}:6379/0/session" + "redis://:#{CGI::escape(redis_password)}@#{redis_host}:6379/0/session" else "redis://#{redis_host}:6379/0/session" end