skip to Main Content

Problem

When I upgraded from the Heroku Redis Hobby plan to the Heroku Redis Premium 0 plan, Heroku kept crashing with an H10 error.

2

Answers


  1. Chosen as BEST ANSWER

    Cause

    Redis 6 requires TLS to connect. However, Heroku manages requests from the router level to the application level involving Self Signed Certs. Turns out, Heroku terminates SSL at the router level and requests are forwarded from there to the application via HTTP while everything is behind Heroku's Firewall and security measures.

    Links that helped track down the cause:

    https://ogirginc.github.io/en/heroku-redis-ssl-error

    How to enable TLS for Redis 6 on Sidekiq?

    Solution

    Customize the options passed into Redis so that tls.rejectUnauthorized is set to false.

    const Queue = require('bull');
    const redisUrlParse = require('redis-url-parse');
    
    const REDIS_URL = process.env.REDIS_URL || 'redis://127.0.0.1:6379';
    const redisUrlParsed = redisUrlParse(REDIS_URL);
    const { host, port, password } = redisUrlParsed;
    const bullOptions = REDIS_URL.includes('rediss://')
      ? {
          redis: {
            port: Number(port),
            host,
            password,
            tls: {
              rejectUnauthorized: false,
            },
          },
        }
      : REDIS_URL;
    
    const workQueue = new Queue('work', bullOptions);
    

  2. Adding (on top of yeoman great answer) –

    If you find yourself hitting SSL verification errors on Heroku when using django-rq and the latest Redis add-on –
    Know that the RQ_QUEUES definition on django’s settings.py supports SSL_CERT_REQS and you may specifically set it to None for solving these issues.
    ( inspired from https://paltman.com/how-to-turn-off-ssl-verify-django-rq-heroku-redis/ ).
    Note that it requires boosting django-rq to a version >= 2.5.1.

    That might be relevant for all users who apply Redis only for queuing (e.g. with RedisRQ) and not for caching.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search