This version implements client-side certificate authentication and allows this buildpack to be used alongside with the pgbouncer buildpack and share certificates with it.
First, ensure your Heroku Redis addon is using a production tier plan. SSL is not available when using the hobby tier.
Then set this buildpack as your initial buildpack with:
$ heroku buildpacks:add -i 1 heroku/redis
Then confirm you are using this buildpack as well as your language buildpack like so:
$ heroku buildpacks === frozen-potato-95352 Buildpack URLs 1. https://github.com/heroku/heroku-buildpack-redis.git 2. heroku/python
For more information on using multiple buildpacks check out this devcenter article.
Next, for each process that should connect to Redis securely, you will need to preface the command in
bin/start-stunnel. In this example, we want the
web process to use
a secure connection to Heroku Redis. The
worker process doesn't interact with Redis, so
bin/start-stunnel was not included:
$ cat Procfile web: bin/start-stunnel bundle exec unicorn -p $PORT -c ./config/unicorn.rb -E $RACK_ENV worker: bundle exec rake worker
We're then ready to deploy to Heroku with an encrypted connection between the dynos and Heroku Redis:
$ git push heroku master ... -----> Fetching custom git buildpack... done -----> Multipack app detected =====> Downloading Buildpack: https://github.com/heroku/heroku-buildpack-redis.git =====> Detected Framework: stunnel Using stunnel version: 5.02 Using stack version: cedar -----> Fetching and vendoring stunnel into slug -----> Moving the configuration generation script into app/bin -----> Moving the start-stunnel script into app/bin -----> stunnel done =====> Downloading Buildpack: https://github.com/heroku/heroku-buildpack-ruby.git =====> Detected Framework: Ruby/Rack -----> Using Ruby version: ruby-2.2.2 -----> Installing dependencies using Bundler version 1.7.12 ...
The buildpack will install and configure stunnel to connect to
REDIS_URL over a SSL connection. Prepend
to any process in the Procfile to run stunnel alongside that process.
Some settings are configurable through app config vars at runtime:
STUNNEL_ENABLED: Default to true, enable or disable stunnel.
STUNNEL_LOGLEVEL: Default is
notice, set to
debugfor more verbose log output.
yes- use pgbouncer buildpack variables for client side certificates and automatically sets
verify = 2mode.
4, see stunnel documentation on
verifyoption. Option is skipped if no value is provided.
If your application needs to connect to multiple Heroku Redis instances securely, this buildpack
will automatically create an Stunnel for each color Heroku Redis config var (
REDIS_URL config var. If you have Redis urls that aren't in one of these config vars you
will need to explicitly tell the buildpack that you need an Stunnel by setting the
config var to a list of the appropriate config vars:
$ heroku config:add REDIS_STUNNEL_URLS="CACHE_URL SESSION_STORE_URL"
heroku/redis buildpack points to the latest stable version of the buildpack published in the Buildpack Registry. To use the latest version of the buildpack (the code in this repository), run the following command:
$ heroku buildpacks:add https://github.com/heroku/heroku-buildpack-redis
Copy the snippet above into CLI.