Using AWS MemoryDB with Go Redis client

huangapple go评论89阅读模式
英文:

Using AWS MemoryDB with Go Redis client

问题

我正在使用go-redis库将AWS MemoryDB集群用作数据库。

我能够通过VPN连接到集群,但是以下命令行命令可以连接到数据库:

redis-cli --tls -u redis://<memory-db-endpoint> -p 6379

但是以下Go代码无法工作,并出现i/o timeout错误。

conf, err := redis.ParseURL("redis://$CLUSTER_ENDPOINT:6379")
if err != nil {
   panic(err)
}

cl := redis.NewClient(conf)
res, err := cl.Ping(context.Background()).Result()
if err != nil {
	panic(err)
}

如何建立与单节点AWS MemoryDB集群的连接?

英文:

I am using go-redis library to use AWS MemoryDB cluster as a database.

I am able to connect to cluster with VPN connection, however

the following cli command connects to database:

redis-cli --tls -u redis://<memory-db-endpoint> -p 6379

but the following Go code does not work and get i/o timeout error.

conf, err := redis.ParseURL("redis://$CLUSTER_ENDPOINT:6379")
if err != nil {
   panic(err)
}

cl := redis.NewClient(conf)
res, err := cl.Ping(context.Background()).Result()
if err != nil {
	panic(err)
}

what is needed to establish a connection with a single node AWS MemoryDB cluster?

答案1

得分: 2

Redis URIs with TLS must begin with "rediss://", not "redis://"; see https://www.iana.org/assignments/uri-schemes/prov/rediss for more information.

This code works:

conf, err := redis.ParseURL("rediss://$CLUSTER_ENDPOINT:6379")
if err != nil {
   panic(err)
}

cl := redis.NewClient(conf)
res, err := cl.Ping(context.Background()).Result()
if err != nil {
    panic(err)
}
英文:

Redis URIs with TLS must begin with "rediss://", not "redis://"; see https://www.iana.org/assignments/uri-schemes/prov/rediss for more information.

This code works:

conf, err := redis.ParseURL("rediss://$CLUSTER_ENDPOINT:6379")
if err != nil {
   panic(err)
}

cl := redis.NewClient(conf)
res, err := cl.Ping(context.Background()).Result()
if err != nil {
    panic(err)
}

答案2

得分: 1

问题是go-redis库不知道如何获取用于TLS连接的系统证书。

因此,以下是如何将系统证书池传递给连接配置的方法。

...

pool, err := x509.SystemCertPool()
if err != nil {
   panic(err)
}

conf.TLSConfig = &tls.Config{
    RootCAs: pool,
}

...
英文:

The problem is go-redis library does not know how to get system certificates for TLS connections.

So, here is how to pass system certificate pool to connection config.

...

pool, err := x509.SystemCertPool()
if err != nil {
   panic(err)
}

conf.TLSConfig = &tls.Config{
    RootCAs: pool,
}

...

huangapple
  • 本文由 发表于 2023年4月19日 03:41:21
  • 转载请务必保留本文链接:https://go.coder-hub.com/76048481.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定