Redis (Unix) Socket? #5077
Description
Describe your question/
Is it possible to run an authentik docker container (server and worker) with a redis unix socket rather than tcp?
Directly overwriting redis variables via user_settings.py doesn't appear to modify anything despite @BeryJu suggesting in pull request #4036 it should be viable.
Relevant infos
Docker compose:
version: '3.4'
services:
server:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:latest
restart: unless-stopped
command: server
environment:
AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER}
AUTHENTIK_POSTGRESQL__NAME: ${PG_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_REDIS__HOST: ${REDIS_HOST}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
AUTHENTIK_LISTEN__HTTP: ${AUTHENTIK_LISTEN__HTTP}
AUTHENTIK_LISTEN__HTTPS: ${AUTHENTIK_LISTEN__HTTPS}
volumes:
- ./media:/media
- ./custom-templates:/templates
- /run/redis/redis-server.sock:/run/redis/redis-server.sock
- /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432
- ./user_settings.py:/data/user_settings.py
ports:
- "${AUTHENTIK_PORT_HTTP}:${AUTHENTIK_PORT_HTTP}"
- "${AUTHENTIK_PORT_HTTPS}:${AUTHENTIK_PORT_HTTPS}"
worker:
image: ${AUTHENTIK_IMAGE:-ghcr.io/goauthentik/server}:latest
restart: unless-stopped
command: worker
environment:
AUTHENTIK_POSTGRESQL__HOST: ${PG_HOST}
AUTHENTIK_POSTGRESQL__USER: ${PG_USER}
AUTHENTIK_POSTGRESQL__NAME: ${PG_NAME}
AUTHENTIK_POSTGRESQL__PASSWORD: ${PG_PASS}
AUTHENTIK_REDIS__HOST: ${REDIS_HOST}
AUTHENTIK_SECRET_KEY: ${AUTHENTIK_SECRET_KEY}
user: authentik
volumes:
- ./media:/media
- ./certs:/certs
- ./custom-templates:/templates
- /run/docker.sock:/var/run/docker.sock
- /run/redis/redis-server.sock:/run/redis/redis-server.sock
- /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432
- ./user_settings.py:/data/user_settings.py
I didn't include the definition for ${REDIS_HOST} as sockets cannot be passed via environmental variables per pull 4036.
Logs
DBG undefined | event=Loaded config logger=authentik.lib.config timestamp=1679734632.5913134 file=/authentik/lib/default.yml
DBG undefined | event=Loaded environment variables logger=authentik.lib.config timestamp=1679734632.5915806 count=7
INF undefined | event=Starting authentik bootstrap logger=authentik.lib.config timestamp=1679734632.59165
INF undefined | event=PostgreSQL connection successful logger=authentik.lib.config timestamp=1679734632.5988
INF undefined | event=Redis Connection failed, retrying... (Error 99 connecting to localhost:6379. Cannot assign requested address.) logger=authentik.lib.config timestamp=1679734633.600902 redis_url=redis://:@localhost:6379/0
Version and Deployment (please complete the following information):
- authentik version: 2023.3
- Deployment: docker-compose
Additional context
docker exec -it authentik-stack-server-1 bash
authentik@283a42f97c09:/$ cd /data
authentik@283a42f97c09:/data$ ls -la
total 27
drwxr-xr-x 2 root root 3 Mar 25 08:24 .
drwxr-xr-x 33 root root 39 Mar 25 08:24 ..
-rw-rw-r-- 1 1022 _runit-log 16463 Mar 25 08:45 user_settings.py
authentik@283a42f97c09:/data$ cat user_settings.py | grep redis
REDIS_PROTOCOL_PREFIX = "redis://"
if CONFIG.y_bool("redis.tls", False):
REDIS_PROTOCOL_PREFIX = "rediss://"
REDIS_CELERY_TLS_REQUIREMENTS = f"?ssl_cert_reqs={CONFIG.y('redis.tls_reqs')}"
_redis_url = (
f"{quote_plus(CONFIG.y('redis.password'))}@{quote_plus(CONFIG.y('redis.host'))}:"
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": 'unix://run/redis/redis-server.sock',
"TIMEOUT": int(CONFIG.y("redis.cache_timeout", 300)),
"OPTIONS": {"CLIENT_CLASS": "django_redis.client.DefaultClient"},
"BACKEND": "channels_redis.core.RedisChannelLayer",
"BACKEND": "django_redis.cache.RedisCache",
"LOCATION": 'unix://run/redis/redis-server.sock',
CELERY_BROKER_URL = 'redis+socket:///run/redis/redis-server.sock'
CELERY_RESULT_BACKEND = 'redis+socket:///run/redis/redis-server.sock'
"redis": "WARNING",
authentik@283a42f97c09:/data$