AWS ElastiCache Redis can't connect from Laravel nad from redis-cli
I know this is pretty old but I was having the same issue myself. If anyone encounters this issue then see the solution here and here.
It seems that when you enable Encryption in-transit
in AWS Elasticache it prevents you from using redis-cli as it doesn't support TLS connections. Switching to another client should work. This answer has a list of TLS enabled clients.
Edit:
Did some more digging and found that using stunnel
you can wrap your connection of redis-cli with ssl. Here is a guide for doing it.
Related: Laravel + Redis Cache via SSL?
To which I've answered here: https://stackoverflow.com/a/48876398/663058
Relevant details below:
Since you have clustering and TLS then you'll need a different config entirely:
'redis' => [
'client' => 'predis',
'cluster' => env('REDIS_CLUSTER', false),
// Note! for single redis nodes, the default is defined here.
// keeping it here for clusters will actually prevent the cluster config
// from being used, it'll assume single node only.
//'default' => [
// ...
//],
// #pro-tip, you can use the Cluster config even for single instances!
'clusters' => [
'default' => [
[
'scheme' => env('REDIS_SCHEME', 'tcp'),
'host' => env('REDIS_HOST', 'localhost'),
'password' => env('REDIS_PASSWORD', null),
'port' => env('REDIS_PORT', 6379),
'database' => env('REDIS_DATABASE', 0),
],
],
'options' => [ // Clustering specific options
'cluster' => 'redis', // This tells Redis Client lib to follow redirects (from cluster)
]
],
'options' => [
'parameters' => [ // Parameters provide defaults for the Connection Factory
'password' => env('REDIS_PASSWORD', null), // Redirects need PW for the other nodes
'scheme' => env('REDIS_SCHEME', 'tcp'), // Redirects also must match scheme
],
'ssl' => ['verify_peer' => false], // Since we dont have TLS cert to verify
]
]
Explaining the above:
'client' => 'predis'
: This specifies the PHP Library Redis driver to use (predis).'cluster' => 'redis'
: This tells Predis to assume server-side clustering. Which just means "follow redirects" (e.g.-MOVED
responses). When running with a cluster, a node will respond with a-MOVED
to the node that you must ask for a specific key.- If you don't have this enabled with Redis Clusters, Laravel will throw a
-MOVED
exception 1/n times, n being the number of nodes in Redis cluster (it'll get lucky and ask the right node every once in awhile)
- If you don't have this enabled with Redis Clusters, Laravel will throw a
'clusters' => [...]
: Specifies a list of nodes, but setting just a 'default' and pointing it to the AWS 'Configuration endpoint' will let it find any/all other nodes dynamically (recommended for Elasticache, because you don't know when nodes are comin' or goin').'options'
: For Laravel, can be specified at the top-level, cluster-level, and node option. (they get combined in Illuminate before being passed off to Predis)'parameters'
: These 'override' the default connection settings/assumptions that Predis uses for new connections. Since we set them explicitly for the 'default' connection, these aren't used. But for a cluster setup, they are critical. A 'master' node may send back a redirect (-MOVED
) and unless the parameters are set forpassword
andscheme
it'll assume defaults, and that new connection to the new node will fail.
If you are using predis as client.
Then you can change Redis connection in config/database.php
'redis' => [
'client' => 'predis',
'default' => [
'scheme' => 'tls',
'host' => env('REDIS_HOST', '127.0.0.1'),
'password' => env('REDIS_PASSWORD', null),
'port' => env('REDIS_PORT', 6379),
'database' => 0,
],
],
You can add 'scheme' in that.
I am using Laravel 5.8 And then everything works great within Laravel.
But yes, as Redis doesn't provide TLS connection so redis-cli will still not work.