Hi,
We are currently using the local_redislock plugin in a Moodle 4.5 environment where the Redis server requires TLS/SSL connections (such as Azure Redis or AWS ElastiCache).
At the moment, the plugin connects using:
$redis->connect($server, $port);
which only supports plain TCP connections.
When attempting to connect to a Redis server on port 6380 (TLS), this results in:
RedisException: read error on connection to :6380
To make the plugin compatible with secure Redis instances, it would be very helpful to allow connecting via TLS, similar to Moodle’s native Redis session handler ($CFG->session_redis_encrypt).
Suggested Change:
Modify the bootstrap_redis() method in
local/redislock/classes/lock/redis_lock_factory.php
to detect an optional $CFG->local_redislock_redis_ssl configuration and, if present, connect using tls:// and pass the SSL context options.
Example implementation:
if (!empty($CFG->local_redislock_redis_ssl)) {
$redis->connect("tls://{$server}", (int)$port, 0, null, 0, 0, $CFG->local_redislock_redis_ssl);
} else {
$redis->connect($server, (int)$port);
}
And the corresponding config.php entry:
$CFG->local_redislock_redis_server = 'myredis.redis.cache.windows.net:6380';
$CFG->local_redislock_redis_auth = 'your_redis_password';
$CFG->local_redislock_redis_ssl = [
'verify_peer' => false,
'verify_peer_name' => false,
];
Benefits:
Full compatibility with Redis services that require encrypted connections (TLS).
Behavior consistent with Moodle’s core Redis session handler.
Backward compatible (no impact on existing installations without $CFG->local_redislock_redis_ssl).
Would you consider adding this small enhancement in the next release?
We’ve tested this modification locally and it works perfectly with Azure Redis over TLS (port 6380).
Thank you for maintaining this excellent plugin!
Hi,
We are currently using the local_redislock plugin in a Moodle 4.5 environment where the Redis server requires TLS/SSL connections (such as Azure Redis or AWS ElastiCache).
At the moment, the plugin connects using:
$redis->connect($server, $port);
which only supports plain TCP connections.
When attempting to connect to a Redis server on port 6380 (TLS), this results in:
RedisException: read error on connection to :6380
To make the plugin compatible with secure Redis instances, it would be very helpful to allow connecting via TLS, similar to Moodle’s native Redis session handler ($CFG->session_redis_encrypt).
Suggested Change:
Modify the bootstrap_redis() method in
local/redislock/classes/lock/redis_lock_factory.php
to detect an optional $CFG->local_redislock_redis_ssl configuration and, if present, connect using tls:// and pass the SSL context options.
Example implementation:
if (!empty($CFG->local_redislock_redis_ssl)) {
$redis->connect("tls://{$server}", (int)$port, 0, null, 0, 0, $CFG->local_redislock_redis_ssl);
} else {
$redis->connect($server, (int)$port);
}
And the corresponding config.php entry:
$CFG->local_redislock_redis_server = 'myredis.redis.cache.windows.net:6380';
$CFG->local_redislock_redis_auth = 'your_redis_password';
$CFG->local_redislock_redis_ssl = [
'verify_peer' => false,
'verify_peer_name' => false,
];
Benefits:
Full compatibility with Redis services that require encrypted connections (TLS).
Behavior consistent with Moodle’s core Redis session handler.
Backward compatible (no impact on existing installations without $CFG->local_redislock_redis_ssl).
Would you consider adding this small enhancement in the next release?
We’ve tested this modification locally and it works perfectly with Azure Redis over TLS (port 6380).
Thank you for maintaining this excellent plugin!