Patrick Altman
How to turn off SSL Verification for django-rq on Heroku Redis

How to turn off SSL Verification for django-rq on Heroku Redis

There is an issue with Heroku's latest Redis version (v6) with the SSL connection. Heroku uses self-signed certificates that you can't verify. The recommendation is to turn off verification in your client.

This recommendation is simple enough to apply if connecting to Redis directly using the py-redis client; however, when going through django-rq, it's not as clear.

For the client, you simply pass in ssl_cert_reqs as None when creating an instance of the client:

url = urlparse(settings.REDIS_URL)redis.StrictRedis(    host=url.hostname,    password=url.password,    port=url.port,    db=settings.RQ_DATABASE,    ssl=True,    ssl_cert_reqs=None,)

The current instructions for django-rq don't mention how to pass in ssl_cert_reqs as None in your RQ_QUEUES configuration. A little digging in the code reveals that you can pass in SSL_CERT_REQS but only if you define each connection parameter instead of the URL option.

So, if you find yourself hitting SSL verification errors on Heroku when using django-rq and the latest Redis add-on, perhaps adjust your configuration to:

    RQ_QUEUES = {        "queue_one": {            "HOST": url.hostname,            "USERNAME": url.username,            "PASSWORD": url.password,            "PORT": url.port,            "DB": RQ_DATABASE,            "SSL": True,            "SSL_CERT_REQS": None,        },    }

I have created a pull request to enable you to continue using the URL configuration option for more concise settings without having to parse the REDIS_URL setting that Heroku provides. If you install this fork, you can use:

    RQ_QUEUES = {        "queue_one": {            "URL": os.env.get("REDIS_URL"),            "DB": RQ_DATABASE,            "SSL": True,            "SSL_CERT_REQS": None,        },    }

Hopefully, the PR will be accepted soon and a new release cut.

Would love to hear from you. You can find me on Twitter @paltman