From f5c8a2475686ba19e1c86bce91b614333f31293a Mon Sep 17 00:00:00 2001 From: Simon Guyennet Date: Wed, 21 Jan 2026 10:06:30 +0100 Subject: [PATCH] feat: Add support for Redis host TLS --- 31/apache/entrypoint.sh | 15 ++++++++++++--- 31/fpm-alpine/entrypoint.sh | 15 ++++++++++++--- 31/fpm/entrypoint.sh | 15 ++++++++++++--- 32/apache/entrypoint.sh | 15 ++++++++++++--- 32/fpm-alpine/entrypoint.sh | 15 ++++++++++++--- 32/fpm/entrypoint.sh | 15 ++++++++++++--- 6 files changed, 72 insertions(+), 18 deletions(-) diff --git a/31/apache/entrypoint.sh b/31/apache/entrypoint.sh index e3b88f147..09c332415 100755 --- a/31/apache/entrypoint.sh +++ b/31/apache/entrypoint.sh @@ -131,10 +131,19 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi # check if redis password has been set elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - if [ -n "${REDIS_HOST_USER+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + # check if redis host is using tls + if [ "$(echo "$REDIS_HOST" | cut -c1-6)" = "tls://" ]; then + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi fi else echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" diff --git a/31/fpm-alpine/entrypoint.sh b/31/fpm-alpine/entrypoint.sh index e3b88f147..09c332415 100755 --- a/31/fpm-alpine/entrypoint.sh +++ b/31/fpm-alpine/entrypoint.sh @@ -131,10 +131,19 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi # check if redis password has been set elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - if [ -n "${REDIS_HOST_USER+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + # check if redis host is using tls + if [ "$(echo "$REDIS_HOST" | cut -c1-6)" = "tls://" ]; then + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi fi else echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" diff --git a/31/fpm/entrypoint.sh b/31/fpm/entrypoint.sh index e3b88f147..09c332415 100755 --- a/31/fpm/entrypoint.sh +++ b/31/fpm/entrypoint.sh @@ -131,10 +131,19 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi # check if redis password has been set elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - if [ -n "${REDIS_HOST_USER+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + # check if redis host is using tls + if [ "$(echo "$REDIS_HOST" | cut -c1-6)" = "tls://" ]; then + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi fi else echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" diff --git a/32/apache/entrypoint.sh b/32/apache/entrypoint.sh index e3b88f147..09c332415 100755 --- a/32/apache/entrypoint.sh +++ b/32/apache/entrypoint.sh @@ -131,10 +131,19 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi # check if redis password has been set elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - if [ -n "${REDIS_HOST_USER+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + # check if redis host is using tls + if [ "$(echo "$REDIS_HOST" | cut -c1-6)" = "tls://" ]; then + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi fi else echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" diff --git a/32/fpm-alpine/entrypoint.sh b/32/fpm-alpine/entrypoint.sh index e3b88f147..09c332415 100755 --- a/32/fpm-alpine/entrypoint.sh +++ b/32/fpm-alpine/entrypoint.sh @@ -131,10 +131,19 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi # check if redis password has been set elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - if [ -n "${REDIS_HOST_USER+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + # check if redis host is using tls + if [ "$(echo "$REDIS_HOST" | cut -c1-6)" = "tls://" ]; then + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi fi else echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\"" diff --git a/32/fpm/entrypoint.sh b/32/fpm/entrypoint.sh index e3b88f147..09c332415 100755 --- a/32/fpm/entrypoint.sh +++ b/32/fpm/entrypoint.sh @@ -131,10 +131,19 @@ if expr "$1" : "apache" 1>/dev/null || [ "$1" = "php-fpm" ] || [ "${NEXTCLOUD_UP fi # check if redis password has been set elif [ -n "${REDIS_HOST_PASSWORD+x}" ]; then - if [ -n "${REDIS_HOST_USER+x}" ]; then - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + # check if redis host is using tls + if [ "$(echo "$REDIS_HOST" | cut -c1-6)" = "tls://" ]; then + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi else - echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + if [ -n "${REDIS_HOST_USER+x}" ]; then + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth[]=${REDIS_HOST_USER}&auth[]=${REDIS_HOST_PASSWORD}\"" + else + echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}?auth=${REDIS_HOST_PASSWORD}\"" + fi fi else echo "session.save_path = \"tcp://${REDIS_HOST}:${REDIS_HOST_PORT:=6379}\""