github-starred/open-webui
2
0
Fork 0
mirror of https://github.com/open-webui/open-webui.git synced 2026-05-07 11:28:35 -05:00
Code Issues 1.3k Packages Projects Releases 126 Wiki Activity

[PR #21328] [CLOSED] feat: Add SSL/TLS support for Redis Sentinel connections #41660

New Issue
Closed
opened 2026-04-25 13:49:10 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-25 13:49:10 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/open-webui/open-webui/pull/21328
Author: @NargiT
Created: 2/12/2026
Status: Closed

Base: devHead: redis-ssl

📝 Commits (1)

  • dca8832 enable ssl option for sentinel

📊 Changes

1 file changed (+38 additions, -16 deletions)

View changed files

📝 backend/open_webui/utils/redis.py (+38 -16)

📄 Description

Pull Request Checklist

Before submitting, make sure you've checked the following:

  • Target branch: Verify that the pull request targets the dev branch. Not targeting the dev branch will lead to immediate closure of the PR.
  • Description: Provide a concise description of the changes made in this pull request down below.
  • Changelog: Ensure a changelog entry following the format of Keep a Changelog is added at the bottom of the PR description.
  • Documentation: If necessary, update relevant documentation Open WebUI Docs like environment variables, the tutorials, or other documentation sources.
  • Dependencies: Are there any new dependencies? Have you updated the dependency versions in the documentation?
  • Testing: Perform manual tests to verify the implemented fix/feature works as intended AND does not break any other functionality. Take this as an opportunity to make screenshots of the feature/fix and include it in the PR description.
  • Agentic AI Code: Confirm this Pull Request is not written by any AI Agent or has at least gone through additional human review AND manual testing. If any AI Agent is the co-author of this PR, it may lead to immediate closure of the PR.
  • Code review: Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards?
  • Title Prefix: To clearly categorize this pull request, prefix the pull request title

Changelog Entry

Description

This pull request adds comprehensive SSL/TLS support for Redis Sentinel connections, enabling secure communication with Redis Sentinel instances. The implementation allows users to configure secure connections using the rediss:// scheme and pass custom SSL parameters (such as certificate paths and verification settings) via query parameters in the connection URL. This is particularly useful for production environments requiring encrypted connections or self-signed certificates.

Related discussion: #21274

Added

  • SSL/TLS support for Redis Sentinel connections via rediss:// URL scheme
  • Query parameter parsing for Redis Sentinel URLs to support custom SSL configuration options (e.g., ssl_cert_reqs, ssl_ca_certs, ssl_certfile, ssl_keyfile)
  • Proper separation of sentinel_kwargs and connection_kwargs to correctly apply SSL settings to both sentinel discovery and master/replica connections

Changed

  • Refactored parse_redis_service_url() function to extract and return query parameters from Redis Sentinel URLs

Deprecated

  • None

Removed

  • None

Fixed

  • Fixed issue where SSL configuration was ignored when using Redis Sentinel

Security

  • Added support for encrypted Redis Sentinel connections using SSL/TLS

Breaking Changes

  • None

Additional Information

This enhancement allows users to configure secure Redis Sentinel connections in production environments. Example connection strings:

rediss://mymaster:6380/0?ssl_cert_reqs=required&ssl_ca_certs=/etc/ssl-custom/certs/bundle.pem

Contributor License Agreement

By submitting this pull request, I confirm that I have read and fully agree to the Contributor License Agreement (CLA), and I am providing my contributions under its terms.

Note

Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in.

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/open-webui/open-webui/pull/21328 **Author:** [@NargiT](https://github.com/NargiT) **Created:** 2/12/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `redis-ssl` --- ### 📝 Commits (1) - [`dca8832`](https://github.com/open-webui/open-webui/commit/dca88326927a2a2dc0d9de6b05dc849fe31345b8) enable ssl option for sentinel ### 📊 Changes **1 file changed** (+38 additions, -16 deletions) <details> <summary>View changed files</summary> 📝 `backend/open_webui/utils/redis.py` (+38 -16) </details> ### 📄 Description # Pull Request Checklist **Before submitting, make sure you've checked the following:** - [x] **Target branch:** Verify that the pull request targets the `dev` branch. **Not targeting the `dev` branch will lead to immediate closure of the PR.** - [x] **Description:** Provide a concise description of the changes made in this pull request down below. - [x] **Changelog:** Ensure a changelog entry following the format of [Keep a Changelog](https://keepachangelog.com/) is added at the bottom of the PR description. - [x] **Documentation:** If necessary, update relevant documentation [Open WebUI Docs](https://github.com/open-webui/docs) like environment variables, the tutorials, or other documentation sources. - [x] **Dependencies:** Are there any new dependencies? Have you updated the dependency versions in the documentation? - [x] **Testing:** Perform manual tests to **verify the implemented fix/feature works as intended AND does not break any other functionality**. Take this as an opportunity to **make screenshots of the feature/fix and include it in the PR description**. - [x] **Agentic AI Code:** Confirm this Pull Request is **not written by any AI Agent** or has at least **gone through additional human review AND manual testing**. If any AI Agent is the co-author of this PR, it may lead to immediate closure of the PR. - [x] **Code review:** Have you performed a self-review of your code, addressing any coding standard issues and ensuring adherence to the project's coding standards? - [x] **Title Prefix:** To clearly categorize this pull request, prefix the pull request title # Changelog Entry ### Description This pull request adds comprehensive SSL/TLS support for Redis Sentinel connections, enabling secure communication with Redis Sentinel instances. The implementation allows users to configure secure connections using the `rediss://` scheme and pass custom SSL parameters (such as certificate paths and verification settings) via query parameters in the connection URL. This is particularly useful for production environments requiring encrypted connections or self-signed certificates. Related discussion: #21274 ### Added - SSL/TLS support for Redis Sentinel connections via `rediss://` URL scheme - Query parameter parsing for Redis Sentinel URLs to support custom SSL configuration options (e.g., `ssl_cert_reqs`, `ssl_ca_certs`, `ssl_certfile`, `ssl_keyfile`) - Proper separation of `sentinel_kwargs` and `connection_kwargs` to correctly apply SSL settings to both sentinel discovery and master/replica connections ### Changed - Refactored `parse_redis_service_url()` function to extract and return query parameters from Redis Sentinel URLs ### Deprecated - None ### Removed - None ### Fixed - Fixed issue where SSL configuration was ignored when using Redis Sentinel ### Security - Added support for encrypted Redis Sentinel connections using SSL/TLS ### Breaking Changes - None --- ### Additional Information This enhancement allows users to configure secure Redis Sentinel connections in production environments. Example connection strings: ```bash rediss://mymaster:6380/0?ssl_cert_reqs=required&ssl_ca_certs=/etc/ssl-custom/certs/bundle.pem ``` ### Contributor License Agreement By submitting this pull request, I confirm that I have read and fully agree to the [Contributor License Agreement (CLA)](https://github.com/open-webui/open-webui/blob/main/CONTRIBUTOR_LICENSE_AGREEMENT), and I am providing my contributions under its terms. > [!NOTE] > Deleting the CLA section will lead to immediate closure of your PR and it will not be merged in. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-25 13:49:10 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
bug
confirmed
confirmed issue
core
documentation
enhancement
good first issue
help wanted
non-core
pull-request
Mirrored from GitHub Pull Request
 python
question
testing wanted
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/open-webui#41660
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?