node-redis icon indicating copy to clipboard operation
node-redis copied to clipboard
verified publisher icon redis

Lack of SOCKS or HTTP proxy support

Open emeraldsanto opened this issue 3 years ago • 2 comments

I've been experimenting with using Tailscale to securely access a Redis instance in another AWS VPC from an AWS Lambda without exposing it to the public internet.

In theory, we need two pieces for this work

  1. A public AWS EC2 instance which runs the Tailscale tunnel to securely expose the private subnet where the Redis cluster is.
  2. An AWS Lambda function running Tailscale in userspace networking mode since regular VPN connections through /dev/net/tun are not possible. Instead, Tailscale creates a SOCKS5 (or HTTP) proxy on localhost:1055.

I've been able to make all of this work and the Redis instance is accessible from my desktop running the Tailscale client. However, when trying the same in the AWS Lambda, I was not able to make Redis aware of the proxy.

Some other tools like MongoDB and PostgreSQL do support this sort of configuration.

Environment:

  • Node.js Version: 14
  • Redis Server Version: 6.2
  • Node Redis Version: @redis/client 1.1.0
  • Platform: Ubuntu 20.04.3

emeraldsanto avatar Jun 06 '22 22:06 emeraldsanto

Actually, I've dug into the code a bit more and it seems like createClient accepts a socket option which could be created by something like https://github.com/JoshGlazebrook/socks. However, this library opens the socket and performs the SOCKS handshake before createClient receives it which causes issues when createClient tries to call connect on the socket again 😞

emeraldsanto avatar Jun 18 '22 02:06 emeraldsanto

@emeraldsanto would it work on using command: 'bind' instead? (https://github.com/JoshGlazebrook/socks#bind-example-tcp-relay)

siddharthvp avatar Oct 09 '23 07:10 siddharthvp