fix(PIX-154): add TLS for Upstash Redis connections in worker and queue#1
fix(PIX-154): add TLS for Upstash Redis connections in worker and queue#1apsisvictor-sys wants to merge 2 commits intomainfrom
Conversation
Upstash Redis requires TLS connections (rediss:// scheme). Added tls: {}
to BullMQ worker connectionOptions to fix ECONNRESET errors on Railway.
Co-Authored-By: Paperclip <[email protected]>
Added tls: {} to all IORedis and BullMQ Queue connection options.
Upstash requires TLS; without it all connections get ECONNRESET.
Fixes worker, queue producer, and health check paths.
Co-Authored-By: Paperclip <[email protected]>
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
|
🚅 Deployed to the neuroforge-pr-1 environment in neuroforge
1 service not affected by this PR
|
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 6acdc5be49
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| host, | ||
| port, | ||
| password, | ||
| tls: {}, |
There was a problem hiding this comment.
This change forces tls: {} on all Redis connections (getOrCreateRedisConnection, BullMQ queue connection, createRedisClient, and worker connection options), which turns every connection into TLS-only. The repository still includes a default deploy path that wires REDIS_HOST/REDIS_PORT from Railway RAILWAY_TCP_PROXY_* values (scripts/deploy/railway-provision-and-deploy.sh), so environments that are still plain TCP will regress from working to handshake failures, breaking queue enqueue/worker startup. Gate TLS with an explicit setting (or URL scheme) instead of hardcoding it for all Redis backends.
Useful? React with 👍 / 👎.
1 participant
Problem
The
neuroforge-workerRailway service was showing continuousECONNRESETerrors. Root cause:IORedisand BullMQ connections were configured with plain TCP (host/port/password) but Upstash Redis only accepts TLS connections (rediss://scheme).Fix
Added
tls: {}to allIORedisand BullMQQueueconnection option objects in:src/infrastructure/jobs/worker.ts— BullMQ Worker connectionOptionssrc/infrastructure/jobs/redis-job-queue.ts—getOrCreateRedisConnection(),Queueinline options,createRedisClient()This fixes the ECONNRESET loop and allows the worker to connect to Upstash Redis over TLS.
Verified
redis-health.tsusescreateRedisClient()— also fixed transitivelyRailway project: Neuroforge — service:
neuroforge-workerPaperclip task: PIX-154