fix: Incorrect REDIS ssl variable used for Celery causing Celery unable to start (#29605)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: autofix-ci[bot] <114827586+autofix-ci[bot]@users.noreply.github.com>
Co-authored-by: crazywoola <100913391+crazywoola@users.noreply.github.com>

api/extensions/ext_celery.py

@@ -12,9 +12,8 @@ from dify_app import DifyApp
 
 def _get_celery_ssl_options() -> dict[str, Any] | None:
     """Get SSL configuration for Celery broker/backend connections."""
-    # Use REDIS_USE_SSL for consistency with the main Redis client
     # Only apply SSL if we're using Redis as broker/backend
-    if not dify_config.REDIS_USE_SSL:
+    if not dify_config.BROKER_USE_SSL:
         return None
 
     # Check if Celery is actually using Redis

api/schedule/queue_monitor_task.py

@@ -16,6 +16,11 @@ celery_redis = Redis(
     port=redis_config.get("port") or 6379,
     password=redis_config.get("password") or None,
     db=int(redis_config.get("virtual_host")) if redis_config.get("virtual_host") else 1,
+    ssl=bool(dify_config.BROKER_USE_SSL),
+    ssl_ca_certs=dify_config.REDIS_SSL_CA_CERTS if dify_config.BROKER_USE_SSL else None,
+    ssl_cert_reqs=getattr(dify_config, "REDIS_SSL_CERT_REQS", None) if dify_config.BROKER_USE_SSL else None,
+    ssl_certfile=getattr(dify_config, "REDIS_SSL_CERTFILE", None) if dify_config.BROKER_USE_SSL else None,
+    ssl_keyfile=getattr(dify_config, "REDIS_SSL_KEYFILE", None) if dify_config.BROKER_USE_SSL else None,
 )
 
 logger = logging.getLogger(__name__)

api/tests/unit_tests/extensions/test_celery_ssl.py

@@ -8,11 +8,12 @@ class TestCelerySSLConfiguration:
     """Test suite for Celery SSL configuration."""
 
     def test_get_celery_ssl_options_when_ssl_disabled(self):
-        """Test SSL options when REDIS_USE_SSL is False."""
-        mock_config = MagicMock()
-        mock_config.REDIS_USE_SSL = False
+        """Test SSL options when BROKER_USE_SSL is False."""
+        from configs import DifyConfig
 
-        with patch("extensions.ext_celery.dify_config", mock_config):
+        dify_config = DifyConfig(CELERY_BROKER_URL="redis://localhost:6379/0")
+
+        with patch("extensions.ext_celery.dify_config", dify_config):
             from extensions.ext_celery import _get_celery_ssl_options
 
             result = _get_celery_ssl_options()
@@ -21,7 +22,6 @@ class TestCelerySSLConfiguration:
     def test_get_celery_ssl_options_when_broker_not_redis(self):
         """Test SSL options when broker is not Redis."""
         mock_config = MagicMock()
-        mock_config.REDIS_USE_SSL = True
         mock_config.CELERY_BROKER_URL = "amqp://localhost:5672"
 
         with patch("extensions.ext_celery.dify_config", mock_config):
@@ -33,7 +33,6 @@ class TestCelerySSLConfiguration:
     def test_get_celery_ssl_options_with_cert_none(self):
         """Test SSL options with CERT_NONE requirement."""
         mock_config = MagicMock()
-        mock_config.REDIS_USE_SSL = True
         mock_config.CELERY_BROKER_URL = "redis://localhost:6379/0"
         mock_config.REDIS_SSL_CERT_REQS = "CERT_NONE"
         mock_config.REDIS_SSL_CA_CERTS = None
@@ -53,7 +52,6 @@ class TestCelerySSLConfiguration:
     def test_get_celery_ssl_options_with_cert_required(self):
         """Test SSL options with CERT_REQUIRED and certificates."""
         mock_config = MagicMock()
-        mock_config.REDIS_USE_SSL = True
         mock_config.CELERY_BROKER_URL = "rediss://localhost:6380/0"
         mock_config.REDIS_SSL_CERT_REQS = "CERT_REQUIRED"
         mock_config.REDIS_SSL_CA_CERTS = "/path/to/ca.crt"
@@ -73,7 +71,6 @@ class TestCelerySSLConfiguration:
     def test_get_celery_ssl_options_with_cert_optional(self):
         """Test SSL options with CERT_OPTIONAL requirement."""
         mock_config = MagicMock()
-        mock_config.REDIS_USE_SSL = True
         mock_config.CELERY_BROKER_URL = "redis://localhost:6379/0"
         mock_config.REDIS_SSL_CERT_REQS = "CERT_OPTIONAL"
         mock_config.REDIS_SSL_CA_CERTS = "/path/to/ca.crt"
@@ -91,7 +88,6 @@ class TestCelerySSLConfiguration:
     def test_get_celery_ssl_options_with_invalid_cert_reqs(self):
         """Test SSL options with invalid cert requirement defaults to CERT_NONE."""
         mock_config = MagicMock()
-        mock_config.REDIS_USE_SSL = True
         mock_config.CELERY_BROKER_URL = "redis://localhost:6379/0"
         mock_config.REDIS_SSL_CERT_REQS = "INVALID_VALUE"
         mock_config.REDIS_SSL_CA_CERTS = None
@@ -108,7 +104,6 @@ class TestCelerySSLConfiguration:
     def test_celery_init_applies_ssl_to_broker_and_backend(self):
         """Test that SSL options are applied to both broker and backend when using Redis."""
         mock_config = MagicMock()
-        mock_config.REDIS_USE_SSL = True
         mock_config.CELERY_BROKER_URL = "redis://localhost:6379/0"
         mock_config.CELERY_BACKEND = "redis"
         mock_config.CELERY_RESULT_BACKEND = "redis://localhost:6379/0"