Redis connection errors — ECONNREFUSED, NOAUTH, TLS
Quick answer: the Redis client could not reach or authenticate to the server. Most often Redis is not running at that host and port, you used localhost from inside Docker (use the service name), the password is missing (NOAUTH), or a managed Redis needs TLS - rediss://, not redis://. Confirm reachability with redis-cli, fix the host, and supply auth or TLS.
What the errors look like
The three you will see most, each pointing at a different cause:
Error: connect ECONNREFUSED 127.0.0.1:6379 # not reachable
ReplyError: NOAUTH Authentication required. # password missing
Error: Connection is closed. # TLS/scheme or dropped linkECONNREFUSED means nothing is listening there; NOAUTH means it is reachable but you did not authenticate; a closed connection to a managed host usually means you used redis:// where rediss:// (TLS) was required.
Why it happens
Redis not running / wrong host
No redis-server at that host and port, or the URL points somewhere wrong.
localhost inside Docker
localhost in a container is the container itself - use the Compose service name as the host.
NOAUTH - password missing
Redis has requirepass set but the client did not send a password.
Managed Redis needs TLS
Upstash and similar require rediss:// (TLS), not redis://.
Diagnose it in three steps
Is Redis reachable?
redis-cli -h 127.0.0.1 -p 6379 ping # expect: PONGDoes it need a password?
redis-cli -h host -a "$REDIS_PASSWORD" ping
# NOAUTH without -a means requirepass is set - supply the password.Managed host? check the scheme and TLS
# Upstash and friends need TLS:
REDIS_URL=rediss://default:PASSWORD@host:6379 # note: rediss (two s)Reach it, authenticate, use the right scheme
Make Redis reachable from the app - the right host (a service name in Docker), the password supplied, and TLS for a managed endpoint. Then add a retry strategy so a brief blip does not crash the app.
# Docker - point at the service, not localhost
REDIS_URL=redis://redis:6379
# Managed (TLS) - rediss:// and the password
REDIS_URL=rediss://default:PASSWORD@host:6379
// ioredis - URL plus a sane retry strategy
const Redis = require('ioredis');
const redis = new Redis(process.env.REDIS_URL, {
retryStrategy: (times) => Math.min(times * 200, 2000),
});If the app starts before Redis is ready, the retry strategy reconnects; for a hard dependency, order startup so Redis is reachable before the app accepts traffic.
Order startup, health-check the cache
An app that connects to Redis before it is reachable is a startup-ordering problem. On your own servers, Infraveil health-checks dependencies and coordinates how services start, so the app does not go live before Redis is reachable - and connection failures surface with context, with recovery approval-gated and recorded.
Frequently asked questions
Why connect ECONNREFUSED 127.0.0.1:6379?
Nothing is listening there: Redis is not running locally, or inside Docker you used localhost, which is the app container itself. Use the Compose service name as the host, e.g. redis://redis:6379.
What does NOAUTH Authentication required mean?
Redis has requirepass set but your client did not send a password. Provide it in the URL (redis://default:PASSWORD@host:6379) or client config; include a username if you use Redis 6+ ACL users.
Why does my managed Redis refuse to connect?
Managed Redis usually requires TLS. Use the rediss:// scheme (two s characters), not redis://, and supply the password. Plain redis:// to a TLS-only endpoint fails or hangs.
How do I connect to Redis from Docker?
Use the Compose service name as the host - redis://redis:6379 - not localhost, which inside a container points at the container itself rather than Redis.
Client-side, no signup — they run in your browser.